assertEquals(capacity, mockAllocInfo.getCapacity());
    }

    /**
     * Null pointer scenario – calls on a null reference should raise
     * {@link NullPointerException}. This test is defensive; in real code it
     * would likely be handled elsewhere.
     */
    @Test
    @DisplayName("calling getters on null reference throws NPE")
    void testNullReference() {
        AllocInfo nullRef = null;

        require(tls) { "no cipher suites for cleartext connections" }
        require(cipherSuites.isNotEmpty()) { "At least one cipher suite is required" }

        this.cipherSuites = cipherSuites.copyOf() as Array<String> // Defensive copy.
      }

    fun allEnabledTlsVersions() =
      apply {
        require(tls) { "no TLS versions for cleartext connections" }
        this.tlsVersions = null
      }

    }

    @Test
    @DisplayName("Invalid: resolving class by null name throws NPE")
    void testClassForNameWithNull() {
        // Intent: demonstrate defensive behavior with null when resolving this type by name
        assertThrows(NullPointerException.class, () -> Class.forName(null));
    }

    @Test
    @DisplayName("Happy path: class is loadable via fully qualified name")

            // Verify the reset method exists
            assertNotNull(resetMethod);
        }
    }

    /**
     * Test that getPreauthIntegrityHash returns a defensive copy
     */
    @Test
    @DisplayName("getPreauthIntegrityHash should return defensive copy")
    void testGetPreauthHashDefensiveCopy() throws Exception {
        byte[] hash = transport.getPreauthIntegrityHash();
        assertNotNull(hash);

        Smb2LeaseKey key2 = new Smb2LeaseKey();

        assertNotEquals(key1, key2);
        assertFalse(Arrays.equals(key1.getKey(), key2.getKey()));
    }

    @Test
    @DisplayName("Should return defensive copy of key")
    void testDefensiveCopy() {
        byte[] originalBytes =
                new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10 };

        // Verify getPath was called three times (once for each accept call)
        verify(mockDir, times(3)).getPath();
        verifyNoMoreInteractions(mockDir);
    }

    /**
     * Defensive behavior: implementation throws NPE on null inputs by design.
     */
    @Test
    @DisplayName("implementation explicitly rejects nulls with NPE")
    void implementationRejectsNulls() {

        verifyNoMoreInteractions(smbFile);
    }

    @Test
    @DisplayName("accept: rejects null input with meaningful NullPointerException")
    void accept_rejectsNullInput() {
        // Arrange: defensive filter that validates input
        SmbFileFilter filter = f -> {
            if (f == null) {
                throw new NullPointerException("file must not be null");
            }

    }

  fun getBody(): Buffer? = body?.clone()

  fun setBody(body: Buffer) =
    apply {
      setHeader("Content-Length", body.size)
      this.body = body.clone() // Defensive copy.
    }

  fun setBody(body: String): MockResponse = setBody(Buffer().writeUtf8(body))

  fun setChunkedBody(
    body: Buffer,
    maxChunkSize: Int,
  ) = apply {

      heldCertificate: HeldCertificate,
      vararg intermediates: X509Certificate,
    ) = apply {
      this.heldCertificate = heldCertificate
      this.intermediates = arrayOf(*intermediates) // Defensive copy.
    }

    /**
     * Add a trusted root certificate to use when authenticating a peer. Peers must provide
     * a chain of certificates whose root is one of these.
     */

        }

        byte[] key = null;
        byte[] keyCopy = null;

        try {
            // Get the key and create a defensive copy for SecretKeySpec
            key = encrypt ? getEncryptionKey() : getDecryptionKey();
            keyCopy = Arrays.copyOf(key, key.length);

            // Validate key length matches expected cipher requirements