if (dstIndex + this.dataLength > dst.length) {
            throw new IllegalArgumentException(
                    String.format("Data exceeds buffer size ( remain buffer: %d data length: %d)", dst.length - dstIndex, this.dataLength));
        }

        System.arraycopy(this.data, this.dataOffset, dst, dstIndex, this.dataLength);
        dstIndex += this.dataLength;

        if (nonce.length == 12) {
            // For CCM cipher, pad nonce to 16 bytes with zeros
            System.arraycopy(nonce, 0, this.nonce, 0, 12);
            // Last 4 bytes remain zero-initialized
        } else if (nonce.length == 16) {
            // For GCM cipher, use full 16-byte nonce
            System.arraycopy(nonce, 0, this.nonce, 0, 16);
        } else {

    private Builder() {}

    /**
     * Sets the safe range of characters for the escaper. Characters in this range that have no
     * explicit replacement are considered 'safe' and remain unescaped in the output. If {@code
     * safeMax < safeMin} then the safe range is empty.
     *
     * @param safeMin the lowest 'safe' character
     * @param safeMax the highest 'safe' character

    client =
      client
        .newBuilder()
        // Since this test knowingly leaks a connection, avoid using the default shared connection
        // pool, which should remain clean for subsequent tests.
        .connectionPool(ConnectionPool())
        .addNetworkInterceptor(
          Interceptor { chain: Interceptor.Chain? ->
            val response =
              chain!!.proceed(

            // This is consistent with the actual implementation behavior
            // The reserved bytes remain as they were in the buffer
            for (int i = 0; i < 4; i++) {
                assertEquals((byte) 0xFF, buffer[startIndex + SOURCE_KEY_SIZE + 4 + i],
                        "Reserved byte at position " + i + " should remain unchanged");
            }
        }

        @Test

    for (int i = 0; i < 11; i++) {
      limiter.acquire(); // #7, showing off the warmup starting from totally cold
    }

    // make sure the areas (times) remain the same, while permits are different
    assertEvents(
        "R0.00, R1.38, R1.13, R0.88, R0.63, R0.50, R0.50, R0.50", // #1
        "U4.50", // #2
        "R0.00, R1.38, R1.13", // #3, after that the rate changes

    for (int i = 0; i < 11; i++) {
      limiter.acquire(); // #7, showing off the warmup starting from totally cold
    }

    // make sure the areas (times) remain the same, while permits are different
    assertEvents(
        "R0.00, R1.38, R1.13, R0.88, R0.63, R0.50, R0.50, R0.50", // #1
        "U4.50", // #2
        "R0.00, R1.38, R1.13", // #3, after that the rate changes

  /**
   * Returns a new {@code MutableClassToInstanceMap} instance backed by a given empty {@code
   * backingMap}. The caller surrenders control of the backing map, and thus should not allow any
   * direct references to it to remain accessible.
   */
  public static <B extends @Nullable Object> MutableClassToInstanceMap<B> create(
      Map<Class<? extends @NonNull B>, B> backingMap) {
    return new MutableClassToInstanceMap<>(backingMap);
  }

        authenticator.secureWipePassword();
        authenticator.secureWipePassword();
        authenticator.secureWipePassword();

        assertNull(authenticator.getPassword(), "Password should remain null after multiple wipes");
    }

        // After refresh, may succeed or fail depending on JAAS configuration
        // Just verify that refresh doesn't break the authenticator
        assertNotNull(auth, "Authenticator should remain usable after refresh");
    }

    @Test
    @DisplayName("handle: sets NameCallback and PasswordCallback on happy path")
    void testHandleSetsNameAndPasswordHappyPath() throws Exception {