if (index == threadCount - 1) {
                        // Last thread wipes password
                        auth.secureWipePassword();
                    } else {
                        // Other threads try to read password
                        String pwd = auth.getPassword();
                        // Password might be null if already wiped
                        assertTrue(pwd == null || pwd.equals("ConcurrentPass123!"));

        if (this.closed) {
            throw new IllegalStateException("SigningDigest is closed");
        }
        if (this.signingKey == null) {
            throw new IllegalStateException("Signing key has been wiped");
        }
        Mac m;
        if (this.provider != null) {
            m = Mac.getInstance(this.algorithmName, this.provider);
        } else {
            m = Mac.getInstance(this.algorithmName);

        // When
        context.secureWipeKeys();

        // Then - keys should be wiped (we can't directly access them, but method should complete)
        assertDoesNotThrow(() -> context.secureWipeKeys(), "Should handle multiple wipe calls");
    }

    @Test
    @DisplayName("Should detect when key rotation is needed based on bytes encrypted")

            }
        }
        assertTrue(hasNonZero, "Data should have non-zero bytes");

        SecureKeyManager.secureWipe(data);

        // Verify data is wiped
        for (byte b : data) {
            assertEquals(0, b, "All bytes should be zero after wipe");
        }
    }

    @Test
    public void testSecureWipeNull() {
        // Should not throw
        SecureKeyManager.secureWipe(null);
    }

    /**
     * Close the encryption context and securely wipe keys
     */
    @Override
    public void close() {
        if (closed) {
            return;
        }

        try {
            secureWipeKeys();

            // Clear session ID
            sessionId = null;

            log.debug("Encryption context closed and keys wiped");
        } finally {
            closed = true;

    }

    /**
     * Remove and securely wipe a session key
     *
     * @param sessionId unique session identifier
     */
    public void removeSessionKey(String sessionId) {
        checkNotClosed();

        // Remove from memory maps
        SecretKey secretKey = sessionKeys.remove(sessionId);
        byte[] rawKey = rawKeys.remove(sessionId);

        // Wipe the raw key bytes
        if (rawKey != null) {

            sessionId = null;

            auditLogger.logEvent(EventType.SESSION_DESTROYED, Severity.INFO, "Authenticator closed and credentials wiped",
                    Map.of("username", username != null ? username : "unknown"));
        } finally {
            // Wipe client challenge - guaranteed by try-finally
            if (clientChallenge != null) {
                SecureKeyManager.secureWipe(clientChallenge);

                digest.sign(newData, 0, newData.length, request, response);
            }, "Should throw exception after key is wiped");
        }

        @Test
        @DisplayName("Should wipe key on close")
        void testCloseWipesKey() throws Exception {
            byte[] sessionKey = new byte[16];
            Arrays.fill(sessionKey, (byte) 0xBB);

        passwordField.setAccessible(true);

        // Verify password exists before wipe
        char[] passwordBefore = (char[]) passwordField.get(authenticator);
        assertNotNull(passwordBefore, "Password should exist before wipe");
        assertArrayEquals(testPassword.toCharArray(), passwordBefore, "Password should match before wipe");

        // Wipe the password
        authenticator.secureWipePassword();

 * is a thin wrapper around {@link InetAddresses} and {@link InternetDomainName}; the unit tests for
 * those classes explore numerous corner cases. The intent here is to confirm that everything is
 * wired up properly.
 *
 * @author Craig Berry
 */
@NullUnmarked
public final class HostSpecifierTest extends TestCase {

  private static final ImmutableList<String> GOOD_IPS =