SMBUtil.writeInt4(this.originalMessageSize, aad, index);
        index += 4;

        // Reserved
        SMBUtil.writeInt2(0, aad, index);
        index += 2;

        // Flags
        SMBUtil.writeInt2(this.flags, aad, index);
        index += 2;

        // Session ID (8 bytes)
        SMBUtil.writeInt8(this.sessionId, aad, index);

        return aad;
    }

        // When
        byte[] aad = transformHeader.getAssociatedData();

        // Then
        assertEquals(52, aad.length); // AAD should be same size as transform header

        // Verify protocol ID (first 4 bytes) - 0xFD534D42 in little-endian
        assertEquals((byte) 0x42, aad[0]);
        assertEquals((byte) 0x4D, aad[1]);
        assertEquals((byte) 0x53, aad[2]);
        assertEquals((byte) 0xFD, aad[3]);

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.microsoft.aad.msal4j.AuthorizationCodeParameters;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import com.microsoft.aad.msal4j.RefreshTokenParameters;
import com.microsoft.aad.msal4j.SilentParameters;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;

import org.codelibs.fess.entity.FessUser;
import org.codelibs.fess.helper.SystemHelper;
import org.codelibs.fess.sso.aad.AzureAdAuthenticator;
import org.codelibs.fess.util.ComponentUtil;
import org.lastaflute.web.login.credential.LoginCredential;

import com.microsoft.aad.msal4j.IAccount;
import com.microsoft.aad.msal4j.IAuthenticationResult;

/**
 * Azure Active Directory credential implementation for Fess authentication.

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 * either express or implied. See the License for the specific language
 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.sso.aad;

import java.util.ArrayList;
import java.util.List;

import org.codelibs.fess.unit.UnitFessTestCase;

public class AzureAdAuthenticatorTest extends UnitFessTestCase {
    public void test_addGroupOrRoleName() {

        final AEADBlockCipher cipher = createCCMCipher(true, nonce, associatedData.length, message.length);

        // Process AAD (not included in output)
        cipher.processAADBytes(associatedData, 0, associatedData.length);

        // Process message (will be encrypted)
        final byte[] output = new byte[cipher.getOutputSize(message.length)];

        return split(getSystemProperty("aad.permission.fields", "mail"), ",")
                .get(stream -> stream.filter(StringUtil::isNotBlank).map(String::trim).toArray(n -> new String[n]));
    }

    default boolean isAzureAdUseDomainServices() {
        return Constants.TRUE.equalsIgnoreCase(getSystemProperty("aad.use.ds", "true"));
    }

    default String getSsoType() {

KAAKnM,SADMmM,CAEX,KAAKrC,OAFMqC,CAGX,KAAKxC,KAHMwC,CAIX,KAAKC,cAJMD,CAF8B,ECA/C,eAA+D,aAExCE,oBAAoB,SAAU1C,EAAMoC,eAGnDE,cAAc5C,QAAQ,WAAU,GAC7BgD,oBAAoB,SAAU1C,EAAMoC,YAD7C,KAKMA,YAAc,OACdE,mBACAD,cAAgB,OAChBE,mBCZR,YAAgD,CAC1C,KAAKvC,KAAL,CAAWuC,aAD+B,wBAEvB,KAAKE,eAFkB,MAGvCzC,MAAQ2C,EAAqB,KAAKtM,SAA1BsM,CAAqC,KAAK3C,KAA1C2C,CAH+B,ECFhD,aAAqC,OACtB,EAANC,MAAY,CAACC,MAAMzJ,aAANyJ,CAAbD,EAAqCE,YCE9C,eAAmD,QAC1C/F,QAAa2C,QAAQ,WAAQ,IAC9BqD,GAAO,GAIP,CAAC,CADH,oDAAsDjM,OAAtD,KAEAkM,EAAU3J,IAAV2J,C...

* fix: azure disk could not mounted on Standard_DC4s/DC2s instances ([#86612](https://github.com/kubernetes/kubernetes/pull/86612), [@andyzhangx](https://github.com/andyzhangx))
* Fixes issue where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc. ([#86412](https://github.com/kubernetes/kubernetes/pull/86412), [@weinong](https://github.com/weinong))

* Added golint check for pkg/kubelet. ([#47316](https://github.com/kubernetes/kubernetes/pull/47316), [@k82cn](https://github.com/k82cn))
* azure: acr: support MSI with preview ACR with AAD auth ([#48981](https://github.com/kubernetes/kubernetes/pull/48981), [@colemickens](https://github.com/colemickens))