}

    private void processAces(final ACE[] aces, final boolean resolveSids) throws IOException {
        final String server = getServerWithDfs();
        int ai;

        if (resolveSids) {
            final SID[] sids = new SID[aces.length];
            final String[] names = null;

            for (ai = 0; ai < aces.length; ai++) {
                sids[ai] = aces[ai].sid;
            }

            final SecurityDescriptor desc = querySecurity(th, SecurityInfo.DACL_SECURITY_INFO);
            final ACE[] aces = desc.getAces();
            if (aces != null) {
                processAces(aces, resolveSids);
            }

            return aces;
        }
    }

    @Override
    public SID getOwnerUser() throws IOException {
        return getOwnerUser(true);

        this.ptype = 0;
        this.flags = DCERPC_FIRST_FRAG | DCERPC_LAST_FRAG;
    }

    /**
     * Returns the security descriptor of the share as an array of ACEs.
     *
     * @return an array of ACE objects representing the share's security descriptor
     * @throws IOException if there is an error retrieving the security information
     */

	}
}

// TLSCiphersBackwardCompatible returns a list of supported
// TLS transport cipher suite IDs.
//
// In contrast to TLSCiphers, the list contains additional
// ciphers for backward compatibility. In particular, AES-CBC
// and non-ECDHE ciphers.
func TLSCiphersBackwardCompatible() []uint16 {
	return []uint16{
		tls.TLS_CHACHA20_POLY1305_SHA256, // TLS 1.3
		tls.TLS_AES_128_GCM_SHA256,
		tls.TLS_AES_256_GCM_SHA384,

            this.preauthSalt = salt;

            if (config.isEncryptionEnabled()) {
                // Build cipher list based on AES-256 support
                List<Integer> ciphers = new ArrayList<>();

                // Prefer GCM over CCM for better performance
                if (config.isAES256Enabled()) {

    }

    @Test
    @DisplayName("Should support AES-256 cipher constants")
    void testAES256CipherConstants() {
        // Verify AES-256 constants are defined
        assertEquals(0x0003, Smb2EncryptionContext.CIPHER_AES_256_CCM, "AES-256-CCM constant should be defined");
        assertEquals(0x0004, Smb2EncryptionContext.CIPHER_AES_256_GCM, "AES-256-GCM constant should be defined");

	Header   http.Header
	Expected bool
}{
	{Header: http.Header{"X-Amz-Server-Side-Encryption": []string{"AES256"}}, Expected: true},                // 0
	{Header: http.Header{"X-Amz-Server-Side-Encryption": []string{"AES-256"}}, Expected: true},               // 1
	{Header: http.Header{"X-Amz-Server-Side-Encryption": []string{""}}, Expected: true},                      // 2

        }

        @Test
        @DisplayName("createEncryptionContext selects AES-CCM for SMB 3.0 and AES-GCM for SMB 3.1.1")
        void createEncryptionContext_happyDialects() throws Exception {
            byte[] sessionKey = new byte[16];
            byte[] preauth = new byte[16];

            // SMB 3.0 -> AES-128-CCM
            setField(transport, "smb2", true);

- [PRF](#prf): HMAC-SHA-256
- [AEAD](#aead): AES-256-GCM if the CPU supports AES-NI, ChaCha20-Poly1305 otherwise. More specifically AES-256-GCM is only selected for X86-64 CPUs with AES-NI extension.

kQyKGUTpDbKLuyYMFsoH73YLjBqNe+UEhPwE+FWpcky1Sp9RTx/oMLpiZaPR
-----END CERTIFICATE-----`,
		shouldFail: true,
	},
	{
		password: "foobar",
		privateKey: `-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,CC483BF11678C35F9F02A1AD85DAE285

nMDFd+Qxk1f+S7LwMitmMofNXYNbCY4L1QEqPOOx5wnjNF1wSxmEkL7+h8W4Y/vb
AQt/7TCcUSuSqEMl45nUIcCbhBos5wz+ShvFiez3qKwmR5HSURvqyN6PIJeAbU+h