*
     * @param transport the SMB transport for this signing context
     * @param auth the NTLM password authentication credentials
     * @throws SmbException if MD5 algorithm is not available or key generation fails
     */
    public SigningDigest(final SmbTransport transport, final NtlmPasswordAuthentication auth) throws SmbException {
        try {
            digest = MessageDigest.getInstance("MD5");

    }

    @AfterEach
    public void tearDown() {
        if (preauthService != null) {
            preauthService.cleanup();
        }
    }

    @Test
    @DisplayName("Test preauth salt generation")
    public void testPreauthSaltGeneration() {
        byte[] salt1 = preauthService.generatePreauthSalt();
        byte[] salt2 = preauthService.generatePreauthSalt();

        assertNotNull(salt1);

        char[] passwordAfter = (char[]) passwordField.get(authenticator);
        assertNull(passwordAfter, "Password should be null after wipe");
    }

    @Test
    @DisplayName("Test session ID generation")
    void testSessionIdGeneration() throws Exception {
        authenticator = new NtlmPasswordAuthenticator("DOMAIN", "username", "password");

        // Get the sessionId field using reflection

        when(mockConfig.getRandom()).thenReturn(mockRandom);
        when(mockContext.getConfig()).thenReturn(mockConfig);

        // Mock random for predictable salt generation
        doAnswer(invocation -> {
            byte[] buffer = invocation.getArgument(0);
            System.arraycopy(testSalt, 0, buffer, 0, Math.min(buffer.length, testSalt.length));
            return null;

      assertThat(allowedByCompactTable).isEqualTo(allowedByTable)
      assertThat(compactTableMappedTo).isEqualTo(tableMappedTo)
    }
  }

  /** Confirm we didn't corrupt any data in code generation. */
  @Test fun compareConstructedAndGeneratedCompactTables() {
    assertThat(IDNA_MAPPING_TABLE.sections).isEqualTo(compactTable.sections)
    assertThat(IDNA_MAPPING_TABLE.ranges).isEqualTo(compactTable.ranges)

- kube-controller-manager currently needs a writable `--cert-dir` (default is `/var/run/kubernetes`) for generating self-signed certificates, when no `--tls-cert-file` or `--tls-private-key-file` are provided.

### Software Supply Chain SLSA Level 1 Compliance in the Kubernetes Release Process

Kubernetes releases are now generating provenance attestation files describing the staging and release phases of the release process and artifacts are verified as they are handed over from one phase to the next.

        metrics.put("rotationTimeLimit", keyRotationTimeLimit);
        return metrics;
    }

    /**
     * Generate a unique nonce for encryption following SMB3 specification.
     * Uses SMB3-compliant nonce generation with guaranteed uniqueness.
     *
     * @return nonce appropriate for the dialect (16 bytes for GCM, 12 bytes for CCM)
     */
    public byte[] generateNonce() {

 * </p>
 * <ul>
 * <li>Thread-safe cipher pooling using {@link ConcurrentLinkedQueue}</li>
 * <li>Configurable encryption algorithms (default: Blowfish)</li>
 * <li>Proper charset handling for key generation (UTF-8 by default)</li>
 * <li>Base64 encoding for text operations</li>
 * </ul>
 * <p>
 * <strong>Security Considerations:</strong>
 * </p>
 * <ul>

   */
  private static final long UNEXPECTED_HANG_DELAY_MILLIS = 10000;

  /**
   * Various scenarios to be generated for each method under test. The actual scenario generation
   * (determining which scenarios are applicable to which methods and what the outcome should be)
   * takes place in {@link #addTests(TestSuite, Method)}.
   */
  private enum Scenario {