if (this.closed) {
            throw new IllegalStateException("SigningDigest is closed");
        }
        if (this.signingKey == null) {
            throw new IllegalStateException("Signing key has been wiped");
        }
        Mac m;
        if (this.provider != null) {
            m = Mac.getInstance(this.algorithmName, this.provider);
        } else {
            m = Mac.getInstance(this.algorithmName);

        // When
        context.secureWipeKeys();

        // Then - keys should be wiped (we can't directly access them, but method should complete)
        assertDoesNotThrow(() -> context.secureWipeKeys(), "Should handle multiple wipe calls");
    }

    @Test
    @DisplayName("Should detect when key rotation is needed based on bytes encrypted")

            }
        }
        assertTrue(hasNonZero, "Data should have non-zero bytes");

        SecureKeyManager.secureWipe(data);

        // Verify data is wiped
        for (byte b : data) {
            assertEquals(0, b, "All bytes should be zero after wipe");
        }
    }

    @Test
    public void testSecureWipeNull() {
        // Should not throw
        SecureKeyManager.secureWipe(null);
    }

    }

    /**
     * Remove and securely wipe a session key
     *
     * @param sessionId unique session identifier
     */
    public void removeSessionKey(String sessionId) {
        checkNotClosed();

        // Remove from memory maps
        SecretKey secretKey = sessionKeys.remove(sessionId);
        byte[] rawKey = rawKeys.remove(sessionId);

        // Wipe the raw key bytes
        if (rawKey != null) {

            sessionId = null;

            auditLogger.logEvent(EventType.SESSION_DESTROYED, Severity.INFO, "Authenticator closed and credentials wiped",
                    Map.of("username", username != null ? username : "unknown"));
        } finally {
            // Wipe client challenge - guaranteed by try-finally
            if (clientChallenge != null) {
                SecureKeyManager.secureWipe(clientChallenge);

    /**
     * Close the encryption context and securely wipe keys
     */
    @Override
    public void close() {
        if (closed) {
            return;
        }

        try {
            secureWipeKeys();

            // Clear session ID
            sessionId = null;

            log.debug("Encryption context closed and keys wiped");
        } finally {
            closed = true;

                digest.sign(newData, 0, newData.length, request, response);
            }, "Should throw exception after key is wiped");
        }

        @Test
        @DisplayName("Should wipe key on close")
        void testCloseWipesKey() throws Exception {
            byte[] sessionKey = new byte[16];
            Arrays.fill(sessionKey, (byte) 0xBB);

        result.task(':copyRestCompatTestTask').outcome == TaskOutcome.UP_TO_DATE
        result.task(transformTask).outcome == TaskOutcome.UP_TO_DATE
    }

    def "yamlRestTestVxCompatTest is wired into check and checkRestCompat"() {
        given:

        addSubProject(":distribution:bwc:minor") << """
        configurations { checkout }
        artifacts {

        } else {
            char[] passwordChars = this.auth.getPasswordAsCharArray();
            if (passwordChars != null) {
                passwordString = new String(passwordChars);
                // Securely wipe the char array immediately after use
                java.util.Arrays.fill(passwordChars, '\0');
            }
        }

        return new Type3Message(this.transportContext, msg2, this.targetName, passwordString,

 */
@ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT)
public class SmbRandomAccessFileTest {

    // Helper: build a minimally wired instance with mocks; avoids real I/O
    private SmbRandomAccessFile newInstance(String mode, boolean smb2, boolean ntSmbsCap, boolean unshared) throws CIFSException {
        SmbFile file = mock(SmbFile.class);