return psv, ErrInvalidQuerySignatureAlgo
	}

	// Initialize signature version '4' structured header.
	preSignV4Values := preSignValues{}

	// Save credential.
	preSignV4Values.Credential, aec = parseCredentialHeader("Credential="+query.Get(xhttp.AmzCredential), region, stype)
	if aec != ErrNone {
		return psv, aec
	}

	var e error
	// Save date in native time.Time.

 *
 * ```java
 * if (response.request().header("Authorization") != null) {
 *   return null; // Give up, we've already failed to authenticate.
 * }
 *
 * String credential = Credentials.basic(...)
 * return response.request().newBuilder()
 *     .header("Authorization", credential)
 *     .build();
 * ```
 *
 * When reactive authentication is requested by a proxy server, the response code is 407 and the

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.base.login;

import org.lastaflute.web.login.credential.LoginCredential;

/**
 * SPNEGO authentication credential implementation.
 *
 * This class represents login credentials obtained through SPNEGO (Security Provider
 * Negotiation Protocol) authentication. It contains the username extracted from the

    responses += response
    routes += route
    if (!schemeMatches(response) || credential == null) return null
    val header =
      when (response.code) {
        407 -> "Proxy-Authorization"
        else -> "Authorization"
      }
    return response.request
      .newBuilder()
      .addHeader(header, credential)
      .build()
  }

  private fun schemeMatches(response: Response): Boolean {

import org.codelibs.fess.util.ComponentUtil;
import org.lastaflute.web.login.credential.LoginCredential;

import com.microsoft.aad.msal4j.IAccount;
import com.microsoft.aad.msal4j.IAuthenticationResult;

/**
 * Microsoft Entra ID credential implementation for Fess authentication.
 * Provides login credential functionality using Entra ID authentication results.
 */

        Set<Object> serverPrivateCredentials = this.subject.getPrivateCredentials();
        for (Object credential : serverPrivateCredentials) {
            if (credential instanceof KerberosKey) {
                if (((KerberosKey) credential).getKeyType() == keyType) {
                    serverKey = (KerberosKey) credential;
                }
            }
        }

        return serverKey;
    }

    /**

    private static final int MINIMAL_BUFFER_SIZE = 32;

    private final byte[] credentialType;

    /**
     * Constructs a PAC credential type from raw data.
     * @param data the raw credential type data
     * @throws PACDecodingException if the credential type data is invalid
     */
    public PacCredentialType(final byte[] data) throws PACDecodingException {
        this.credentialType = data;

 */
package jcifs;

/**
 * Interface for opaque credential data
 *
 * @author mbechler
 *
 */
public interface Credentials {

    /**
     * Unwrap credentials to a specific type.
     *
     * @param <T> the credential type to unwrap to
     * @param type the class of the credential type to unwrap to
     * @return instance for type, null if the type cannot be unwrapped
     */

	}

	if conf.IsSPEnabled() {
		credential, err := azidentity.NewClientSecretCredential(conf.SPAuth.TenantID, conf.SPAuth.ClientID, conf.SPAuth.ClientSecret, &azidentity.ClientSecretCredentialOptions{})
		if err != nil {
			return nil, err
		}
		return azblob.NewClient(ep, credential, &azblob.ClientOptions{})
	}
	credential, err := azblob.NewSharedKeyCredential(conf.AccountName, conf.AccountKey)

        val credentialHeader = if (proxyAuthorization) "Proxy-Authorization" else "Authorization"
        val credential =
          Credentials.basic(
            auth.userName,
            String(auth.password),
            challenge.charset,
          )
        return request
          .newBuilder()
          .header(credentialHeader, credential)
          .build()
      }
    }

    return null // No challenges were satisfied!
  }