}

    /**
     * Processes access control entries (ACEs) for the given SMB file and adds them to the response data.
     *
     * @param responseData the response data to update
     * @param file the SMB file to process
     */
    protected void processAccessControlEntries(final ResponseData responseData, final SmbFile file) {
        try {
            final ACE[] aces = file.getSecurity(resolveSids);
            if (aces != null) {

    /**
     * Processes access control entries (ACEs) for the given SMB1 file and adds them to the response data.
     *
     * @param responseData the response data to update
     * @param file the SMB1 file to process
     */
    protected void processAccessControlEntries(final ResponseData responseData, final SmbFile file) {
        try {
            final ACE[] aces = file.getSecurity(resolveSids);
            if (aces != null) {

            assertNotNull(security1, "Security ACEs should not be null");
            assertNotNull(security2, "Security ACEs with resolve should not be null");
            assertNotNull(shareSecurity, "Share security ACEs should not be null");
            assertEquals(1, security1.length, "Should return expected number of ACEs");
            assertEquals(1, security2.length, "Should return expected number of ACEs");

 * the access mask of the ACE, the access check is successful. Otherwise,
 * more ACEs are evaluated until all desired access bits (combined)
 * are "allowed". If all of the desired access bits are not "allowed"
 * the then same process is repeated for inherited ACEs.
 * <p>
 * For example, if user <code>WNET\alice</code> tries to open a file

    public static final int NEGO_CTX_ENC_TYPE = 0x2;

    /**
     * AES 128 CCM
     */
    public static final int CIPHER_AES128_CCM = 0x1;

    /**
     * AES 128 GCM
     */
    public static final int CIPHER_AES128_GCM = 0x2;

    /**
     * AES 256 CCM
     */
    public static final int CIPHER_AES256_CCM = 0x3;

    /**
     * AES 256 GCM
     */
    public static final int CIPHER_AES256_GCM = 0x4;

- Configurable: Min/max versions can be set via configuration properties

### SMB3 Encryption Support
- **SMB2 Transform Header**: Encrypted message wrapping
- **AES-CCM/GCM Support**: Both AES-128-CCM (SMB 3.0/3.0.2) and AES-128-GCM (SMB 3.1.1) cipher suites
- **Encryption Context**: Per-session encryption state management
- **Key Derivation**: SMB3 KDF implementation with dialect-specific parameters

    }

    @Test
    @DisplayName("Should handle AES encryption operations")
    void testAESOperations() throws Exception {
        // Given
        byte[] key = new byte[16]; // 128-bit key
        byte[] iv = new byte[16]; // 128-bit IV
        byte[] plaintext = "This is test data for AES encryption test".getBytes();

        new SecureRandom().nextBytes(key);

        byte[] key2 = new byte[16];
        new SecureRandom().nextBytes(key1);
        new SecureRandom().nextBytes(key2);

        keyManager.storeSessionKey(sessionId1, key1, "AES");
        keyManager.storeSessionKey(sessionId2, key2, "AES");

        byte[] retrieved1 = keyManager.getRawKey(sessionId1);
        byte[] retrieved2 = keyManager.getRawKey(sessionId2);

    }

    private void processAces(final ACE[] aces, final boolean resolveSids) throws IOException {
        final String server = getServerWithDfs();
        int ai;

        if (resolveSids) {
            final SID[] sids = new SID[aces.length];
            final String[] names = null;

            for (ai = 0; ai < aces.length; ai++) {
                sids[ai] = aces[ai].sid;
            }

 * the access mask of the ACE, the access check is successful. Otherwise,
 * more ACEs are evaluated until all desired access bits (combined)
 * are "allowed". If all of the desired access bits are not "allowed"
 * the then same process is repeated for inherited ACEs.
 * <p>
 * For example, if user <code>WNET\alice</code> tries to open a file