(byte) 0xFE, (byte) 0xDC, (byte) 0xBA, (byte) 0x98, (byte) 0x76, (byte) 0x54, (byte) 0x32, (byte) 0x10 };

        // Security mode with signing required
        int testSecurityMode = 0x0003; // SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED

        // SMB 3.1.1 dialect
        int testDialect = 0x0311;

        // Write to buffer

                trans.ensureConnected();
                log.warn("""
                        Default credentials (jcifs.smb.client.username/password)\
                         not specified. SMB signing may not work propertly.\
                          Skipping DC interrogation.""");
            } else {

        setField(transport, "negotiated", new Smb2NegotiateResponse(cfg));
        assertNull(transport.getServerEncryptionKey());
    }

    @Test
    @DisplayName("Signing enforced/optional adhere to flags and negotiation")
    void signingModes() throws Exception {
        // Enforced via constructor flag -> optional false, enforced true regardless of negotiation

import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;

/**
 * Test class for SMBSigningDigest interface
 * Tests the contract and behavior of signing and verification methods
 */
class SMBSigningDigestTest {

    @Mock
    private SMBSigningDigest signingDigest;

    @Mock
    private CommonServerMessageBlock request;

    @Mock

            jcifs.CIFSContext context = createDefaultContext();

            // Create transport with multi-channel specific settings
            // Multi-channel transports should use signing consistently with the main session
            boolean forceSigning = context.getConfig().isSigningEnforced();

        SMBSigningDigest dg = mock(SMBSigningDigest.class);
        setField(session, "digest", dg);
        assertFalse(session.isSignatureSetupRequired());

        // Case 2: no digest, signing enforced by transport -> true
        setField(session, "digest", null);
        when(transport.isSigningEnforced()).thenReturn(true);
        assertTrue(session.isSignatureSetupRequired());

            this.writeSizeFile = Math.min(th.getConfig().getSendBufferSize() - 70, 0xFFFF - 70);
        } else {
            log.debug("No support or SMB signing is enabled, not enabling large writes");
            this.writeSizeFile = this.writeSize;
        }

        if (log.isDebugEnabled()) {
            log.debug("Negotiated file write size is " + this.writeSizeFile);

    }
    
    public void validateRemoteAccess(long remoteAddress, int length, int remoteKey) {
        // Validate that remote memory access is authorized
        // This would integrate with SMB3 encryption/signing
        if (!isAuthorizedAccess(remoteAddress, length, remoteKey)) {
            throw new SecurityException("Unauthorized RDMA remote access");
        }
    }
    

    private int signSeq;
    private boolean verifyFailed;
    /**
     * Path associated with this SMB message.
     */
    protected String path;
    /**
     * Message signing digest for SMB1 security.
     */
    protected SMB1SigningDigest digest = null;
    private ServerMessageBlock response;

    private final Configuration config;

    private Long expiration;

- The kube-controller-manager managed signers can now have distinct signing certificates and keys.  See the help about `--cluster-signing-[signer-name]-{cert,key}-file`.  `--cluster-signing-{cert,key}-file` is still the default. ([#90822](https://github.com/kubernetes/kubernetes/pull/90822), [@deads2k](https://github.com/deads2k)) [SIG API Machinery, Apps and Auth]