if (index == threadCount - 1) {
                        // Last thread wipes password
                        auth.secureWipePassword();
                    } else {
                        // Other threads try to read password
                        String pwd = auth.getPassword();
                        // Password might be null if already wiped
                        assertTrue(pwd == null || pwd.equals("ConcurrentPass123!"));

        if (this.closed) {
            throw new IllegalStateException("SigningDigest is closed");
        }
        if (this.signingKey == null) {
            throw new IllegalStateException("Signing key has been wiped");
        }
        Mac m;
        if (this.provider != null) {
            m = Mac.getInstance(this.algorithmName, this.provider);
        } else {
            m = Mac.getInstance(this.algorithmName);

        // When
        context.secureWipeKeys();

        // Then - keys should be wiped (we can't directly access them, but method should complete)
        assertDoesNotThrow(() -> context.secureWipeKeys(), "Should handle multiple wipe calls");
    }

    @Test
    @DisplayName("Should detect when key rotation is needed based on bytes encrypted")

            }
        }
        assertTrue(hasNonZero, "Data should have non-zero bytes");

        SecureKeyManager.secureWipe(data);

        // Verify data is wiped
        for (byte b : data) {
            assertEquals(0, b, "All bytes should be zero after wipe");
        }
    }

    @Test
    public void testSecureWipeNull() {
        // Should not throw
        SecureKeyManager.secureWipe(null);
    }

    }

    /**
     * Remove and securely wipe a session key
     *
     * @param sessionId unique session identifier
     */
    public void removeSessionKey(String sessionId) {
        checkNotClosed();

        // Remove from memory maps
        SecretKey secretKey = sessionKeys.remove(sessionId);
        byte[] rawKey = rawKeys.remove(sessionId);

        // Wipe the raw key bytes
        if (rawKey != null) {

    /**
     * Close the encryption context and securely wipe keys
     */
    @Override
    public void close() {
        if (closed) {
            return;
        }

        try {
            secureWipeKeys();

            // Clear session ID
            sessionId = null;

            log.debug("Encryption context closed and keys wiped");
        } finally {
            closed = true;

            sessionId = null;

            auditLogger.logEvent(EventType.SESSION_DESTROYED, Severity.INFO, "Authenticator closed and credentials wiped",
                    Map.of("username", username != null ? username : "unknown"));
        } finally {
            // Wipe client challenge - guaranteed by try-finally
            if (clientChallenge != null) {
                SecureKeyManager.secureWipe(clientChallenge);

                digest.sign(newData, 0, newData.length, request, response);
            }, "Should throw exception after key is wiped");
        }

        @Test
        @DisplayName("Should wipe key on close")
        void testCloseWipesKey() throws Exception {
            byte[] sessionKey = new byte[16];
            Arrays.fill(sessionKey, (byte) 0xBB);

            System.arraycopy(ciphertext, 0, result, GCM_IV_SIZE, ciphertext.length);

            return result;

        } finally {
            // Securely wipe plaintext bytes - guaranteed by try-finally
            if (plaintextBytes != null) {
                SecureKeyManager.secureWipe(plaintextBytes);
            }
        }
    }

        } else {
            char[] passwordChars = this.auth.getPasswordAsCharArray();
            if (passwordChars != null) {
                passwordString = new String(passwordChars);
                // Securely wipe the char array immediately after use
                java.util.Arrays.fill(passwordChars, '\0');
            }
        }

        return new Type3Message(this.transportContext, msg2, this.targetName, passwordString,