dynamicThresholdEnabled, backpressureEnabled);
    }

    /**
     * Execute an operation with circuit breaker protection
     *
     * @param <T> return type
     * @param operation the operation to execute
     * @return operation result
     * @throws CIFSException if circuit is open or operation fails
     */

 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */
public class SecureCredentialStorage implements AutoCloseable, Destroyable {

    private static final Logger log = LoggerFactory.getLogger(SecureCredentialStorage.class);

                .orElse(false);
    }

    /**
     * Masks email addresses in the input string for privacy protection.
     *
     * @param value the string that may contain email addresses
     * @return string with email addresses replaced by masked pattern
     */
    public static String maskEmail(final String value) {

     */
    protected int max_recv = max_xmit;
    /**
     * The current state of the DCERPC connection
     */
    protected int state = 0;
    /**
     * The security provider for authentication and message protection
     */
    protected DcerpcSecurityProvider securityProvider = null;
    private static int call_id = 1;

    /**
     * Gets a DCERPC handle for the specified URL and authentication

        int written = request.writeBytesWireFormat(buffer, 0);

        assertEquals(24, written);
        assertEquals(24, SMBUtil.readInt2(buffer, 0));
    }

    @Test
    @DisplayName("Test buffer overflow protection")
    void testBufferOverflowProtection() {
        byte[] smallBuffer = new byte[23]; // One byte too small

        // Should throw ArrayIndexOutOfBoundsException

            buf.setIndex(0);
            this.securityProvider.wrap(buf);
        }
        return buf;
    }

    /**
     * Sets the DCERPC security provider for authentication and message protection
     * @param securityProvider the security provider to use for DCERPC authentication
     */
    public void setDcerpcSecurityProvider(final DcerpcSecurityProvider securityProvider) {

            assertThrows(ArrayIndexOutOfBoundsException.class, () -> request.writeBytesWireFormat(buffer, 0));
        }

        @Test
        @DisplayName("Should handle buffer overflow protection")
        void testBufferOverflowProtection() {
            Smb2Lock[] locks = new Smb2Lock[] { new Smb2Lock(0L, 100L, Smb2Lock.SMB2_LOCKFLAG_EXCLUSIVE_LOCK),

        int written = request.writeBytesWireFormat(buffer, 0);

        assertEquals(24, written);
        assertEquals(24, SMBUtil.readInt2(buffer, 0));
    }

    @Test
    @DisplayName("Test buffer overflow protection")
    void testBufferOverflowProtection() {
        byte[] smallBuffer = new byte[23]; // One byte too small

        // Should throw ArrayIndexOutOfBoundsException

            // Verify structure integrity with maximum values
            assertEquals(49, SMBUtil.readInt2(buffer, 0));
        }

        @Test
        @DisplayName("Should handle buffer overflow protection")
        void testBufferOverflowProtection() {
            request.setReadLength(65536);

            byte[] smallBuffer = new byte[48]; // Smaller than required 49 bytes

    /**
     * Enforce secure negotiation
     *
     * Property {@code jcifs.smb.client.requireSecureNegotiate} (boolean, default true)
     *
     * This does not provide any actual downgrade protection if SMB1 is allowed.
     *
     * It will also break connections with SMB2 servers that do not properly sign error responses.
     *
     * @return whether to enforce the use of secure negotiation.
     */