/**
     * AES-128-CCM cipher identifier for SMB3 encryption
     */
    public static final int CIPHER_AES_128_CCM = EncryptionNegotiateContext.CIPHER_AES128_CCM;
    /**
     * AES-128-GCM cipher identifier for SMB3.1.1 encryption
     */
    public static final int CIPHER_AES_128_GCM = EncryptionNegotiateContext.CIPHER_AES128_GCM;
    /**
     * AES-256-CCM cipher identifier for SMB3 encryption (future support)
     */

        new SecureRandom().nextBytes(testDecryptionKey);

        // Create encryption context with required parameters
        encryptionContext = new Smb2EncryptionContext(1, DialectVersion.SMB311, testEncryptionKey, testDecryptionKey);
    }

    @Test
    @DisplayName("Should create encryption context with valid parameters")
    void testConstructor() {
        // When

package jcifs.internal.smb2.nego;

import jcifs.Configuration;
import jcifs.internal.SMBProtocolDecodingException;
import jcifs.internal.util.SMBUtil;

/**
 * SMB2 Encryption Negotiate Context.
 *
 * This negotiate context is used in SMB 3.x to negotiate
 * encryption capabilities and cipher suites.
 *
 * @author mbechler
 */
public class EncryptionNegotiateContext implements NegotiateContextRequest, NegotiateContextResponse {

                    // Server requires encryption - create encryption context
                    try {
                        if (log.isDebugEnabled()) {
                            log.debug("Server requires encryption, creating encryption context");
                        }
                        SmbTransportImpl transport = getTransport();

    }

    /**
     * Test that encryption is properly configured
     */
    @Test
    public void testEncryptionConfiguration() throws CIFSException {
        BaseConfiguration config = new BaseConfiguration(true);

        // Verify encryption configuration is available (default is false for compatibility)
        // But can be enabled when needed

}

// get ObjectOptions for Copy calls with encryption headers provided on the target side and source side metadata
func copyDstOpts(ctx context.Context, r *http.Request, bucket, object string, metadata map[string]string) (opts ObjectOptions, err error) {
	return putOptsFromReq(ctx, r, bucket, object, metadata)
}

// get ObjectOptions for Copy calls with encryption headers provided on the source side

* Certificates have a **lifetime**.
    * They **expire**.
    * And then they need to be **renewed**, **acquired again** from the third party.
* The encryption of the connection happens at the **TCP level**.
    * That's one layer **below HTTP**.
    * So, the **certificate and encryption** handling is done **before HTTP**.
* **TCP doesn't know about "domains"**. Only about IP addresses.

// NewMultipartUploadHandler - New multipart upload.
// Notice: The S3 client can send secret keys in headers for encryption related jobs,
// the handler should ensure to remove these keys before sending them to the object layer.
// Currently these keys are:
//   - X-Amz-Server-Side-Encryption-Customer-Key
//   - X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key
func (api objectAPIHandlers) NewMultipartUploadHandler(w http.ResponseWriter, r *http.Request) {

    }

    /**
     * Test encryption context performance without synchronization bottlenecks
     */
    @Test
    public void testEncryptionContextPerformance() throws Exception {
        // Create mock encryption context for testing (simplified)
        // Note: This tests the atomic operations without actual encryption

        int threadCount = 8;
        int operationsPerThread = 500;

    /**
     * @return the selectedDialect
     */
    @Override
    public DialectVersion getSelectedDialect() {
        return this.selectedDialect;
    }

    /**
     * Gets the encryption cipher selected for SMB3 encryption.
     *
     * @return the selectedCipher
     */
    public int getSelectedCipher() {
        return this.selectedCipher;
    }

    /**