assertFalse(transport.isSigningEnforced());
        verify(transport).isSigningOptional();
        verify(transport).isSigningEnforced();
    }

    // Error propagation: signing checks may throw SmbException
    @Test
    @DisplayName("signing checks propagate SmbException")
    void signingChecks_throw() throws Exception {
        doThrow(new SmbException("opt error")).when(transport).isSigningOptional();

    /**
     * Indicates datagram authentication.
     */
    int NTLMSSP_NEGOTIATE_DATAGRAM_STYLE = 0x00000040;

    /**
     * Indicates that the LAN Manager session key should be used for
     * signing and sealing authenticated communication.
     */
    int NTLMSSP_NEGOTIATE_LM_KEY = 0x00000080;

    /**
     * ??? According to spec this is a reserved bit and must be set to zero
     */

        default -> getNTLMResponse(password, challenge);
        };
    }

    /**
     * Returns the signing key for SMB signing.
     *
     * @param challenge the server challenge bytes
     * @return the signing key
     * @throws SmbException if an error occurs generating the signing key
     */
    public byte[] getSigningKey(final byte[] challenge) throws SmbException {
        switch (LM_COMPATIBILITY) {

                            && !conn.getNegotiateResponse().isSigningRequired()) {
                        // if signing is not enforced, dont use connections that have signing enforced
                        // for purposes that dont require it.
                        if (log.isTraceEnabled()) {
                            log.debug("Cannot reuse, signing enforced on connection " + conn);
                        }
                        continue;

tasks.withType<Sign>().configureEach { isEnabled = signArtifacts }

signing {
    useInMemoryPgpKeys(pgpSigningKey.orNull, pgpSigningPassPhrase.orNull)
    publishing.publications.configureEach {
        if (signArtifacts) {
            signing.sign(this)
        }
    }

 * [Ok2Curl](https://github.com/mrmike/Ok2Curl): Convert OkHttp requests into curl logs.
 * [OkHttp AWS Signer](https://github.com/babbel/okhttp-aws-signer): AWS V4 signing algorithm for OkHttp requests
 * [okhttp-digest](https://github.com/rburgst/okhttp-digest): A digest authenticator for OkHttp.

    }

    @Test
    @DisplayName("Should create new connection when force signing differs")
    void testNoReuseWithDifferentSigning() throws Exception {
        // Given: An existing connection without signing enforced
        SmbTransportImpl initial = pool.getSmbTransport(ctx, address, 445, false, false);

        // Mock the negotiation response

            this.integrity = integrity;
        }

        @Override
        public byte[] getSigningKey() throws CIFSException {
            if (this.signingKey == null) {
                throw new CIFSException("signing key not available");
            }
            return this.signingKey.clone();
        }

        @Override
        public boolean isEstablished() {
            return this.established;
        }

 *
 * Certificates are signed by other certificates and a sequence of them is called a certificate
 * chain. The chain terminates in a self-signed "root" certificate. Signing certificates in the
 * middle of the chain are called "intermediates". Organizations that offer certificate signing are
 * called certificate authorities (CAs).
 *
 * Browsers and other HTTP clients need a set of trusted root certificates to authenticate their

    /**
    * Indicates datagram authentication.
    */
    int NTLMSSP_NEGOTIATE_DATAGRAM_STYLE = 0x00000040;

    /**
    * Indicates that the LAN Manager session key should be used for
    * signing and sealing authenticated communication.
    */
    int NTLMSSP_NEGOTIATE_LM_KEY = 0x00000080;

    /**
     * Indicates support for NetWare authentication.
     */
    int NTLMSSP_NEGOTIATE_NETWARE = 0x00000100;