/**
     * Enable or disable sensitive data masking
     *
     * @param enable true to enable masking
     */
    public void setSensitiveDataMaskingEnabled(boolean enable) {
        this.maskSensitiveData = enable;
        log.info("Sensitive data masking {}", enable ? "enabled" : "disabled");
    }

    /**
     * Enable or disable high performance mode for sensitive data masking
     *

    server.enqueue(
      MockResponse
        .Builder()
        .addHeader("SeNsItIvE", "Value")
        .addHeader("Not-Sensitive", "Value")
        .build(),
    )
    val response =
      client
        .newCall(
          request()
            .addHeader("SeNsItIvE", "Value")
            .addHeader("Not-Sensitive", "Value")
            .build(),
        ).execute()
    response.body.close()

        auth.secureWipePassword();
        assertNull(auth.getPassword());
    }

    /**
     * Test that closed authenticator prevents all sensitive operations
     */
    @Test
    @DisplayName("Test closed authenticator blocks all sensitive operations")
    public void testClosedAuthenticatorBlocking() throws Exception {

/**
 * Secure credential storage with encryption at rest.
 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */

  /**
   * Returns header names and values. The names and values are separated by `: ` and each pair is
   * followed by a newline character `\n`.
   *
   * Since OkHttp 5 this redacts these sensitive headers:
   *
   *  * `Authorization`
   *  * `Cookie`
   *  * `Proxy-Authorization`
   *  * `Set-Cookie`
   */
  override fun toString(): String = commonToString()

            }
        }

        public boolean isValid() {
            return isValid;
        }

        public void invalidate() {
            this.isValid = false;
            // Clear sensitive data
            synchronized (hashLock) {
                Arrays.fill(currentHash, (byte) 0);
            }
        }
    }

    /**

        dynamicTable[index] = entry
        headerCount++
        dynamicTableByteCount += delta
      }

      /**
       * This does not use "never indexed" semantics for sensitive headers.
       *
       * http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-12#section-6.2.3
       */
      @Throws(IOException::class)
      fun writeHeaders(headerBlock: List<Header>) {

        assertNotNull(decrypted, "Decrypted data should not be null");
        assertArrayEquals(plaintext, decrypted, "Decrypted should match original");

        // Clean up sensitive data
        Arrays.fill(plaintext, '\0');
        Arrays.fill(decrypted, '\0');
    }

    @Test
    public void testEncryptDecryptEmpty() throws Exception {
        char[] plaintext = new char[0];

 *  Breaking: Move `gzip` from `RequestBody` to `Request.Builder`. This new API handles both
    compressing the request body and also adding the corresponding `Content-Encoding` header. Note
    that this function is sensitive to when it is called: the response body must be supplied before
    it can be compressed.

 *  Breaking: Remove `AddressPolicy`, `AsyncDns`, and `ConnectionListener` from the public API. We

   * is sent unencrypted to the proxy server, so tunnels include only the minimum set of headers.
   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *
   * In order to support preemptive authentication we pass a fake "Auth Failed" response to the