}

    /**
     * Test that encryption is properly configured
     */
    @Test
    public void testEncryptionConfiguration() throws CIFSException {
        BaseConfiguration config = new BaseConfiguration(true);

        // Verify encryption configuration is available (default is false for compatibility)
        // But can be enabled when needed

    @CsvSource({ "true, true, SMB311, 2", // DFS + Encryption
            "false, true, SMB311, 1", // Encryption only
            "true, false, SMB311, 1", // DFS only
            "false, false, SMB311, 0", // Neither
            "true, true, SMB210, 1", // DFS only (no encryption for SMB2)
            "false, true, SMB210, 0" // Neither (no encryption for SMB2)
    })

        return new HMACT64(key);
    }

    /**
     * Get an RC4 cipher instance initialized with the specified key.
     * @param key the encryption key
     * @return RC4 cipher in encryption mode
     */
    public static Cipher getArcfour(final byte[] key) {
        try {
            final Cipher c = Cipher.getInstance("RC4");

    /**
     * Kerberos encryption type for ARCFOUR-HMAC (RC4-HMAC).
     */
    public static final int ETYPE_ARCFOUR_HMAC = 23;
    /**
     * Kerberos encryption type for AES-128 CTS mode with HMAC-SHA1-96.
     */
    public static final int ETYPE_AES128_CTS_HMAC_SHA1_96 = 17;
    /**
     * Kerberos encryption type for AES-256 CTS mode with HMAC-SHA1-96.
     */

    /**
     * Server's time zone offset in minutes from UTC.
     */
    public int serverTimeZone;
    /**
     * Length of the encryption key.
     */
    public int encryptionKeyLength;
    /**
     * Encryption key for password encryption.
     */
    public byte[] encryptionKey;
    /**
     * Server's globally unique identifier.
     */
    public byte[] guid;

/**
 * Utility class for calculating and verifying PAC (Privilege Attribute Certificate) message authentication codes.
 * This class provides methods for computing MACs using various Kerberos encryption types including
 * ARCFOUR-HMAC-MD5 and AES-based HMAC algorithms.
 */
public class PacMac {

    /**
     * Private constructor to prevent instantiation of utility class.
     */
    private PacMac() {

    /**
     * Test decrypt with an unsupported encryption type.
     */
    @Test
    void testDecryptUnsupportedType() {
        Key key = new KerberosKey(null, new byte[16], 99, 0);
        byte[] data = new byte[16];
        Exception exception = assertThrows(GeneralSecurityException.class, () -> KerberosEncData.decrypt(data, key, 99));
        assertEquals("Unsupported encryption type 99", exception.getMessage());
    }

            EncryptionNegotiateContext encryption = new EncryptionNegotiateContext();

            assertNotEquals(preauth.getContextType(), encryption.getContextType());
            assertEquals(0x1, preauth.getContextType());
            assertEquals(0x2, encryption.getContextType());
        }

        @Test

import javax.security.auth.Destroyable;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Secure credential storage with encryption at rest.
 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password

    @DisplayName("Message constructor should handle crypto-specific error messages")
    @NullAndEmptySource
    @ValueSource(strings = { "AES encryption not supported", "Missing Bouncy Castle provider", "Invalid key length for AES-128",
            "RC4 cipher not available in this JVM", "DES encryption is deprecated and not supported", "HMAC-SHA256 algorithm not found",
            "RSA key generation failed: key size not supported" })