verify(mockResponse, times(1)).getErrorCode();
    }

    @Test
    void testSetMid() {
        long mid = 12345L;
        mockResponse.setMid(mid);

        // Verify that the method was called with the correct argument
        verify(mockResponse, times(1)).setMid(mid);
    }

    @Test
    void testGetMid() {
        long mid = 54321L;
        when(mockResponse.getMid()).thenReturn(mid);

    private String testPipeName = "\\PIPE\\testpipe";

    @BeforeEach
    void setUp() {
        MockitoAnnotations.openMocks(this);
    }

    @Test
    @DisplayName("Constructor should initialize with correct values")
    void testConstructor() {
        // Act
        transWaitNamedPipe = new TransWaitNamedPipe(mockConfig, testPipeName);

        // Assert
        assertNotNull(transWaitNamedPipe);

	lines := []string{
		"abcdefghijklmn",
		"opqrstuvwxyz",
		"",
	}
	testNoNewline(text, lines, t)
}

var testError = errors.New("testError")

// Test the correct error is returned when the split function errors out.
func TestSplitError(t *testing.T) {
	// Create a split function that delivers a little data, then a predictable error.
	numSplits := 0
	const okCount = 7

        mockPolicyHandle = mock(SamrPolicyHandle.class);
        testServer = "testServer";
        testAccess = 0x02000000; // SAM_SERVER_CONNECT access right
    }

    @Test
    @DisplayName("Should construct with correct parameters")
    void constructorShouldInitializeFieldsCorrectly() {
        // When
        MsrpcSamrConnect2 msrpcSamrConnect2 = new MsrpcSamrConnect2(testServer, testAccess, mockPolicyHandle);

        // Then

        assertEquals(32, derived1.length, "Derived key should have correct length");
        assertEquals(32, derived2.length, "Derived key should have correct length");
        assertEquals(32, derived3.length, "Derived key should have correct length");

        assertFalse(Arrays.equals(derived1, derived2), "Different labels should produce different keys");

    }

    @Test
    @DisplayName("ensureDFSResolved forwards to tree connection with locator")
    void ensureDFSResolvedDelegates() throws Exception {
        // Confirms DFS resolution is delegated with the correct locator
        // Act
        handle.ensureDFSResolved();
        // Assert & interaction verify
        verify(treeConnection).ensureDFSResolved(resourceLoc);
    }

    @Test

Of course, the attackers would not try all this by hand, they would write a program to do it, possibly with thousands or millions of tests per second. And they would get just one extra correct letter at a time.

But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

class AddressTest extends BaseTest {

    @Mock
    private CIFSContext mockContext;

    @Mock
    private Address mockAddress;

    @Test
    @DisplayName("Address interface should define correct method signatures")
    void testInterfaceContract() {
        // Given
        Address address = mockAddress;

        // When & Then - verify interface methods exist and can be called
        assertDoesNotThrow(() -> {

 * Tests the batch limit configuration for various SMB commands.
 */
public class SmbConnectionTest {

    /**
     * Test that getBatchLimit returns correct values for different commands
     */
    @Test
    @DisplayName("getBatchLimit returns correct values for different SMB commands")
    public void testBatchLimitForDifferentCommands() throws CIFSException {
        Properties props = new Properties();

        // When: Get challenge
        byte[] key = poolSpy.getChallenge(ctx, address);

        // Then: Should return server key
        assertArrayEquals(expectedKey, key, "Should return correct server key");
        verify(internal).ensureConnected();
    }

    @Test
    @DisplayName("Should wrap IOException in SmbException for getChallenge")
    void testGetChallengeIOException() throws Exception {