assertEquals(2, securityDescriptor.getAces().length);
    }

    @Test
    @DisplayName("Test decode with no SIDs and no DACL")
    void testDecodeWithNoSidsNoDacl() throws SMBProtocolDecodingException {
        // Prepare minimal buffer with no SIDs and no DACL
        prepareMinimalSecurityDescriptorBuffer(testBuffer, 0, false, false, false);

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs;

/**
 * A Windows SID is a numeric identifier used to represent Windows
 * accounts. SIDs are commonly represented using a textual format such as
 * <code>S-1-5-21-1496946806-2192648263-3843101252-1029</code> but they may
 * also be resolved to yield the name of the associated Windows account

    /**
     * Return an array of Access Control Entry (ACE) objects representing
     * the security descriptor associated with this file or directory.
     * <p>
     * Initially, the SIDs within each ACE will not be resolved however when
     * <code>getType()</code>, <code>getDomainName()</code>, <code>getAccountName()</code>,
     * or <code>toString()</code> is called, the names will attempt to be

        int ai;

        if (resolveSids) {
            final SID[] sids = new SID[aces.length];
            final String[] names = null;

            for (ai = 0; ai < aces.length; ai++) {
                sids[ai] = aces[ai].sid;
            }

            for (int off = 0; off < sids.length; off += 64) {
                int len = sids.length - off;
                if (len > 64) {
                    len = 64;

        this.userPrefix = userPrefix;
    }

    /**
     * Extracts role type information from SMB (Server Message Block) response data.
     * Processes both SMB and SMB1 protocols to extract allowed and denied SIDs.
     *
     * @param responseData the response data containing SMB metadata
     * @return a list of role type strings extracted from the SMB permissions
     */

        jcifs.SID[] members = userSid.getGroupMemberSids("myserver", null, 0);
        assertEquals(0, members.length);
    }

    /**
     * Test static well-known SIDs.
     */
    @Test
    void testWellKnownSids() {
        assertNotNull(SID.EVERYONE);
        assertEquals("S-1-1-0", SID.EVERYONE.toString());

        assertNotNull(SID.CREATOR_OWNER);

        // Act
        lookupSids = new MsrpcLookupSids(mockPolicyHandle, testSids);

        // Assert using reflection
        Field sidsField = lsarpc.LsarLookupSids.class.getDeclaredField("sids");
        sidsField.setAccessible(true);
        Object sidsObj = sidsField.get(lookupSids);

        assertNotNull(sidsObj);
        assertTrue(sidsObj instanceof LsarSidArrayX);
    }

    @Test

    }

    @Test
    @DisplayName("Test user flags using mock")
    void testUserFlags() throws Exception {
        PacLogonInfo logonInfo = mock(PacLogonInfo.class);

        // Test with extra SIDs flag
        when(logonInfo.getUserFlags()).thenReturn(PacConstants.LOGON_EXTRA_SIDS);
        assertEquals(PacConstants.LOGON_EXTRA_SIDS, logonInfo.getUserFlags());

        // Test with resource groups flag

        sidArray.num_sids = 2;
        sidArray.sids = new lsarpc.LsarSidPtr[2];

        sidArray.sids[0] = new lsarpc.LsarSidPtr();
        sidArray.sids[0].sid = new rpc.sid_t();
        sidArray.sids[0].sid.revision = 1;
        sidArray.sids[0].sid.identifier_authority = new byte[] { 0, 0, 0, 0, 0, 5 };
        sidArray.sids[0].sid.sub_authority_count = 1;
        sidArray.sids[0].sid.sub_authority = new int[] { 500 };

            // Then: Should have correct values
            assertEquals(0x21, message.getOpnum());
            assertEquals(mockPolicyHandle, message.alias_handle);
            assertEquals(mockLsarSidArray, message.sids);
        }

        @Test
        @DisplayName("Should encode input correctly")
        void testEncodeIn() throws NdrException {
            // Given: Get members message