NtlmPasswordAuthentication ntlm = negotiate(req, resp, false);

        if (ntlm == null) {
            return;
        }

        chain.doFilter(new NtlmHttpServletRequest(req, ntlm), response);
    }

    /**
     * Negotiate password hashes with MSIE clients using NTLM SSP
     * @param req The servlet request
     * @param resp The servlet response

        // This test is simplified to verify basic handshake behavior
        // Full NTLM handshake testing would require more complex mocking

        // Arrange - Mock a server that supports NTLM
        mockResponse(HTTP_UNAUTHORIZED, "Unauthorized", Collections.singletonMap("WWW-Authenticate", Collections.singletonList("NTLM")),
                new ByteArrayInputStream(new byte[0]));

        // Act - Trigger handshake

        NtlmPasswordAuthentication ntlm = negotiate(req, resp, false);

        if (ntlm == null) {
            return;
        }

        chain.doFilter(new NtlmHttpServletRequest(req, ntlm), response);
    }

    /**
     * Negotiate password hashes with MSIE clients using NTLM SSP
     *
     * @param req
     *            The servlet request

    static {
        String domain = System.getProperty("http.auth.ntlm.domain");
        if (domain == null) {
            domain = Type3Message.getDefaultDomain();
        }
        DEFAULT_DOMAIN = domain;
    }

    /**
     * Creates a new NTLM HTTP URL connection that wraps an existing HTTP connection.
     *
     * @param connection the HTTP connection to wrap for NTLM authentication
     */

    void createContext_forceFallback_triggersNtlmAndFailsOnNonNtlmToken() throws CIFSException {
        when(tc.getConfig()).thenReturn(config);
        when(config.isAllowNTLMFallback()).thenReturn(true);
        when(config.isUseRawNTLM()).thenReturn(false);

        // Enable NTLM fallback by providing NTLM creds in constructor

        // Should only offer NTLM, not Basic auth
        verify(response).setHeader("WWW-Authenticate", "NTLM");
        verify(response, never()).addHeader(eq("WWW-Authenticate"), eq("Basic realm=\"TestRealm\""));
    }

    @Test
    void testDoFilter_ntlmType1Message() throws Exception {
        // Test NTLM Type 1 message handling

    public boolean equals(Object obj) {
        if (obj instanceof NtlmPasswordAuthenticator ntlm) {
            String domA = ntlm.getUserDomain() != null ? ntlm.getUserDomain().toUpperCase() : null;
            String domB = this.getUserDomain() != null ? this.getUserDomain().toUpperCase() : null;
            return ntlm.type == this.type && Objects.equals(domA, domB) && ntlm.getUsername().equalsIgnoreCase(this.getUsername())

        verify(mockResponse).setHeader("WWW-Authenticate", "NTLM");
        verify(mockResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        verify(mockResponse).setContentLength(0);
        verify(mockResponse).flushBuffer();
    }

    /**
     * Test case for when the 'Authorization' header contains a Type 1 NTLM message.

                ntlm = new NtlmPasswordAuthentication(domain, user, password);
            }

            req.getSession().setAttribute("npa-" + server, ntlm);

        } else if (!credentialsSupplied) {
            if (ssn != null) {
                ntlm = (NtlmPasswordAuthentication) ssn.getAttribute("npa-" + server);
            }
            if (ntlm == null) {

        verify(response).setHeader("WWW-Authenticate", "NTLM");
        verify(response).addHeader("WWW-Authenticate", "Basic realm=\"TestRealm\"");
        verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }

    /**
     * Test the service method with a valid NTLM Authorization header.
     * Simulates a successful NTLM authentication.
     * @throws ServletException
     * @throws IOException