// Then
        assertNotNull(decKey, "Decryption key should not be null");
        assertEquals(16, decKey.length, "Decryption key should be 16 bytes");
        assertFalse(Arrays.equals(sessionKey, decKey), "Decryption key should be different from session key");
    }

    @Test
    @DisplayName("Should derive different decryption keys for different dialects")

     */
    protected void offerEncryptoCipher(final Cipher cipher) {
        encryptoQueue.offer(cipher);
    }

    /**
     * Polls a decryption cipher from the queue, creating a new one if none are available.
     *
     * @return a decryption cipher
     */
    protected Cipher pollDecryptoCipher() {
        Cipher cipher = decryptoQueue.poll();
        if (cipher == null) {

                    .thenThrow(new GeneralSecurityException("Decryption error"));

            PACDecodingException e = assertThrows(PACDecodingException.class, () -> new KerberosTicket(token, (byte) 0, keys));
            assertTrue(e.getMessage().startsWith("Decryption failed"));
        }
    }

    @Test

import jcifs.CIFSException;
import jcifs.DialectVersion;
import jcifs.internal.smb2.nego.EncryptionNegotiateContext;
import jcifs.util.SecureKeyManager;

/**
 * SMB2/SMB3 Encryption Context
 *
 * Manages encryption and decryption operations for SMB2/SMB3 sessions.
 * Handles both AES-CCM (SMB 3.0/3.0.2) and AES-GCM (SMB 3.1.1) cipher suites.
 *
 * @author mbechler
 */
public class Smb2EncryptionContext implements AutoCloseable {

    }

    @Test
    @DisplayName("Should throw exception for null decryption key")
    void testNullDecryptionKey() {
        // When/Then
        assertThrows(NullPointerException.class, () -> {
            new Smb2EncryptionContext(1, DialectVersion.SMB311, testEncryptionKey, null);
        }, "Should throw NullPointerException for null decryption key");
    }

    @Test

        this(token, null);
    }

    /**
     * Constructs a KerberosToken from token bytes with decryption keys.
     *
     * @param token the token bytes
     * @param keys array of Kerberos keys for decryption
     * @throws PACDecodingException if token decoding fails
     */
    public KerberosToken(byte[] token, KerberosKey[] keys) throws PACDecodingException {

    private byte apOptions;
    private KerberosTicket ticket;

    /**
     * Creates a Kerberos AP request from a token.
     *
     * @param token the Kerberos AP-REQ token
     * @param keys the Kerberos keys for decryption
     * @throws PACDecodingException if the token cannot be decoded
     */
    public KerberosApRequest(byte[] token, KerberosKey[] keys) throws PACDecodingException {
        this(parseSequence(token), keys);
    }

    /**
     * Constructs a KerberosTicket from token bytes.
     *
     * @param token the ticket token bytes
     * @param apOptions AP options flags
     * @param keys array of Kerberos keys for decryption
     * @throws PACDecodingException if ticket decoding fails
     */
    public KerberosTicket(byte[] token, byte apOptions, KerberosKey[] keys) throws PACDecodingException {
        if (token.length <= 0) {

        // It mainly tests the decryption logic path
        Key key = new KerberosKey(null, new byte[16], KerberosConstants.RC4_ENC_TYPE, 0);
        byte[] data = new byte[32]; // Dummy data
        // The test will likely fail with "Checksum failed" as the data is not properly encrypted
        // but it proves the decryption path is taken.

     * Parse Kerberos authorization data based on the authorization type.
     *
     * @param authType the type of authorization data
     * @param token the authorization data token
     * @param keys the Kerberos keys for decryption
     * @return a list of parsed authorization data
     * @throws PACDecodingException if the data cannot be decoded
     */