java.util.Arrays.fill(this.nonce, (byte) 0);
            System.arraycopy(nonce, 0, this.nonce, 0, 12);
        } else if (nonce.length == 16) {
            // For GCM cipher, use full 16-byte nonce
            System.arraycopy(nonce, 0, this.nonce, 0, 16);
        } else {
            throw new IllegalArgumentException("Nonce must be 12 bytes (CCM) or 16 bytes (GCM)");
        }

	if len(value.IV) != IVSize {
		return ErrDecrypt
	}
	if len(value.Nonce) != NonceSize {
		return ErrDecrypt
	}

	switch value.Algorithm {
	case AES256GCM:
		c.Algorithm = kms.AES256
	case CHACHA20POLY1305:
		c.Algorithm = kms.ChaCha20
	default:
		c.Algorithm = 0
	}
	c.ID = value.ID
	c.IV = value.IV
	c.Nonce = value.Nonce
	c.Bytes = value.Bytes
	return nil

            }

            final String nonce = (String) claimsSet.getClaim("nonce");
            if (logger.isDebugEnabled()) {
                logger.debug("nonce={}", nonce);
            }
            if (StringUtils.isEmpty(nonce) || !nonce.equals(stateData.getNonce())) {
                throw new SsoLoginException("could not validate nonce");
            }

        return metrics;
    }

    /**
     * Generate a unique nonce for encryption following SMB3 specification.
     * Uses SMB3-compliant nonce generation with guaranteed uniqueness.
     *
     * @return nonce appropriate for the dialect (16 bytes for GCM, 12 bytes for CCM)
     */
    public byte[] generateNonce() {
        final byte[] nonce = new byte[isGCMCipher() ? 16 : 12];

        if (isGCMCipher()) {

        });
    }

    @Test
    @DisplayName("Should handle null nonce")
    void testNullNonce() {
        // When/Then
        assertThrows(NullPointerException.class, () -> {
            transformHeader.setNonce(null);
        });
    }

    @Test
    @DisplayName("Should handle invalid nonce length")
    void testInvalidNonceLength() {
        // Given

            byte[] nonce = context.generateNonce();
            assertNotNull(nonce, "Nonce should not be null");
            assertTrue(nonce.length > 0, "Nonce should have length > 0");

            // Convert to string for uniqueness check
            String nonceStr = Arrays.toString(nonce);
            assertFalse(nonces.contains(nonceStr), "Nonce should be unique");
            nonces.add(nonceStr);

		return nil, err
	}
	if stream.NonceSize() != len(metadata.Nonce) {
		return nil, sio.NotAuthentic
	}
	return stream.DecryptReader(ciphertext, metadata.Nonce, nil), nil
}

type encryptedObject struct {
	KeyID  string `json:"keyid"`
	KMSKey []byte `json:"kmskey"`

	Algorithm sio.Algorithm `json:"algorithm"`
	Nonce     []byte        `json:"nonce"`

  @Test fun testDigestChallengeWithStrictRfc2617Header() {
    val headers =
      Headers
        .Builder()
        .add(
          "WWW-Authenticate",
          "Digest realm=\"myrealm\", nonce=\"fjalskdflwejrlaskdfjlaskdjflaks" +
            "jdflkasdf\", qop=\"auth\", stale=\"FALSE\"",
        ).build()
    val challenges = headers.parseChallenges("WWW-Authenticate")
    assertThat(challenges.size).isEqualTo(1)

	}

	stream, err := sio.AES_256_GCM.Stream(key)
	if err != nil {
		return err
	}
	// Zero nonce, we only use each key once, and 32 bytes is plenty.
	nonce := make([]byte, stream.NonceSize())
	encr := stream.DecryptReader(r, nonce, nil)
	_, err = io.Copy(w, encr)
	if err == nil {
		fmt.Println(okMsg)
	}
	return err

	}
	var nonce [32]byte
	if _, err := io.ReadFull(random, nonce[:]); err != nil {
		logger.CriticalIf(context.Background(), errOutOfEntropy)
	}

	const Context = "object-encryption-key generation"
	mac := hmac.New(sha256.New, extKey)
	mac.Write([]byte(Context))
	mac.Write(nonce[:])
	mac.Sum(key[:0])
	return key
}