#     cuda_clang    Build with CUDA Clang support.
#     rocm:         Build with AMD GPU support (rocm)
#     mkl:          Enable full mkl support.
#     nogcp:        Disable GCS support.
#     nonccl:       Disable nccl support.
#
#
# Remote build execution options (only configured to work with TF team projects for now.)
#     rbe_base:                       General RBE options shared by all flavors.

        byte[] nonce3 = gcmContext.generateNonce();

        // Then - Nonces should be unique (SMB3 compliant: random + counter)
        assertFalse(Arrays.equals(nonce1, nonce2), "Nonces should be different");
        assertFalse(Arrays.equals(nonce2, nonce3), "Nonces should be different");
        assertFalse(Arrays.equals(nonce1, nonce3), "Nonces should be different");

        // Nonces should have proper size

            }

            final String nonce = (String) claimsSet.getClaim("nonce");
            if (logger.isDebugEnabled()) {
                logger.debug("nonce={}", nonce);
            }
            if (StringUtils.isEmpty(nonce) || !nonce.equals(stateData.getNonce())) {
                throw new SsoLoginException("could not validate nonce");
            }

            java.util.Arrays.fill(this.nonce, (byte) 0);
            System.arraycopy(nonce, 0, this.nonce, 0, 12);
        } else if (nonce.length == 16) {
            // For GCM cipher, use full 16-byte nonce
            System.arraycopy(nonce, 0, this.nonce, 0, 16);
        } else {
            throw new IllegalArgumentException("Nonce must be 12 bytes (CCM) or 16 bytes (GCM)");
        }

        });
    }

    @Test
    @DisplayName("Should handle null nonce")
    void testNullNonce() {
        // When/Then
        assertThrows(NullPointerException.class, () -> {
            transformHeader.setNonce(null);
        });
    }

    @Test
    @DisplayName("Should handle invalid nonce length")
    void testInvalidNonceLength() {
        // Given

        return metrics;
    }

    /**
     * Generate a unique nonce for encryption following SMB3 specification.
     * Uses SMB3-compliant nonce generation with guaranteed uniqueness.
     *
     * @return nonce appropriate for the dialect (16 bytes for GCM, 12 bytes for CCM)
     */
    public byte[] generateNonce() {
        final byte[] nonce = new byte[isGCMCipher() ? 16 : 12];

        if (isGCMCipher()) {

		return nil, err
	}
	if stream.NonceSize() != len(metadata.Nonce) {
		return nil, sio.NotAuthentic
	}
	return stream.DecryptReader(ciphertext, metadata.Nonce, nil), nil
}

type encryptedObject struct {
	KeyID  string `json:"keyid"`
	KMSKey []byte `json:"kmskey"`

	Algorithm sio.Algorithm `json:"algorithm"`
	Nonce     []byte        `json:"nonce"`

			return
		}
		copy(objectEncryptionKey[:], key)

		var nonce [12]byte
		tmp := sha256.Sum256(fmt.Append(nil, uploadID, partID))
		copy(nonce[:], tmp[:12])

		partEncryptionKey := objectEncryptionKey.DerivePartKey(uint32(partID))
		encReader, err := sio.EncryptReader(reader, sio.Config{
			Key:   partEncryptionKey[:],
			Nonce: &nonce,
		})
		if err != nil {

        final String jwtClaim = "{" + "\"iss\":\"https://issuer.example.com\"," + "\"sub\":\"******@****.***\","
                + "\"aud\":\"client-123\"," + "\"exp\":1700000000," + "\"iat\":1699999900," + "\"nonce\":\"abc123\","
                + "\"at_hash\":\"hashvalue\"," + "\"c_hash\":\"codehash\"" + "}";
        final Map<String, Object> attributes = new HashMap<>();

        authenticator.parseJwtClaim(jwtClaim, attributes);

     * @param password
     *            The user's password.
     * @param challenge
     *            The server challenge.
     * @param clientChallenge
     *            The client challenge (nonce).
     * @return the calculated response
     * @throws GeneralSecurityException if a cryptographic error occurs
     */