@Test
    @DisplayName("Test session finalization")
    public void testSessionFinalization() throws CIFSException {
        String sessionId = "test-session-4";
        byte[] salt = preauthService.generatePreauthSalt();

        preauthService.initializeSession(sessionId, salt, PreauthIntegrityService.HASH_ALGO_SHA512);
        assertNotNull(preauthService.getCurrentPreauthHash(sessionId));

        List<Toolchain> toolchains = toolchainManager.getToolchains(session, "rare", null);

        assertEquals(1, toolchains.size());
    }

    @Test
    void testModelsAndFactory() {
        MavenSession session = mock(MavenSession.class);
        Session sessionv4 = mock(Session.class);
        when(session.getSession()).thenReturn(sessionv4);
        when(sessionv4.getToolchains())
                .thenReturn(List.of(

        PreauthIntegrityContext context = sessionContexts.get(sessionId);
        if (context == null) {
            if (enforceIntegrity) {
                throw new CIFSException("No preauth integrity context found for session: " + sessionId);
            }
            log.warn("No preauth integrity context for session {}, skipping validation", sessionId);

     *
     * @param sessionId the ID of the session for which the URLs should be excluded
     * @param urlList the list of URLs to be excluded
     */
    void addExcludeUrlFilter(String sessionId, List<String> urlList);

    /**
     * Deletes the URL filter associated with the specified session ID.
     *
     * @param sessionId the ID of the session whose URL filter is to be deleted
     */

     */
    @Override
    public void delete(final String sessionId) {
        deleteBySessionId(sessionId);
        includeFilterCache.invalidate(sessionId);
        excludeFilterCache.invalidate(sessionId);
    }

    /**
     * Gets the list of include URL patterns for the specified session.
     *
     * @param sessionId The session ID.
     * @return The list of compiled include patterns.

        assertArrayEquals(testKey, rawKey2, "Should still match original");
    }

    @Test
    public void testRemoveSessionKey() {
        String sessionId = "test-session-3";
        keyManager.storeSessionKey(sessionId, testKey, "AES");

        assertTrue(keyManager.hasSessionKey(sessionId), "Key should exist");

        keyManager.removeSessionKey(sessionId);

    // Force reuse. This appears flaky (30% of the time) even though sessions are reused.
    // javax.net.ssl.SSLHandshakeException: No new session is allowed and no existing
    // session can be resumed
    //
    // Report https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8264944
    // Sessions improvement https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8245576

     *
     * @param sessionId The session ID.
     */
    @Override
    public void delete(final String sessionId) {
        deleteBySessionId(sessionId);
    }

    /**
     * Gets an access result by session ID and URL.
     *
     * @param sessionId The session ID.
     * @param url The URL.
     * @return The access result, or null if not found.
     */
    @Override

    /**
     * Returns the count of access results for the given session ID.
     *
     * @param sessionId the session ID
     * @return the count of access results
     */
    int getCount(String sessionId);

    /**
     * Deletes access results for the given session ID.
     *
     * @param sessionId the session ID
     */
    void delete(String sessionId);

    /**
     * Deletes all access results.
     */

    /**
     * Test multiple initializations with same session ID
     */
    public void test_multipleInit_sameSessionId() {
        String sessionId = "test-session-017";

        // First initialization
        urlFilter.init(sessionId);
        urlFilter.addInclude("https://first.com/.*");

        // Second initialization with same session ID
        urlFilter.init(sessionId);