}

        @Test
        @DisplayName("Encryption capability should be 0x40")
        void testGlobalCapEncryption() {
            assertEquals(0x40, Smb2Constants.SMB2_GLOBAL_CAP_ENCRYPTION, "Encryption capability must be 0x40");
        }

        @Test
        @DisplayName("All capability flags should be unique powers of 2")

            }
        }

        return serverKeys.toArray(new KerberosKey[0]);
    }

    /**
     * Retrieves a specific Kerberos key by key type.
     *
     * @param keyType the encryption type of the key to retrieve
     * @return the KerberosKey with the specified type, or null if not found
     */
    public KerberosKey getKey(int keyType) {
        KerberosKey serverKey = null;

	globalRefreshIAMInterval = 10 * time.Minute

	// Limit of location constraint XML for unauthenticated PUT bucket operations.
	maxLocationConstraintSize = 3 * humanize.MiByte

	// Maximum size of default bucket encryption configuration allowed
	maxBucketSSEConfigSize = 1 * humanize.MiByte

	// diskFillFraction is the fraction of a disk we allow to be filled.
	diskFillFraction = 0.99

        assertEquals(invertibleCryptographer, provider.providePrimaryInvertibleCryptographer());
        assertEquals(md5, provider.providePrimaryOneWayCryptographer());
    }

    // Test encryption and decryption functionality
    public void test_invertibleCryptography() {
        // Test that invertible cryptography works correctly

			Queries("lifecycle", "")
		// GetBucketEncryption
		router.Methods(http.MethodGet).
			HandlerFunc(s3APIMiddleware(api.GetBucketEncryptionHandler)).
			Queries("encryption", "")
		// GetBucketObjectLockConfig
		router.Methods(http.MethodGet).
			HandlerFunc(s3APIMiddleware(api.GetBucketObjectLockConfigHandler)).
			Queries("object-lock", "")
		// GetBucketReplicationConfig

        FATAL // Connection or session must be terminated
    }

    /**
     * Error categories
     */
    public enum Category {
        AUTHENTICATION, AUTHORIZATION, NETWORK, PROTOCOL, RESOURCE, CONFIGURATION, ENCRYPTION, TIMEOUT, IO, UNKNOWN
    }

    private final int errorCode;
    private final Severity severity;
    private final Category category;
    private final Map<String, Object> context;

	// expect to fail with `ErrUnsignedHeaders` because couldn't find some header
	_, errCode = extractSignedHeaders(signedHeaders, r)
	if errCode != ErrUnsignedHeaders {
		t.Fatalf("Expected the APIErrorCode to %d, but got %d", ErrUnsignedHeaders, errCode)
	}
	// set headers value through Get parameter
	inputQuery.Add("x-amz-server-side-encryption", xhttp.AmzEncryptionAES)

                    .thenThrow(new GeneralSecurityException("Decryption error"));

            PACDecodingException e = assertThrows(PACDecodingException.class, () -> new KerberosTicket(token, (byte) 0, keys));
            assertTrue(e.getMessage().startsWith("Decryption failed"));
        }
    }

    @Test

        assertEquals("", serverData.oemDomainName);
    }

    @Test
    void testReadBytesWireFormat_NoDomainName() {
        // Scenario where byteCount is only the encryption key length
        serverData.capabilities = 0;
        serverData.encryptionKeyLength = 8;
        response.byteCount = 8;

        byte[] encryptionKey = "12345678".getBytes();

    /** Whether SMB3 encryption is enabled */
    protected boolean encryptionEnabled = false;
    /** Whether SMB3 compression is enabled */
    protected boolean compressionEnabled = false;
    /** Preferred encryption ciphers in order of preference */
    protected String preferredCiphers = "AES_128_GCM,AES_128_CCM,AES_256_GCM,AES_256_CCM";
    /** Whether AES-256 encryption is enabled */