http.Error(w, err.Error(), http.StatusBadRequest)
			return
		}
		creds, _ := sts.Get()

		bucketNames := []string{}

		for _, bucket := range buckets {
			log.Println(fmt.Sprintf("Bucket discovered: %s", bucket.Name))
			bucketNames = append(bucketNames, bucket.Name)
		}
		response := make(map[string]interface{})
		response["credentials"] = creds
		response["buckets"] = bucketNames

        // Arrange: null reference to the interface
        SmbRenewableCredentials creds = null;

        // Act + Assert: invoking renew() on null triggers NullPointerException
        assertThrows(NullPointerException.class, () -> {
            // Intentional NPE through dereference of a null interface reference
            creds.renew();
        });
    }

    @Test

						Parent:        creds.ParentUser,
						AccessKey:     creds.AccessKey,
						SecretKey:     creds.SecretKey,
						Groups:        creds.Groups,
						Claims:        claims,
						SessionPolicy: policyJSON,
						Status:        creds.Status,
						Name:          creds.Name,
						Description:   creds.Description,
						Expiration:    &creds.Expiration,
					},
				},

func (sys *BucketTargetSys) getRemoteTargetClient(tcfg *madmin.BucketTarget) (*TargetClient, error) {
	config := tcfg.Credentials
	creds := credentials.NewStaticV4(config.AccessKey, config.SecretKey, "")

	api, err := minio.New(tcfg.Endpoint, &minio.Options{
		Creds:     creds,
		Secure:    tcfg.Secure,
		Region:    tcfg.Region,
		Transport: globalRemoteTargetTransport,
	})
	if err != nil {
		return nil, err

	if err != nil {
		log.Fatal(err)
	}

	// Uncomment this to use MinIO API operations by initializing minio
	// client with obtained credentials.

	opts := &minio.Options{
		Creds:        sts,
		BucketLookup: minio.BucketLookupAuto,
	}

	u, err := url.Parse(stsEndpoint)
	if err != nil {
		log.Fatal(err)
	}

	clnt, err := minio.New(u.Host, opts)
	if err != nil {

			Creds:           mcreds,
			Secure:          globalIsTLS,
			Transport:       tr,
			TrailingHeaders: true,
		})
	}

	// ok == true - at this point

	if ui.Credentials.IsTemp() {
		// Temporary credentials are not allowed.
		return nil, errAuthentication
	}

	return minio.New(driver.endpoint, &minio.Options{

        // Mock CIFSContext behavior
        NtlmPasswordAuthentication creds = new NtlmPasswordAuthentication(
                new BaseContext(new PropertyConfiguration(System.getProperties())), "domain", "user", "password");
        when(mockCifsContext.getCredentials()).thenReturn(creds);
        when(mockCifsContext.getConfig()).thenReturn(new PropertyConfiguration(System.getProperties()));

    private SmbTransportPoolImpl pool;

    @Mock
    private CIFSContext ctx;
    @Mock
    private Configuration config;
    @Mock
    private NameServiceClient nameSvc;
    @Mock
    private Credentials creds;
    @Mock
    private Address address;
    @Mock
    private SmbNegotiationResponse negotiationResponse;

    @BeforeEach
    void setUp() {
        // Create a fresh pool instance for each test

			continue
		}
		split := strings.SplitN(v, "=", 2)
		key := split[0]
		value := ""
		if len(split) > 1 {
			value = split[1]
		}

		// Do not send sensitive creds.
		if _, ok := sensitive[key]; ok || strings.Contains(strings.ToLower(key), "password") || strings.HasSuffix(strings.ToLower(key), "key") {
			props.MinioEnvVars[key] = "*** EXISTS, REDACTED ***"
			continue
		}

	}

	duration := time.Until(cred.Expiration)
	if duration > time.Hour || duration < time.Hour {
		// Always limit to 1 hour.
		duration = time.Hour
	}

	clnt, err := miniogo.New(host, &miniogo.Options{
		Creds:     credentials.NewStaticV4(cred.AccessKey, cred.SecretKey, cred.SessionToken),
		Secure:    secure,
		Transport: globalRemoteTargetTransport,
		Region:    globalSite.Region(),
	})
	if err != nil {