log.error("Failed to update pre-auth integrity hash", e);
                // Reset hash on error to maintain integrity
                resetPreauthHash();
                throw new CIFSException("Pre-authentication integrity hash update failed", e);
            }
        }
    }

    /**
     * Reset the pre-authentication integrity hash to initial state.

        this.sessionKey = sessionKey;
    }

    /**
     * Returns the message integrity code (MIC) for this Type-3 message.
     *
     * @return A <code>byte[]</code> containing the message integrity code.
     */
    public byte[] getMic() {
        return this.mic;
    }

    /**
     * Sets the message integrity code (MIC) for this Type-3 message.
     *
     * @param mic

        // Verify the collaborator is invoked exactly N times
        verify(handler, times(WinError.WINERR_CODES.length)).handle(anyInt(), anyString());

        // Capture one known interaction to verify argument integrity
        ArgumentCaptor<Integer> codeCap = ArgumentCaptor.forClass(Integer.class);
        ArgumentCaptor<String> msgCap = ArgumentCaptor.forClass(String.class);

     * the server.
     */
    int NTLMSSP_REQUEST_TARGET = 0x00000004;

    /**
     * Specifies that communication across the authenticated channel
     * should carry a digital signature (message integrity).
     */
    int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

    /**
     * Specifies that communication across the authenticated channel
     * should be encrypted (message confidentiality).
     */

    * the server.
    */
    int NTLMSSP_REQUEST_TARGET = 0x00000004;

    /**
    * Specifies that communication across the authenticated channel
    * should carry a digital signature (message integrity).
    */
    int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

    /**
    * Specifies that communication across the authenticated channel
    * should be encrypted (message confidentiality).
    */

     * @return the PAC credential type
     */
    public PacCredentialType getCredentialType() {
        return this.credentialType;
    }

    /**
     * Returns the server signature used to validate PAC integrity.
     * @return the server signature
     */
    public PacSignature getServerSignature() {
        return this.serverSignature;
    }

    /**

     * @param decryptionKey
     *            key for server->client decryption
     * @param sessionKey
     *            base session key for key rotation
     * @param preauthHash
     *            preauth integrity hash for SMB 3.1.1
     */
    public Smb2EncryptionContext(final int cipherId, final DialectVersion dialect, final byte[] encryptionKey, final byte[] decryptionKey,

     *
     * @return the negotiateContexts
     */
    public NegotiateContextRequest[] getNegotiateContexts() {
        return this.negotiateContexts;
    }

    /**
     * Gets the pre-authentication integrity salt for SMB 3.1.1.
     *
     * @return the preauthSalt
     */
    public byte[] getPreauthSalt() {
        return this.preauthSalt;
    }

    /**
     * {@inheritDoc}
     *

    Configuration config;

    @Mock
    SSPContext mechContext;

    private ASN1ObjectIdentifier[] mechs;

    @BeforeEach
    void setup() {
        // Default: do not enforce or disable SPNEGO integrity
        when(this.config.isEnforceSpnegoIntegrity()).thenReturn(false);
        when(this.config.isDisableSpnegoIntegrity()).thenReturn(false);
        this.mechs = new ASN1ObjectIdentifier[] { new ASN1ObjectIdentifier("1.2.3.4") };

        assertNotNull(request.getClientGuid());
        assertNotNull(request.getNegotiateContexts());
        assertNotNull(request.getPreauthSalt());

        // Verify data integrity
        assertEquals(16, request.getClientGuid().length);
        assertEquals(32, request.getPreauthSalt().length);
        assertTrue(request.getDialects().length > 0);