* @param data the data to calculate the MAC for
     * @return the calculated MAC bytes
     * @throws GeneralSecurityException if cryptographic operations fail
     */
    public static byte[] calculateMacArcfourHMACMD5(int keyusage, Key key, byte[] data) throws GeneralSecurityException {
        int ms_usage = mapArcfourMD5KeyUsage(keyusage);
        Mac mac = Mac.getInstance("HmacMD5");

     * Initialize secure credential storage with a master password
     *
     * @param masterPassword the master password for encryption
     * @throws GeneralSecurityException if encryption setup fails
     */
    public SecureCredentialStorage(char[] masterPassword) throws GeneralSecurityException {
        if (masterPassword == null || masterPassword.length == 0) {
            throw new IllegalArgumentException("Master password cannot be null or empty");

     *            the pre-authentication integrity hash (for SMB 3.1.1)
     * @throws GeneralSecurityException
     *             if the signing algorithm cannot be initialized
     *
     */
    public Smb2SigningDigest(final byte[] sessionKey, final int dialect, final byte[] preauthIntegrityHash)
            throws GeneralSecurityException {
        switch (dialect) {
        case Smb2Constants.SMB2_DIALECT_0202:

     * @return the Type 3 message to send to the server
     * @throws GeneralSecurityException if a cryptographic error occurs
     * @throws CIFSException if a CIFS protocol error occurs
     */
    protected Type3Message createType3Message(final Type2Message msg2) throws GeneralSecurityException, CIFSException {
        if (this.auth instanceof NtlmNtHashAuthenticator) {

     * @param clientChallenge the client challenge bytes
     * @return the calculated response
     * @throws GeneralSecurityException if a cryptographic error occurs
     */
    public static byte[] getNTLM2Response(final byte[] passwordHash, final byte[] serverChallenge, final byte[] clientChallenge)
            throws GeneralSecurityException {
        final byte[] sessionHash = new byte[8];

        final MessageDigest md5 = Crypto.getMD5();

     * Perform automatic key rotation using the stored session key following SMB3 key derivation
     *
     * @throws GeneralSecurityException if key rotation fails
     */
    private void performAutomaticKeyRotation() throws GeneralSecurityException {
        if (sessionKey == null) {
            throw new GeneralSecurityException("Session key not available for automatic rotation");
        }

     * @param key the decryption key
     * @param type the encryption type
     * @return the decrypted data
     * @throws GeneralSecurityException if decryption fails
     */
    public static byte[] decrypt(byte[] data, Key key, int type) throws GeneralSecurityException {
        Cipher cipher = null;
        byte[] decrypt = null;

        decrypt = switch (type) {

    /**
     * Test method for
     * {@link jcifs.pac.PacMac#calculateMacArcfourHMACMD5(int, java.security.Key, byte[])}.
     *
     * @throws GeneralSecurityException
     */
    @Test
    void testCalculateMacArcfourHMACMD5() throws GeneralSecurityException {
        // Using a key with a known value for reproducibility
        SecretKeySpec key = new SecretKeySpec(new byte[16], "ARCFOUR");

    }

    /**
     * Test decrypt with RC4 encryption.
     *
     * @throws GeneralSecurityException if a security error occurs
     */
    @Test
    void testDecryptRc4() throws GeneralSecurityException {
        // This is a simplified test and does not use real encrypted data from Kerberos
        // It mainly tests the decryption logic path

     * @throws GeneralSecurityException if a cryptographic error occurs
     * @throws CIFSException if a CIFS protocol error occurs
     */
    public Type3Message(final CIFSContext tc, final Type2Message type2, final String targetName, final String password, final String domain,
            final String user, final String workstation, final int flags) throws GeneralSecurityException, CIFSException {