errKMSDefaultKeyAlreadyConfigured = errors.New("A default encryption already exists on KMS")
	// Additional MinIO errors for SSE-C requests.
	errObjectTampered = errors.New("The requested object was modified and may be compromised")
	// error returned when invalid encryption parameters are specified
	errInvalidEncryptionParameters     = errors.New("The encryption parameters are not applicable to this object")

			t.Errorf("Test %d: Decryption returned wrong error code: got %d , want %d", i, err, test.expErr)
		} else if _, enc := crypto.IsEncrypted(test.info.UserDefined); encrypted && enc != encrypted {
			t.Errorf("Test %d: Decryption thinks object is encrypted but it is not", i)
		} else if !encrypted && enc != encrypted {
			t.Errorf("Test %d: Decryption thinks object is not encrypted but it is", i)
		}
	}
}

UTCNow(), Size: 3430, Mode: 0x0, Metadata: map[string]string{"X-Minio-Internal-Server-Side-Encryption-Iv": "jIJPsrkkVYYMvc7edBrNl+7zcM7+ZwXqMb/YAjBO/ck=", "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Key-Id": "my-minio-key", "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key": "IAAfAP2p7ZLv3UpLwBnsKkF2mtWba0qoY42tymK0szRgGvAxBNcXyHXYooe9dQpeeEJWgKUa/8R61oCy1mFwIg==", "X-Minio-Internal-Server-Side-Encryption-S3-Sealed-Key": "IAAfAPFYRDkHVirJBJxBixNj3PLWt78dFuUTyTLIdLG820J7XqLPBO4gpEEEWw/DoTs...

                // Log but don't fail - concurrent encryption/decryption with same context is complex
                System.out.println("Sample decryption failed (acceptable for concurrent test): " + e.getMessage());
            }
        }

        // Cleanup
        context.close();
    }

    @Test
    @DisplayName("Should handle AES-CCM encryption correctly")
    void testAESCCMEncryption() throws Exception {

var validSSEReplicationHeaders = map[string]string{
	"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "X-Minio-Replication-Server-Side-Encryption-Sealed-Key",
	"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "X-Minio-Replication-Server-Side-Encryption-Seal-Algorithm",
	"X-Minio-Internal-Server-Side-Encryption-Iv":             "X-Minio-Replication-Server-Side-Encryption-Iv",

    /**
     * AES-128-CCM cipher identifier for SMB3 encryption
     */
    public static final int CIPHER_AES_128_CCM = EncryptionNegotiateContext.CIPHER_AES128_CCM;
    /**
     * AES-128-GCM cipher identifier for SMB3.1.1 encryption
     */
    public static final int CIPHER_AES_128_GCM = EncryptionNegotiateContext.CIPHER_AES128_GCM;
    /**
     * AES-256-CCM cipher identifier for SMB3 encryption (future support)
     */

        // Then
        assertNotNull(encKey, "Encryption key should not be null");
        assertEquals(16, encKey.length, "Encryption key should be 16 bytes");
        assertFalse(Arrays.equals(sessionKey, encKey), "Encryption key should be different from session key");
    }

    @Test
    @DisplayName("Should derive different encryption keys for different dialects")

    /**
     * Test decrypt with an unsupported encryption type.
     */
    @Test
    void testDecryptUnsupportedType() {
        Key key = new KerberosKey(null, new byte[16], 99, 0);
        byte[] data = new byte[16];
        Exception exception = assertThrows(GeneralSecurityException.class, () -> KerberosEncData.decrypt(data, key, 99));
        assertEquals("Unsupported encryption type 99", exception.getMessage());
    }

     */
    protected String transformation = RSA;

    /**
     * The key to use for encryption/decryption.
     */
    protected String key;

    /**
     * The character set name to use for encoding/decoding strings.
     */
    protected String charsetName = CoreLibConstants.UTF_8;

    /**
     * The queue of ciphers for encryption.
     */
    protected Queue<Cipher> encryptoQueue = new ConcurrentLinkedQueue<>();

    /**
     * Gets the flags field which contains flags in SMB 3.1.1 or encryption algorithm ID in SMB 3.0/3.0.2
     *
     * @return the flags (SMB 3.1.1) or encryption algorithm (SMB 3.0/3.0.2)
     */
    public int getFlags() {
        return this.flags;
    }

    /**
     * Sets the flags field which contains flags in SMB 3.1.1 or encryption algorithm ID in SMB 3.0/3.0.2
     *
     * @param flags