return restrictions;
    }

    /**
     * @deprecated VersionRange is immutable, cloning is not useful and even more an issue against the cache
     * @return a clone
     */
    @Deprecated
    public VersionRange cloneOf() {
        List<Restriction> copiedRestrictions = null;

        if (restrictions != null) {
            copiedRestrictions = new ArrayList<>();

	r.object = simdjson.Object{}
}

// Clone the record and if possible use the destination provided.
func (r *Record) Clone(dst sql.Record) sql.Record {
	other, ok := dst.(*Record)
	if !ok {
		other = &Record{}
	}
	other.object = r.object
	return other
}

// CloneTo clones the record to a json Record.
// Values are only unmashaled on object level.
func (r *Record) CloneTo(dst *json.Record) (sql.Record, error) {

            orig.refresh();
            // Clone should retain its cached Subject
            assertSame(copySubj, copy.getSubject(), "Clone should retain its cached Subject");
        } else {
            // If JAAS is not configured and getSubject() returns null, verify cloning still works
            assertNull(first, "First call to getSubject() returned null - JAAS not configured");

    /**
     * Clones this resolver for usage in a forked resolution process. In general, implementors need not provide a deep
     * clone. The only requirement is that invocations of {@link #addRepository(Repository)} on the clone do not affect
     * the state of the original resolver and vice versa.
     *
     * @return The cloned resolver, never {@code null}.
     */
    ModelResolver newCopy();

        SecurityBlob copy = assertDoesNotThrow(() -> (SecurityBlob) original.clone(), "clone() should not throw");

        // Assert
        assertNotSame(original, copy, "clone should return a different instance");
        assertTrue(original.equals(copy), "Cloned instance should be equal by content");

        // Mutate original backing array; clone should remain based on previous snapshot
        data[0] = 99;

    @Override
    protected byte[] getNTHash() {
        return this.ntHash;
    }

    @Override
    public NtlmPasswordAuthenticator clone() {
        final NtlmNtHashAuthenticator cloned = new NtlmNtHashAuthenticator(this.ntHash.clone());
        cloneInternal(cloned, this);
        return cloned;
    }

        // Cast and check we can call clone() from CredentialsInternal contract
        CredentialsInternal ci = (CredentialsInternal) impl;
        CredentialsInternal cloned = ci.clone();
        assertNotNull(cloned, "clone() should return a non-null CredentialsInternal");
    }

        Kerb5Authenticator cloned = auth.clone();

        assertNotSame(auth, cloned);
        assertEquals(subj, cloned.getSubject());
        assertEquals("alice", cloned.getUser());
        assertEquals("EXAMPLE.COM", cloned.getRealm());
        assertEquals("cifs", cloned.getService());
        assertEquals(123, cloned.getUserLifeTime());
        assertEquals(456, cloned.getLifeTime());

        assertArrayEquals(originalPassword, clonedPassword, "Cloned password content should match");

        // Wipe original - should not affect clone
        authenticator.secureWipePassword();

        char[] originalAfterWipe = (char[]) passwordField.get(authenticator);
        char[] clonedAfterWipe = (char[]) passwordField.get(cloned);

     */
    protected static void cloneInternal(NtlmPasswordAuthenticator cloned, NtlmPasswordAuthenticator toClone) {
        cloned.domain = toClone.domain;
        cloned.username = toClone.username;
        cloned.password = toClone.password != null ? toClone.password.clone() : null;
        cloned.type = toClone.type;
    }

    /**
     * Returns the domain.
     */
    @Override
    public String getUserDomain() {