}

    /**
     * Remove and securely wipe a session key
     *
     * @param sessionId unique session identifier
     */
    public void removeSessionKey(String sessionId) {
        checkNotClosed();

        // Remove from memory maps
        SecretKey secretKey = sessionKeys.remove(sessionId);
        byte[] rawKey = rawKeys.remove(sessionId);

        // Wipe the raw key bytes
        if (rawKey != null) {

        passwordField.setAccessible(true);

        // Verify password exists before wipe
        char[] passwordBefore = (char[]) passwordField.get(authenticator);
        assertNotNull(passwordBefore, "Password should exist before wipe");
        assertArrayEquals(testPassword.toCharArray(), passwordBefore, "Password should match before wipe");

        // Wipe the password
        authenticator.secureWipePassword();

        // Create threads that try to wipe or access password
        for (int i = 0; i < threadCount; i++) {
            final int index = i;
            new Thread(() -> {
                try {
                    startLatch.await();

                    if (index % 3 == 0) {
                        // Some threads wipe password
                        auth.secureWipePassword();

        @DisplayName("Should not allow operations after secure wipe")
        void testNoOperationsAfterWipe() throws GeneralSecurityException {
            byte[] sessionKey = new byte[16];
            Arrays.fill(sessionKey, (byte) 0xDD);

            Smb2SigningDigest digest = new Smb2SigningDigest(sessionKey, Smb2Constants.SMB2_DIALECT_0300, new byte[0]);

            // Wipe the key
            digest.secureWipeKey();

    description: "Testing of the Elasticsearch %BRANCH% branch platform support tests.\n"
    project-type: multijob
    node: master
    vault: []
    scm:
      - git:
          wipe-workspace: false
    builders:
      - multijob:
          name: Packaging tests
          projects:
            - name: elastic+elasticsearch+%BRANCH%+multijob+platform-support-darwin
              kill-phase-on: NEVER

            }
            return true; // Signature verification succeeded
        } finally {
            this.signingLock.unlock();
        }
    }

    /**
     * Securely wipe signing key from memory
     */
    public void secureWipeKey() {
        this.signingLock.lock();
        try {
            if (this.signingKey != null) {

    description: "Testing of the Elasticsearch %BRANCH% branch against third-party service integrations.\n"
    project-type: multijob
    node: master
    vault: []
    scm:
      - git:
          wipe-workspace: false
    builders:
      - multijob:
          name: Third party repository compatibility tests
          projects:
            - name: elastic+elasticsearch+%BRANCH%+multijob+third-party-tests-azure

    child-workspace: "/dev/shm/elastic+elasticsearch+%BRANCH%+multijob+platform-support-arm"
    project-type: matrix
    node: master
    scm:
      - git:
          wipe-workspace: false
    axes:
      - axis:
          type: label-expression
          name: os
          values:
            - "centos-8-aarch64&&immutable"
            - "ubuntu-1804-aarch64&&immutable"

        // Securely wipe the modified session key
        SecureKeyManager.secureWipe(modifiedSessionKey);

        // Rotate keys using existing method
        rotateKeys(newEncryptionKey, newDecryptionKey);

        log.info("Automatic key rotation completed for session: {} (rotation count: {})", sessionId, rotationCount);
    }

    /**
     * Securely wipe encryption keys from memory
     */

          branches:
            - "${branch_specifier}"
          url: "https://github.com/elastic/elasticsearch.git"
          basedir: ""
          wipe-workspace: true
    triggers: []
    wrappers:
      - timeout:
          type: absolute
          timeout: 480
          fail: true
      - ansicolor
      - timestamps
      - gradle-build-scan