DECODING_STREAM {
      @Override
      void assertFailsToDecode(
          BaseEncoding encoding, String cannotDecode, @Nullable String expectedMessage) {
        // Regression test for case where DecodingException was swallowed by default implementation
        // of
        // InputStream.read(byte[], int, int)
        // See https://github.com/google/guava/issues/3542
        Reader reader = new StringReader(cannotDecode);

    DECODING_STREAM {
      @Override
      void assertFailsToDecode(
          BaseEncoding encoding, String cannotDecode, @Nullable String expectedMessage) {
        // Regression test for case where DecodingException was swallowed by default implementation
        // of
        // InputStream.read(byte[], int, int)
        // See https://github.com/google/guava/issues/3542
        Reader reader = new StringReader(cannotDecode);

		byPassSet = globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.BypassGovernanceRetentionAction,
			BucketName:      bucketName,
			ObjectName:      objectName,
			ConditionValues: conditions,
			IsOwner:         owner,
			Claims:          cred.Claims,
		})
	}
	if globalIAMSys.IsAllowed(policy.Args{

	// If listing is requested for a specific user (who is not the request
	// sender), check that the user has permissions.
	if userDN != "" && userDN != cred.ParentUser {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,
			Action:          policy.ListServiceAccountsAdminAction,
			ConditionValues: getConditionValues(r, "", cred),

// checkKMSActionAllowed checks for authorization for a specific action on a resource.
func checkKMSActionAllowed(r *http.Request, owner bool, cred auth.Credentials, action policy.KMSAction, resource string) bool {
	return globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,
		Groups:          cred.Groups,
		Action:          policy.Action(action),
		ConditionValues: getConditionValues(r, "", cred),
		IsOwner:         owner,

            assertTrue(e.getMessage().contains("not allowed"));
        }

        // Should allow other paths
        String allowed = validator.validatePath("\\share\\allowed\\file.txt");
        assertEquals("\\share\\allowed\\file.txt", allowed);
    }

    @Test
    public void testWhitelist() throws Exception {
        validator.addToWhitelist("\\share\\allowed");

        // Should allow whitelisted path

        // Normal authentication should be allowed
        assertTrue(rateLimiter.checkAttempt("user1", "192.168.1.1"), "First attempt should be allowed");

        // Record success
        rateLimiter.recordSuccess("user1", "192.168.1.1");

        // Should still be allowed
        assertTrue(rateLimiter.checkAttempt("user1", "192.168.1.1"), "After success should be allowed");
    }

    @Test

        // Default constructor
    }

    /**
     * Checks if access to a given path is allowed for a specific user agent according to robots.txt rules.
     *
     * @param path The path to check for access permission
     * @param userAgent The user agent string to check against robots.txt directives
     * @return true if access is allowed, false if access is disallowed by robots.txt rules.

        validator.validatePath("\\share\\folder\\file.txt");
        validator.validatePath("C:\\Windows\\System32");
        validator.validatePath(null); // Null should be allowed
        validator.validatePath(""); // Empty should be allowed
    }

    @Test
    public void testPathTooLong() throws Exception {
        String longPath = "\\share" + "\\folder".repeat(5000);
        assertThrows(SmbException.class, () -> {

     * @param maxLength maximum allowed length
     * @param fieldName field name for error messages
     * @throws SmbException if string is invalid
     */
    public void validateString(String str, int maxLength, String fieldName) throws SmbException {
        totalValidations.incrementAndGet();

        if (str == null) {
            return; // Null strings are allowed
        }