}

    /**
     * Test integer overflow protection in security buffer offset calculation.
     */
    @Test
    public void testSecurityBufferIntegerOverflow() {
        byte[] buffer = createBasicNegotiateResponseBuffer();

        // Set security buffer offset close to Integer.MAX_VALUE to test overflow protection

            try {
                KeyStore.SecretKeyEntry keyEntry = new KeyStore.SecretKeyEntry(secretKey);
                KeyStore.ProtectionParameter protection = new KeyStore.PasswordProtection(keyStorePassword);
                keyStore.setEntry("smb.session." + sessionId, keyEntry, protection);
            } catch (Exception e) {
                log.warn("Failed to store key in KeyStore: {}", e.getMessage());
            }
        }

            retryCount++;
            log.info("Attempting RDMA connection recovery (attempt {} of {})", retryCount, maxRetries);

            try {
                // Exponential backoff with overflow protection - ensure safe calculation
                if (retryDelayMs > 0) {
                    // Safe calculation preventing overflow: use Math.max(0, retryCount - 1) and limit shift

    "Vary": "Origin,Accept-Encoding",
    "X-Amz-Id-2": "dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8",
    "X-Amz-Request-Id": "17CDC1F4D7E69123",
    "X-Content-Type-Options": "nosniff",
    "X-Xss-Protection": "1; mode=block"
  },
  "tags": {
    "objectLocation": {
      "name": "hosts",
      "poolId": 1,
      "setId": 1,
      "drives": [
        "/mnt/data1",
        "/mnt/data2",

     */
    protected int max_recv = max_xmit;
    /**
     * The current state of the DCERPC connection
     */
    protected int state = 0;
    /**
     * The security provider for authentication and message protection
     */
    protected DcerpcSecurityProvider securityProvider = null;
    private static int call_id = 1;

    /**
     * Gets a DCERPC handle for the specified URL and authentication

                dynamicThresholdEnabled, backpressureEnabled);
    }

    /**
     * Execute an operation with circuit breaker protection
     *
     * @param <T> return type
     * @param operation the operation to execute
     * @return operation result
     * @throws CIFSException if circuit is open or operation fails
     */

 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */
public class SecureCredentialStorage implements AutoCloseable, Destroyable {

    private static final Logger log = LoggerFactory.getLogger(SecureCredentialStorage.class);

	// Programmed errors: API call number => error to return
	errors map[int]error
	// The error to return when no error value is programmed
	defaultErr error
	// The current API call number
	callNR int
	// Data protection
	mu sync.Mutex
}

func newNaughtyDisk(d StorageAPI, errs map[int]error, defaultErr error) *naughtyDisk {
	return &naughtyDisk{disk: d, errors: errs, defaultErr: defaultErr}
}

import jcifs.CIFSException;
import jcifs.internal.smb2.nego.PreauthIntegrityNegotiateContext;

/**
 * Enhanced Pre-Authentication Integrity Service for SMB 3.1.1.
 *
 * Provides comprehensive pre-authentication integrity protection against
 * downgrade attacks by maintaining cryptographic hash chains of all
 * negotiation and session setup messages.
 */
public class PreauthIntegrityService {

        int written = request.writeBytesWireFormat(buffer, 0);

        assertEquals(24, written);
        assertEquals(24, SMBUtil.readInt2(buffer, 0));
    }

    @Test
    @DisplayName("Test buffer overflow protection")
    void testBufferOverflowProtection() {
        byte[] smallBuffer = new byte[23]; // One byte too small

        // Should throw ArrayIndexOutOfBoundsException