}

    @Test
    @DisplayName("Test log encryption")
    void testLogEncryption() {
        logger.logEncryption(true, "AES-128-GCM", "SMB3.1.1");

        Map<EventType, Long> stats = logger.getStatistics();
        assertEquals(Long.valueOf(1), stats.get(EventType.ENCRYPTION_ENABLED), "Should have 1 encryption event");
    }

    @Test
    @DisplayName("Test log security violation")

     * negotiation, SMB encryption is not implemented yet.
     *
     * @return whether SMB encryption is enabled
     * @since 2.1
     */
    boolean isEncryptionEnabled();

    /**
     * Property {@code jcifs.smb.client.preferredCiphers} (string, default "AES_128_GCM,AES_128_CCM,AES_256_GCM,AES_256_CCM")
     *
     * @return preferred encryption cipher list in order of preference for SMB3 encryption

 */

package jcifs.dcerpc;

import jcifs.dcerpc.ndr.NdrBuffer;

/**
 * Interface for providing security services for DCE/RPC communications.
 * This interface abstracts authentication and encryption mechanisms.
 */
public interface DcerpcSecurityProvider {

    /**
     * Wraps outgoing DCERPC message data for security protection
     * @param outgoing the buffer containing data to be wrapped

        // Then
        assertNotNull(responseWithNull);
    }

    @Test
    @DisplayName("Should test encryption flag detection")
    void testEncryptionFlagDetection() throws SMBProtocolDecodingException {
        // Given - response with encryption flag set
        byte[] buffer = createValidResponseBuffer(0, 0x8000, 0, 0);

        // When
        response.readBytesWireFormat(buffer, 0);

    /**
     * Server supports directory leasing
     */
    public static final int SMB2_GLOBAL_CAP_DIRECTORY_LEASING = 0x20;

    /**
     * Server supports SMB3 encryption
     */
    public static final int SMB2_GLOBAL_CAP_ENCRYPTION = 0x40;

    /**
     * File information class
     */
    public static final byte SMB2_0_INFO_FILE = 1;

    /**

      get() =
        when {
          message == "adding as trusted certificates" -> Type.Setup
          message == "Raw read" || message == "Raw write" -> Type.Encrypted
          message == "Plaintext before ENCRYPTION" || message == "Plaintext after DECRYPTION" -> Type.Plaintext
          message.startsWith("System property ") -> Type.Setup
          message.startsWith("Reload ") -> Type.Setup

        assertEquals("", serverData.oemDomainName);
    }

    @Test
    void testReadBytesWireFormat_NoDomainName() {
        // Scenario where byteCount is only the encryption key length
        serverData.capabilities = 0;
        serverData.encryptionKeyLength = 8;
        response.byteCount = 8;

        byte[] encryptionKey = "12345678".getBytes();

    }

    /**
     * Derives the SMB3 encryption key from the session key using the appropriate KDF for the dialect.
     *
     * @param dialect the SMB dialect version
     * @param sessionKey the base session key
     * @param preauthIntegrity the pre-authentication integrity hash (for SMB 3.1.1) or null
     * @return derived encryption key
     */

    /**
     * Session flag indicating this is a null/anonymous session
     */
    public static final int SMB2_SESSION_FLAGS_IS_NULL = 0x2;

    /**
     * Session flag indicating data encryption is required for this session
     */
    public static final int SMB2_SESSION_FLAG_ENCRYPT_DATA = 0x4;

    private int sessionFlags;
    private byte[] blob;

    /**

    /**
     * Share flag indicating that hash generation V2 is enabled for this share.
     */
    public static final int SMB2_SHAREFLAG_ENABLE_HASH_V2 = 0x4000;
    /**
     * Share flag indicating that encryption is required for this share.
     */
    public static final int SMB2_SHAREFLAG_ENCRYPT_DATA = 0x8000;
    /**
     * Share capability indicating DFS support.
     */