// Determine key size based on cipher ID for AES-256 support
        int keyLength = getKeyLength();
        String transformation;

        // Select appropriate AES algorithm based on key length
        if (keyLength == 32) {
            // AES-256 support
            transformation = "AES/GCM/NoPadding";
        } else if (keyLength == 16) {
            // AES-128 (existing)

    /**
     * Processes access control entries (ACEs) for the given SMB1 file and adds them to the response data.
     *
     * @param responseData the response data to update
     * @param file the SMB1 file to process
     */
    protected void processAccessControlEntries(final ResponseData responseData, final SmbFile file) {
        try {
            final ACE[] aces = file.getSecurity(resolveSids);
            if (aces != null) {

        prepareSecurityDescriptorBufferWithDACL(testBuffer, 0, 3);

        securityDescriptor.decode(testBuffer, 0, testBuffer.length);

        ACE[] aces = securityDescriptor.getAces();
        assertNotNull(aces);
        assertEquals(3, aces.length);
        for (ACE ace : aces) {
            assertNotNull(ace);
        }
    }

    @Test
    @DisplayName("Test getOwnerUserSid returns correct SID")

    }

    /**
     * Processes access control entries (ACEs) for the given SMB file and adds them to the response data.
     *
     * @param responseData the response data to update
     * @param file the SMB file to process
     */
    protected void processAccessControlEntries(final ResponseData responseData, final SmbFile file) {
        try {
            final ACE[] aces = file.getSecurity(resolveSids);
            if (aces != null) {

            assertNotNull(security1, "Security ACEs should not be null");
            assertNotNull(security2, "Security ACEs with resolve should not be null");
            assertNotNull(shareSecurity, "Share security ACEs should not be null");
            assertEquals(1, security1.length, "Should return expected number of ACEs");
            assertEquals(1, security2.length, "Should return expected number of ACEs");

/**
 * Secure credential storage with encryption at rest.
 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks

 *
 * // Decrypt text
 * String decrypted = cipher.decryptText(encrypted);
 *
 * // For AES encryption
 * CachedCipher aesCipher = new CachedCipher();
 * aesCipher.setAlgorithm("AES");
 * aesCipher.setTransformation("AES");
 * aesCipher.setKey("0123456789abcdef"); // 16-byte key for AES-128
 * </pre>
 *
 * @author higa
 */
public class CachedCipher {

    /**

        assertNull(result);
    }

    @Test
    void testGetSecurityWithDACL() throws Exception {
        // Setup ShareInfo502 with a security descriptor containing a DACL with no ACEs
        srvsvc.ShareInfo502 info502 = new srvsvc.ShareInfo502();

        // Create a security descriptor with DACL at offset 20
        byte[] securityDescriptorBytes = new byte[28];

    }

    @Test
    @DisplayName("Should support AES-256 cipher constants")
    void testAES256CipherConstants() {
        // Verify AES-256 constants are defined
        assertEquals(0x0003, Smb2EncryptionContext.CIPHER_AES_256_CCM, "AES-256-CCM constant should be defined");
        assertEquals(0x0004, Smb2EncryptionContext.CIPHER_AES_256_GCM, "AES-256-GCM constant should be defined");

        }

        @Test
        @DisplayName("createEncryptionContext selects AES-CCM for SMB 3.0 and AES-GCM for SMB 3.1.1")
        void createEncryptionContext_happyDialects() throws Exception {
            byte[] sessionKey = new byte[16];
            byte[] preauth = new byte[16];

            // SMB 3.0 -> AES-128-CCM
            setField(transport, "smb2", true);