// Then
        assertNotNull(signingKey, "Signing key should not be null");
        assertEquals(16, signingKey.length, "Signing key should be 16 bytes");
        assertFalse(Arrays.equals(sessionKey, signingKey), "Signing key should be different from session key");
    }

    @Test
    @DisplayName("Should derive signing key for SMB 3.1.1 dialect")
    void testDeriveSigningKey_SMB311() {
        // Given

import jcifs.internal.SMBSigningDigest;
import jcifs.internal.util.SMBUtil;
import jcifs.util.Crypto;

/**
 * SMB2/SMB3 message signing digest implementation.
 *
 * This class handles cryptographic signing of SMB2/SMB3 messages to ensure
 * message integrity and authenticity. It supports different signing algorithms
 * used in various SMB2/SMB3 dialect versions.
 *
 * @author mbechler
 */

//
// Scanning stops if the function returns an error, in which case some of
// the input may be discarded. If that error is [ErrFinalToken], scanning
// stops with no error. A non-nil token delivered with [ErrFinalToken]
// will be the last token, and a nil token with [ErrFinalToken]
// immediately stops the scanning.
//
// Otherwise, the [Scanner] advances the input. If the token is not nil,

    private boolean bypass = false;
    private int updates;
    private int signSequence;

    /**
     * Constructs a new signing digest with the specified MAC signing key.
     *
     * @param macSigningKey the MAC signing key for message authentication
     * @param bypass whether to bypass MAC signing
     * @throws SmbException if MD5 algorithm is not available
     */

        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
        with:

 * with the server, including security requirements like message signing.
 *
 * @author mbechler
 */
public interface SmbNegotiationRequest {

    /**
     * Checks whether SMB message signing is enforced by the client.
     *
     * @return whether SMB signing is enforced
     */
    boolean isSigningEnforced();

    }

    /**
     * Constructs a signing digest with bypass option and initial sequence number
     *
     * @param macSigningKey
     *            The MAC signing key used for generating signatures
     * @param bypass
     *            Whether to bypass signature verification
     * @param initialSequence
     *            The initial sequence number for signing
     */

    @DisplayName("Test isSigningEnforced returns true when signing is enforced")
    void testIsSigningEnforcedReturnsTrue() {
        // Given
        when(negotiationRequest.isSigningEnforced()).thenReturn(true);

        // When
        boolean result = negotiationRequest.isSigningEnforced();

        // Then
        assertTrue(result, "isSigningEnforced should return true when signing is enforced");

name: "Code scanning - action"

on:
  push:
    branches: [ main, master, release ]
  schedule:
    - cron: '0 5 * * *'

permissions: {}

jobs:
  CodeQL-Build:
    permissions:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/analyze to upload SARIF results
    runs-on: ubuntu-latest

package jcifs.internal;

/**
 * Interface for SMB message signing and verification operations.
 * Provides cryptographic signing capabilities for SMB protocol messages to ensure
 * message integrity and authenticity using MAC (Message Authentication Code) algorithms.
 *
 * @author mbechler
 */
public interface SMBSigningDigest {

    /**
     * Performs MAC signing of the SMB. This is done as follows.