}

    @Test
    @DisplayName("Should create new connection when force signing differs")
    void testNoReuseWithDifferentSigning() throws Exception {
        // Given: An existing connection without signing enforced
        SmbTransportImpl initial = pool.getSmbTransport(ctx, address, 445, false, false);

        // Mock the negotiation response

                            transport.digest = request.digest;
                        }

                        connectionState = 2;

                        state = 0;

                        break;
                    case 20:
                        if (nctx == null) {

                if (request.getDigest() != null) {
                    /* success - install the signing digest */
                    setDigest(request.getDigest());
                } else if (!anonymous && isSignatureSetupRequired()) {
                    throw new SmbException("Signing required but no session key available");
                }

                setSessionSetup(response);

     * @param initialToken initial authentication token, if any
     * @param doSigning whether message signing should be enabled
     * @return a new SSP authentication context
     * @throws SmbException if context creation fails
     */
    SSPContext createContext(CIFSContext tc, String targetDomain, String host, byte[] initialToken, boolean doSigning) throws SmbException;

    /**

            verify(transportPool).getSmbTransport(context, TEST_HOST, DEFAULT_PORT, true, false);
        }

        @Test
        @DisplayName("Should get transport by name with forced signing")
        void testGetSmbTransportByNameForceSigning() throws UnknownHostException, IOException {
            // Given

    private Smb3KeyDerivation() {
    }

    /**
     * Derives the SMB3 signing key from the session key using the appropriate KDF for the dialect.
     *
     * @param dialect the SMB dialect version
     * @param sessionKey the base session key
     * @param preauthIntegrity the pre-authentication integrity hash (for SMB 3.1.1) or null
     * @return derived signing key
     */

    }

    @Test
    @DisplayName("Should fail validation when signing enforced but not enabled")
    void testIsValidSigningEnforcedButNotEnabled() throws Exception {
        // Given
        setResponseAsReceived(response);
        when(mockRequest.isSigningEnforced()).thenReturn(true);
        setPrivateField(response, "securityMode", 0); // No signing

        // When

    /**
     * Determines whether this session is currently in use.
     *
     * @return whether the session is in use
     */
    boolean isInUse();

    /**
     * Returns the current session key used for signing and encryption.
     *
     * @return the current session key
     * @throws CIFSException if the session key cannot be retrieved
     */
    byte[] getSessionKey() throws CIFSException;

    /**

        assertTrue(encryptionEnabled, "Should delegate encryption setting");
        assertFalse(signingPreferred, "Should delegate signing preferred setting");
        assertTrue(signingEnforced, "Should delegate signing enforced setting");
        assertTrue(ipcSigningEnforced, "Should delegate IPC signing enforced setting");
        assertTrue(firstExtendedSecurityCall, "First call should return true");

                if (b != 0) {
                    allZero = false;
                    break;
                }
            }
            assertFalse(allZero, "Signature should not be all zeros after signing");
        }

        @Test
        @DisplayName("Should set SMB2_FLAGS_SIGNED flag")
        void testSignSetsSignedFlag() {
            // Set initial flags without signed flag