void setUp() {
        // Initialize test keys
        testEncryptionKey = new byte[16]; // 128-bit key
        testDecryptionKey = new byte[16]; // 128-bit key
        new SecureRandom().nextBytes(testEncryptionKey);
        new SecureRandom().nextBytes(testDecryptionKey);

        // Create encryption context with required parameters
        encryptionContext = new Smb2EncryptionContext(1, DialectVersion.SMB311, testEncryptionKey, testDecryptionKey);

        String sessionId1 = "session-1";
        String sessionId2 = "session-2";

        byte[] key1 = new byte[16];
        byte[] key2 = new byte[16];
        new SecureRandom().nextBytes(key1);
        new SecureRandom().nextBytes(key2);

        keyManager.storeSessionKey(sessionId1, key1, "AES");
        keyManager.storeSessionKey(sessionId2, key2, "AES");

        byte[] retrieved1 = keyManager.getRawKey(sessionId1);

            throw new IllegalArgumentException("Master password cannot be null or empty");
        }

        // Generate salt for key derivation
        this.salt = new byte[SALT_SIZE];
        secureRandom.nextBytes(this.salt);

        // Derive master key from password
        this.masterKey = deriveKey(masterPassword, salt);

        // Clear the master password after use
        Arrays.fill(masterPassword, '\0');
    }

        assertTrue(preauthService.validatePreauthIntegrity(sessionId, expectedHash));

        // Validation should fail with incorrect hash
        byte[] incorrectHash = new byte[expectedHash.length];
        secureRandom.nextBytes(incorrectHash);

        assertThrows(CIFSException.class, () -> {
            preauthService.validatePreauthIntegrity(sessionId, incorrectHash);
        });
    }

    @Test

        case 4:
        case 5:
            // NTLMv2 - secure
            if (this.clientChallenge == null) {
                this.clientChallenge = new byte[8];
                tc.getConfig().getRandom().nextBytes(this.clientChallenge);
            }
            return NtlmUtil.getLMv2Response(this.domain, this.username, getPasswordAsCharArray(), chlng, this.clientChallenge);
        default:

    private static final int LEASE_KEY_SIZE = 16;

    /**
     * Create a new random lease key
     */
    public Smb2LeaseKey() {
        this.key = new byte[LEASE_KEY_SIZE];
        RANDOM.nextBytes(this.key);
    }

    /**
     * Create a lease key from existing bytes
     *
     * @param key 16-byte array
     * @throws IllegalArgumentException if key is not 16 bytes
     */

        if (isGCMCipher()) {
            // SMB 3.1.1 GCM: 96-bit random/fixed + 32-bit counter for guaranteed uniqueness
            // Fill first 12 bytes with random data
            secureRandom.nextBytes(nonce);

            // Last 4 bytes: incrementing counter for guaranteed uniqueness
            final long counter = this.nonceCounter.incrementAndGet();
            final ByteBuffer buffer = ByteBuffer.wrap(nonce, 12, 4);

        if (config.getMaximumVersion() != null && config.getMaximumVersion().atLeast(DialectVersion.SMB311)) {
            final byte[] salt = new byte[32];
            config.getRandom().nextBytes(salt);
            negoContexts.add(
                    new PreauthIntegrityNegotiateContext(config, new int[] { PreauthIntegrityNegotiateContext.HASH_ALGO_SHA512 }, salt));
            this.preauthSalt = salt;

     *
     * @return a cryptographically secure random salt
     */
    public byte[] generatePreauthSalt() {
        byte[] salt = new byte[SALT_SIZE];
        secureRandom.nextBytes(salt);
        log.debug("Generated new preauth salt of {} bytes", salt.length);
        return salt;
    }

    /**
     * Initializes preauth integrity context for a new session.
     *

     * @return random key bytes
     */
    public byte[] generateRandomKey(int length) {
        checkNotClosed();

        byte[] key = new byte[length];
        secureRandom.nextBytes(key);
        return key;
    }

    /**
     * Clear all stored keys
     */
    public void clearAllKeys() {
        checkNotClosed();

        log.info("Clearing all stored keys");