}

    /**
     * Test integer overflow protection in security buffer offset calculation.
     */
    @Test
    public void testSecurityBufferIntegerOverflow() {
        byte[] buffer = createBasicNegotiateResponseBuffer();

        // Set security buffer offset close to Integer.MAX_VALUE to test overflow protection

            try {
                KeyStore.SecretKeyEntry keyEntry = new KeyStore.SecretKeyEntry(secretKey);
                KeyStore.ProtectionParameter protection = new KeyStore.PasswordProtection(keyStorePassword);
                keyStore.setEntry("smb.session." + sessionId, keyEntry, protection);
            } catch (Exception e) {
                log.warn("Failed to store key in KeyStore: {}", e.getMessage());
            }
        }

            retryCount++;
            log.info("Attempting RDMA connection recovery (attempt {} of {})", retryCount, maxRetries);

            try {
                // Exponential backoff with overflow protection - ensure safe calculation
                if (retryDelayMs > 0) {
                    // Safe calculation preventing overflow: use Math.max(0, retryCount - 1) and limit shift

errors.failed_to_upload_kuromoji_file = Échec du téléversement d'un fichier Kuromoji.
errors.failed_to_download_protwords_file = Échec du téléchargement d'un fichier de mots de protection.
errors.failed_to_upload_protwords_file = Échec du téléversement d'un fichier de mots de protection.
errors.failed_to_download_stopwords_file = Échec du téléchargement d'un fichier de mots vides.

import jcifs.CIFSException;
import jcifs.internal.smb2.nego.PreauthIntegrityNegotiateContext;

/**
 * Enhanced Pre-Authentication Integrity Service for SMB 3.1.1.
 *
 * Provides comprehensive pre-authentication integrity protection against
 * downgrade attacks by maintaining cryptographic hash chains of all
 * negotiation and session setup messages.
 */
public class PreauthIntegrityService {

                dynamicThresholdEnabled, backpressureEnabled);
    }

    /**
     * Execute an operation with circuit breaker protection
     *
     * @param <T> return type
     * @param operation the operation to execute
     * @return operation result
     * @throws CIFSException if circuit is open or operation fails
     */

 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */
public class SecureCredentialStorage implements AutoCloseable, Destroyable {

    private static final Logger log = LoggerFactory.getLogger(SecureCredentialStorage.class);

                .orElse(false);
    }

    /**
     * Masks email addresses in the input string for privacy protection.
     *
     * @param value the string that may contain email addresses
     * @return string with email addresses replaced by masked pattern
     */
    public static String maskEmail(final String value) {

     */
    protected int max_recv = max_xmit;
    /**
     * The current state of the DCERPC connection
     */
    protected int state = 0;
    /**
     * The security provider for authentication and message protection
     */
    protected DcerpcSecurityProvider securityProvider = null;
    private static int call_id = 1;

    /**
     * Gets a DCERPC handle for the specified URL and authentication

        int written = request.writeBytesWireFormat(buffer, 0);

        assertEquals(24, written);
        assertEquals(24, SMBUtil.readInt2(buffer, 0));
    }

    @Test
    @DisplayName("Test buffer overflow protection")
    void testBufferOverflowProtection() {
        byte[] smallBuffer = new byte[23]; // One byte too small

        // Should throw ArrayIndexOutOfBoundsException