protected String transformation = BLOWFISH;

    /**
     * The key to use for encryption/decryption.
     */
    protected String key;

    /**
     * The character set name to use for encoding/decoding strings.
     */
    protected String charsetName = CoreLibConstants.UTF_8;

    /**
     * The queue of ciphers for encryption.
     */
    protected Queue<Cipher> encryptoQueue = new ConcurrentLinkedQueue<>();

    /**
     * AES-128-CCM cipher identifier for SMB3 encryption
     */
    public static final int CIPHER_AES_128_CCM = EncryptionNegotiateContext.CIPHER_AES128_CCM;
    /**
     * AES-128-GCM cipher identifier for SMB3.1.1 encryption
     */
    public static final int CIPHER_AES_128_GCM = EncryptionNegotiateContext.CIPHER_AES128_GCM;
    /**
     * AES-256-CCM cipher identifier for SMB3 encryption (future support)
     */

                // Log but don't fail - concurrent encryption/decryption with same context is complex
                System.out.println("Sample decryption failed (acceptable for concurrent test): " + e.getMessage());
            }
        }

        // Cleanup
        context.close();
    }

    @Test
    @DisplayName("Should handle AES-CCM encryption correctly")
    void testAESCCMEncryption() throws Exception {

        // Then
        assertNotNull(encKey, "Encryption key should not be null");
        assertEquals(16, encKey.length, "Encryption key should be 16 bytes");
        assertFalse(Arrays.equals(sessionKey, encKey), "Encryption key should be different from session key");
    }

    @Test
    @DisplayName("Should derive different encryption keys for different dialects")

    @CsvSource({ "true, true, SMB311, 2", // DFS + Encryption
            "false, true, SMB311, 1", // Encryption only
            "true, false, SMB311, 1", // DFS only
            "false, false, SMB311, 0", // Neither
            "true, true, SMB210, 1", // DFS only (no encryption for SMB2)
            "false, true, SMB210, 0" // Neither (no encryption for SMB2)
    })

import javax.security.auth.Destroyable;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Secure credential storage with encryption at rest.
 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password

            EncryptionNegotiateContext encryption = new EncryptionNegotiateContext();

            assertNotEquals(preauth.getContextType(), encryption.getContextType());
            assertEquals(0x1, preauth.getContextType());
            assertEquals(0x2, encryption.getContextType());
        }

        @Test

    /**
     * Decrypts Kerberos encrypted data using the specified key.
     *
     * @param data the encrypted data to decrypt
     * @param key the decryption key
     * @param type the encryption type
     * @return the decrypted data
     * @throws GeneralSecurityException if decryption fails
     */
    public static byte[] decrypt(byte[] data, Key key, int type) throws GeneralSecurityException {
        Cipher cipher = null;

        assertFalse(session.isConnected());
        assertTrue(session.isFailed());
    }

    @Test
    @DisplayName("encryption: flags, encryption, and decryption delegation")
    void testEncryptionDelegation() throws Exception {
        SmbSessionImpl session = newSession();

        // No encryption context -> throws
        CIFSException notEnabled = assertThrows(CIFSException.class, () -> session.encryptMessage(new byte[] { 1 }));

    /**
     * Sets the DES encryption key
     * @param key the 8-byte DES key
     */
    public void setKey(final byte[] key) {

        // CHECK PAROTY TBD
        deskey(key, true, encryptKeys);
        deskey(key, false, decryptKeys);
    }

    // Turn an 8-byte key into internal keys.
    private void deskey(final byte[] keyBlock, final boolean encrypting, final int[] KnL) {