* the access mask of the ACE, the access check is successful. Otherwise,
 * more ACEs are evaluated until all desired access bits (combined)
 * are "allowed". If all of the desired access bits are not "allowed"
 * the then same process is repeated for inherited ACEs.
 * <p>
 * For example, if user <code>WNET\alice</code> tries to open a file

            ms_usage = 8;
        case 23:
            ms_usage = 13;
        }
        return ms_usage;
    }

    /**
     * Calculates a MAC using HMAC-SHA1 with AES key derivation.
     * This method supports both AES-128 and AES-256 encryption types.
     *
     * @param usage the Kerberos key usage number for this operation
     * @param baseKey the base Kerberos key for key derivation

        int processedEntries = 0;
        int failedEntries = 0;

        try (final ArchiveInputStream ais =
                archiveStreamFactory.createArchiveInputStream(in.markSupported() ? in : new BufferedInputStream(in))) {
            ZipArchiveEntry entry = null;
            long contentSize = 0;
            while ((entry = (ZipArchiveEntry) ais.getNextEntry()) != null) {
                contentSize += entry.getSize();

    public static final int NEGO_CTX_ENC_TYPE = 0x2;

    /**
     * AES 128 CCM
     */
    public static final int CIPHER_AES128_CCM = 0x1;

    /**
     * AES 128 GCM
     */
    public static final int CIPHER_AES128_GCM = 0x2;

    /**
     * AES 256 CCM
     */
    public static final int CIPHER_AES256_CCM = 0x3;

    /**
     * AES 256 GCM
     */
    public static final int CIPHER_AES256_GCM = 0x4;

        int processedEntries = 0;
        int failedEntries = 0;

        try (final ArchiveInputStream ais = archiveStreamFactory.createArchiveInputStream("tar", in)) {
            TarArchiveEntry entry = null;
            long contentSize = 0;
            while ((entry = (TarArchiveEntry) ais.getNextEntry()) != null) {
                contentSize += entry.getSize();

- Configurable: Min/max versions can be set via configuration properties

### SMB3 Encryption Support
- **SMB2 Transform Header**: Encrypted message wrapping
- **AES-CCM/GCM Support**: Both AES-128-CCM (SMB 3.0/3.0.2) and AES-128-GCM (SMB 3.1.1) cipher suites
- **Encryption Context**: Per-session encryption state management
- **Key Derivation**: SMB3 KDF implementation with dialect-specific parameters

    }

    /**
     * Processes access control entries (ACEs) for the given SMB file and adds them to the response data.
     *
     * @param responseData the response data to update
     * @param file the SMB file to process
     */
    protected void processAccessControlEntries(final ResponseData responseData, final SmbFile file) {
        try {
            final ACE[] aces = file.getSecurity(resolveSids);
            if (aces != null) {

 * the access mask of the ACE, the access check is successful. Otherwise,
 * more ACEs are evaluated until all desired access bits (combined)
 * are "allowed". If all of the desired access bits are not "allowed"
 * the then same process is repeated for inherited ACEs.
 * <p>
 * For example, if user <code>WNET\alice</code> tries to open a file

            assertNotNull(security1, "Security ACEs should not be null");
            assertNotNull(security2, "Security ACEs with resolve should not be null");
            assertNotNull(shareSecurity, "Share security ACEs should not be null");
            assertEquals(1, security1.length, "Should return expected number of ACEs");
            assertEquals(1, security2.length, "Should return expected number of ACEs");

@DisplayName("CIFSUnsupportedCryptoException Tests")
class CIFSUnsupportedCryptoExceptionTest extends BaseTest {

    private static final String CRYPTO_ERROR_MESSAGE = "Unsupported cryptographic algorithm: AES-256-GCM";
    private static final String ALGORITHM_NAME = "AES-256-GCM";

    @Test
    @DisplayName("Default constructor should create exception with null message and cause")
    void testDefaultConstructor() {
        // Given & When