/**
     * Derive encryption key from password using PBKDF2
     */
    private SecretKey deriveKey(char[] password, byte[] salt) throws GeneralSecurityException {
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(KEY_DERIVATION_ALGORITHM);
        KeySpec keySpec = new PBEKeySpec(password, salt, PBKDF2_ITERATIONS, KEY_SIZE);
        SecretKey tempKey = keyFactory.generateSecret(keySpec);

        if (key != null) {
            return key.clone(); // Return a copy to prevent modification
        }

        // Try to get from SecretKey if available
        SecretKey secretKey = getSessionKey(sessionId);
        if (secretKey != null) {
            return secretKey.getEncoded();
        }

        return null;
    }

    /**
     * Remove and securely wipe a session key
     *

     * @param endpoint the S3 endpoint URL (null for AWS default)
     * @param accessKey the AWS access key
     * @param secretKey the AWS secret key
     * @param bucket the bucket name
     * @param region the AWS region
     */
    public S3StorageClient(final String endpoint, final String accessKey, final String secretKey, final String bucket,
            final String region) {
        this.bucket = bucket;

    void testDecryptDes() throws GeneralSecurityException, NoSuchAlgorithmException {
        KeyGenerator keyGen = KeyGenerator.getInstance("DES");
        keyGen.init(56);
        SecretKey secretKey = keyGen.generateKey();
        Key key = new KerberosKey(null, secretKey.getEncoded(), KerberosConstants.DES_ENC_TYPE, 0);
        byte[] data = new byte[32]; // Dummy data, must be multiple of 8

    public static StorageClient createClient(final FessConfig fessConfig) {
        final String endpoint = fessConfig.getStorageEndpoint();
        final String accessKey = fessConfig.getStorageAccessKey();
        final String secretKey = fessConfig.getStorageSecretKey();
        final String bucket = fessConfig.getStorageBucket();

        // Get explicit type or auto-detect
        final String typeStr = fessConfig.getStorageType();

        }
        final String secretKey = getInitParameter("secretKey", null, String.class);
        if (StringUtil.isBlank(secretKey)) {
            throw new CrawlingAccessException(
                    "Storage secret key is blank. Please set the STORAGE_SECRET_KEY environment variable or secretKey parameter.");
        }
        builder.credentials(accessKey, secretKey);
        try {

        }
        final String secretKey = getInitParameter("secretKey", null, String.class);
        if (StringUtil.isBlank(secretKey)) {
            throw new CrawlingAccessException(
                    "S3 secret key is blank. Please set the S3_SECRET_KEY environment variable or secretKey parameter.");
        }

                if (StringUtil.isNotBlank(accessKey) && StringUtil.isNotBlank(secretKey)) {
                    builder.credentialsProvider(StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey)));
                }

                s3Client = builder.build();
                connected = true;
            } catch (final Exception e) {

            try {
                final Builder builder = MinioClient.builder().endpoint(endpoint);
                if (StringUtil.isNotBlank(accessKey) && StringUtil.isNotBlank(secretKey)) {
                    builder.credentials(accessKey, secretKey);
                }
                if (StringUtil.isNotBlank(region)) {
                    builder.region(region);
                }
                minioClient = builder.build();

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.kerberos.KerberosKey;

import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;