}

    /**
     * Test that signing is properly configured
     */
    @Test
    public void testSigningConfiguration() throws CIFSException {
        BaseConfiguration config = new BaseConfiguration(true);

        // Verify IPC signing is enforced (this is a security requirement)
        assertTrue("IPC signing should be enforced for security", config.isIpcSigningEnforced());
    }

    /**
     * Checks if message signing is supported but not mandatory.
     *
     * @return whether signatures are supported but not required
     * @throws SmbException if an error occurs checking signing status
     */
    boolean isSigningOptional() throws SmbException;

    /**
     * Checks if message signing is mandatory for this connection.
     *

    class NegotiationConstants {

        @Test
        @DisplayName("Signing enabled flag should be 0x0001")
        void testSigningEnabledFlag() {
            assertEquals(0x0001, Smb2Constants.SMB2_NEGOTIATE_SIGNING_ENABLED, "Signing enabled flag must be 0x0001");
        }

        @Test
        @DisplayName("Signing required flag should be 0x0002")
        void testSigningRequiredFlag() {

     * @return the server challenge bytes
     */
    public byte[] getServerChallenge() {
        return serverChallenge;
    }

    /**
     * Gets the signing key for message authentication.
     * @return the signing key bytes
     */
    public byte[] getSigningKey() {
        return signingKey;
    }

    /**
     * Gets the NetBIOS name of the remote server.

 * operations during SMB authentication.
 *
 * @author mbechler
 */
public interface SSPContext {

    /**
     * Gets the signing key for the session.
     * @return the signing key for the session
     * @throws CIFSException if an error occurs retrieving the signing key
     */
    byte[] getSigningKey() throws CIFSException;

    /**
     * Checks whether the security context is established.

        # Learn more...
        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}

          "instrumentation-reporting",
          "model-groovy",
          "plugins-jvm-test-fixtures",
          "plugins-jvm-test-suite",
          "reporting",
          "resources-s3",
          "signing",
          "testing-base"
        ],
        "parallelizationMethod": {
          "name": "TestDistribution"
        }
      },
      {
        "subprojects": [
          "antlr",

 * certificate.
 *
 * Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to
 * the TLS handshake and to extract the trusted CA certificate for the benefit of certificate
 * pinning.
 */
abstract class CertificateChainCleaner {
  @Throws(SSLPeerUnverifiedException::class)
  abstract fun clean(
    chain: List<Certificate>,
    hostname: String,
  ): List<Certificate>

  companion object {

tasks.withType<Sign>().configureEach { isEnabled = signArtifacts }

signing {
    useInMemoryPgpKeys(
        project.providers.environmentVariable("PGP_SIGNING_KEY").orNull,
        project.providers.environmentVariable("PGP_SIGNING_KEY_PASSPHRASE").orNull
    )
    publishing.publications.configureEach {
        if (signArtifacts) {
            signing.sign(this)
        }
    }
}

fun configureJavadocVariant() {

    // If the problem was a CertificateException from the X509TrustManager, do not retry.
    e is SSLHandshakeException && e.cause is CertificateException -> false

    // e.g. a certificate pinning error.
    e is SSLPeerUnverifiedException -> false

    // Retry for all other SSL failures.
    e is SSLException -> true

    else -> false