assertTrue(context.isEstablished());
        assertArrayEquals(serverChallenge, context.getServerChallenge());
        // Signing key may or may not be generated depending on flags negotiation
        // The context negotiates flags with server, so we can't guarantee signing key
    }

    @Test
    void testInitSecContext_state2_withoutSigning() throws Exception {

    @DisplayName("Test isSigningEnforced returns true when signing is enforced")
    void testIsSigningEnforcedReturnsTrue() {
        // Given
        when(negotiationRequest.isSigningEnforced()).thenReturn(true);

        // When
        boolean result = negotiationRequest.isSigningEnforced();

        // Then
        assertTrue(result, "isSigningEnforced should return true when signing is enforced");

Use [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/) to restrict which certificates and certificate authorities are trusted. Certificate pinning increases security, but limits your server team’s abilities to update their TLS certificates. **Do not use certificate pinning without the blessing of your server’s TLS administrator!**

=== ":material-language-kotlin: Kotlin"
    ```kotlin
      private val client = OkHttpClient.Builder()

     * @return the server challenge bytes
     */
    public byte[] getServerChallenge() {
        return serverChallenge;
    }

    /**
     * Gets the signing key for message authentication.
     * @return the signing key bytes
     */
    public byte[] getSigningKey() {
        return signingKey;
    }

    /**
     * Gets the NetBIOS name of the remote server.

    /**
     * Checks if message signing is supported but not mandatory.
     *
     * @return whether signatures are supported but not required
     * @throws SmbException if an error occurs checking signing status
     */
    boolean isSigningOptional() throws SmbException;

    /**
     * Checks if message signing is mandatory for this connection.
     *

    }

    /**
     * Test that signing is properly configured
     */
    @Test
    public void testSigningConfiguration() throws CIFSException {
        BaseConfiguration config = new BaseConfiguration(true);

        // Verify IPC signing is enforced (this is a security requirement)
        assertTrue("IPC signing should be enforced for security", config.isIpcSigningEnforced());
    }

* fix nil dereference when doing a volume type check on persistent volumes ([#39529](https://github.com/kubernetes/kubernetes/pull/39529), [@sjenning](https://github.com/sjenning))
* Generate OpenAPI definition for inlined types ([#39466](https://github.com/kubernetes/kubernetes/pull/39466), [@mbohlool](https://github.com/mbohlool))

package jcifs.internal;

/**
 * Interface for SMB message signing and verification operations.
 * Provides cryptographic signing capabilities for SMB protocol messages to ensure
 * message integrity and authenticity using MAC (Message Authentication Code) algorithms.
 *
 * @author mbechler
 */
public interface SMBSigningDigest {

    /**
     * Performs MAC signing of the SMB. This is done as follows.

        assertFalse(result);
        verify(negotiationResponse).canReuse(null, false);
    }

    @Test
    @DisplayName("Test signing state combinations")
    void testSigningStateCombinations() {
        // Test all combinations of signing states

        // Signing disabled
        when(negotiationResponse.isSigningEnabled()).thenReturn(false);
        when(negotiationResponse.isSigningRequired()).thenReturn(false);

 * operations during SMB authentication.
 *
 * @author mbechler
 */
public interface SSPContext {

    /**
     * Gets the signing key for the session.
     * @return the signing key for the session
     * @throws CIFSException if an error occurs retrieving the signing key
     */
    byte[] getSigningKey() throws CIFSException;

    /**
     * Checks whether the security context is established.