val isMasked = b1 and B1_FLAG_MASK != 0
    if (isMasked == isClient) {
      // Masked payloads must be read on the server. Unmasked payloads must be read on the client.
      throw ProtocolException(
        if (isClient) {
          "Server-sent frames must not be masked."
        } else {
          "Client-sent frames must be masked."
        },
      )
    }

                masked.put(entry.getKey(), "****");
            } else if (value instanceof String) {
                masked.put(entry.getKey(), maskSensitiveData((String) value));
            } else {
                masked.put(entry.getKey(), value);
            }
        }

        return masked;
    }

    private String maskUsername(String username) {

    /**
     * The small integer value (0-255)
     */
    public int value;

    /**
     * Constructs an NdrSmall with the specified value
     * @param value the small integer value (will be masked to 0-255 range)
     */
    public NdrSmall(final int value) {
        this.value = value & 0xFF;
    }

    @Override
    public void encode(final NdrBuffer dst) throws NdrException {

            });
        }
        return itemList;
    }

    /**
     * Checks if a property value should be masked for security reasons.
     *
     * @param key the property key to check
     * @return true if the value should be masked, false otherwise
     */
    protected static boolean isMaskedValue(final String key) {
        return "http.proxy.password".equals(key) //

    /**
     * The small integer value (0-255)
     */
    public int value;

    /**
     * Constructs an NdrSmall with the specified value
     * @param value the small integer value (will be masked to 0-255 range)
     */
    public NdrSmall(final int value) {
        this.value = value & 0xFF;
    }

    @Override
    public void encode(final NdrBuffer dst) throws NdrException {

    }

    /**
     * Masks sensitive values in a string for security purposes.
     *
     * @param value the string potentially containing sensitive information
     * @return the string with sensitive parts masked, or the original string if masking is disabled
     */
    public static String maskSecretValue(final String value) {
        if (MASK_SECRET_VALUE && value != null) {

        .isEqualTo("Client-sent frames must be masked.")
    }
  }

  @Test fun serverSentFramesMustNotBeMasked() {
    data.write("8180".decodeHex())
    assertFailsWith<ProtocolException> {
      clientReader.processNextFrame()
    }.also { expected ->
      assertThat(expected.message)
        .isEqualTo("Server-sent frames must not be masked.")
    }
  }

  @Test fun controlFramePayloadMax() {

  internal const val B0_MASK_OPCODE = 15

  /** Flag in the opcode which indicates a control frame. */
  internal const val OPCODE_FLAG_CONTROL = 8

  /**
   * Byte 1 flag for whether the payload data is masked.
   *
   * If this flag is set, the next four
   * bytes represent the mask key. These bytes appear after any additional bytes specified by [B1_MASK_LENGTH].
   */
  internal const val B1_FLAG_MASK = 128

  /**

    client.webSocket!!.close(1000, "Hello")
    server.processNextFrame()
    // Not closed until close reply is received.
    assertThat(client.closed).isFalse()

    // Manually write an invalid masked close frame.
    server.sink.write("888760b420bb635c68de0cd84f".decodeHex()).emit()
    client.processNextFrame() // Detects error, disconnects immediately since close already sent.
    client.webSocket!!.finishReader()

    #   o environmentMap: map of environment files, the value is dir path (NotRequired)
    #   o diffIgnoredKeyList: list of ignored keys for differences (NotRequired)
    #   o maskedKeyList: list of masked keys for security (NotRequired)
    #   o isEnvOnlyFloatLeft: is it environment only? (and show as float-left?) (NotRequired)
    #   o extendsPropRequest: other request name of exnteds-properties (NotRequired)