}

    @Test
    @DisplayName("Test constructor with MAC signing key and bypass flag")
    void testConstructorWithBypass() {
        SMB1SigningDigest digest = new SMB1SigningDigest(testMacSigningKey, true);
        assertNotNull(digest);
        assertTrue(digest.toString().contains("MacSigningKey="));
    }

    @Test
    @DisplayName("Test constructor with MAC signing key, bypass flag and initial sequence")

    class NegotiationConstants {

        @Test
        @DisplayName("Signing enabled flag should be 0x0001")
        void testSigningEnabledFlag() {
            assertEquals(0x0001, Smb2Constants.SMB2_NEGOTIATE_SIGNING_ENABLED, "Signing enabled flag must be 0x0001");
        }

        @Test
        @DisplayName("Signing required flag should be 0x0002")
        void testSigningRequiredFlag() {

 * certificate.
 *
 * Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to
 * the TLS handshake and to extract the trusted CA certificate for the benefit of certificate
 * pinning.
 */
abstract class CertificateChainCleaner {
  @Throws(SSLPeerUnverifiedException::class)
  abstract fun clean(
    chain: List<Certificate>,
    hostname: String,
  ): List<Certificate>

  companion object {

     * Gets the session key after successful authentication
     *
     * @return the session key or null if not available
     */
    byte[] getSessionKey();

    /**
     * Gets the signing key for SMB2/3
     *
     * @return the signing key or null if not available
     */
    byte[] getSigningKey();

    /**
     * Validates authentication credentials
     *
     * @return true if credentials are valid
     */

     * @throws CIFSException if an error occurs retrieving the buffer size
     */
    int getMaximumBufferSize() throws CIFSException;

    /**
     * Checks if SMB message signing is active for this session
     * @return whether the session uses SMB signing
     * @throws CIFSException if a general CIFS error occurs
     * @throws SmbException if an SMB-specific error occurs
     */
    boolean areSignaturesActive() throws CIFSException;

     * @param name the server name or address
     * @param port the port number
     * @param exclusive whether to acquire an unshared connection
     * @param forceSigning whether to enforce SMB signing
     * @return a connected transport
     * @throws UnknownHostException if the host cannot be resolved
     * @throws IOException if an I/O error occurs
     */

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

allprojects {
    tasks.withType(JavaCompile).configureEach {
        outputs.doNotCacheIf("CodeQL scanning", { true })
    }

                            && !conn.getNegotiateResponse().isSigningRequired()) {
                        // if signing is not enforced, dont use connections that have signing enforced
                        // for purposes that dont require it.
                        if (log.isTraceEnabled()) {
                            log.debug("Cannot reuse, signing enforced on connection " + conn);
                        }
                        continue;

        language: ['java']
        # Learn more...
        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
      with:
        # We must fetch at least the immediate parents so that if this is

    // If the problem was a CertificateException from the X509TrustManager, do not retry.
    e is SSLHandshakeException && e.cause is CertificateException -> false

    // e.g. a certificate pinning error.
    e is SSLPeerUnverifiedException -> false

    // Retry for all other SSL failures.
    e is SSLException -> true

    else -> false