* and access mask of each ACE. If the SID matches, the allow/deny flags
 * and access mask are considered. If the ACE is a "deny"
 * ACE and <i>any</i> of the desired access bits match bits in the access
 * mask of the ACE, the whole access check fails. If the ACE is an "allow"
 * ACE and <i>all</i> of the bits in the desired access bits match bits in
 * the access mask of the ACE, the access check is successful. Otherwise,

 * and access mask of each ACE. If the SID matches, the allow/deny flags
 * and access mask are considered. If the ACE is a "deny"
 * ACE and <i>any</i> of the desired access bits match bits in the access
 * mask of the ACE, the whole access check fails. If the ACE is an "allow"
 * ACE and <i>all</i> of the bits in the desired access bits match bits in
 * the access mask of the ACE, the access check is successful. Otherwise,

 * and access mask of each ACE. If the SID matches, the allow/deny flags
 * and access mask are considered. If the ACE is a "deny"
 * ACE and <i>any</i> of the desired access bits match bits in the access
 * mask of the ACE, the whole access check fails. If the ACE is an "allow"
 * ACE and <i>all</i> of the bits in the desired access bits match bits in
 * the access mask of the ACE, the access check is successful. Otherwise,

            // Given
            ACE[] expectedACEs = { mockACE };
            when(mockResource.getSecurity()).thenReturn(expectedACEs);
            when(mockResource.getSecurity(true)).thenReturn(expectedACEs);
            when(mockResource.getShareSecurity(false)).thenReturn(expectedACEs);

            // When
            ACE[] security1 = mockResource.getSecurity();
            ACE[] security2 = mockResource.getSecurity(true);

            int[] accessConstants = { ACE.FILE_READ_DATA, ACE.FILE_WRITE_DATA, ACE.FILE_APPEND_DATA, ACE.FILE_READ_EA, ACE.FILE_WRITE_EA,
                    ACE.FILE_EXECUTE, ACE.FILE_DELETE, ACE.FILE_READ_ATTRIBUTES, ACE.FILE_WRITE_ATTRIBUTES, ACE.DELETE, ACE.READ_CONTROL,
                    ACE.WRITE_DAC, ACE.WRITE_OWNER, ACE.SYNCHRONIZE, ACE.GENERIC_ALL, ACE.GENERIC_EXECUTE, ACE.GENERIC_WRITE,
                    ACE.GENERIC_READ };

        // Test combinations with FLAGS_INHERITED
        ace.flags = ACE.FLAGS_INHERITED | ACE.FLAGS_OBJECT_INHERIT;
        assertTrue(ace.isInherited());

        ace.flags = ACE.FLAGS_INHERITED | ACE.FLAGS_CONTAINER_INHERIT;
        assertTrue(ace.isInherited());

        ace.flags = ACE.FLAGS_INHERITED | ACE.FLAGS_NO_PROPAGATE;
        assertTrue(ace.isInherited());

    @DisplayName("Test getAces returns correct ACE array")
    void testGetAces() throws SMBProtocolDecodingException {
        prepareSecurityDescriptorBufferWithDACL(testBuffer, 0, 3);

        securityDescriptor.decode(testBuffer, 0, testBuffer.length);

        ACE[] aces = securityDescriptor.getAces();
        assertNotNull(aces);
        assertEquals(3, aces.length);
        for (ACE ace : aces) {
            assertNotNull(ace);

import jcifs.dcerpc.DcerpcConstants;
import jcifs.internal.dtyp.ACE;
import jcifs.internal.dtyp.SecurityDescriptor;

@ExtendWith(MockitoExtension.class)
class MsrpcShareGetInfoTest {

    @Mock
    private srvsvc.ShareInfo502 mockShareInfo502;

    @Mock
    private SecurityDescriptor mockSecurityDescriptor;

    @Mock
    private ACE mockAce1;

    @Mock
    private ACE mockAce2;

            if (numAces > 4096) {
                throw new SMBProtocolDecodingException("Invalid SecurityDescriptor");
            }

            this.aces = new ACE[numAces];
            for (int i = 0; i < numAces; i++) {
                this.aces[i] = new ACE();
                bufferIndex += this.aces[i].decode(buffer, bufferIndex, len - bufferIndex);
            }
        } else {
            this.aces = null;
        }

    }

    /**
     * Returns the security descriptor of the share as an array of ACEs.
     *
     * @return an array of ACE objects representing the share's security descriptor
     * @throws IOException if there is an error retrieving the security information
     */
    public ACE[] getSecurity() throws IOException {
        final srvsvc.ShareInfo502 info502 = (srvsvc.ShareInfo502) this.info;