protected static final String SPNEGO_LOGIN_CONF = "spnego.login.conf";

    /** Configuration key for SPNEGO logger level. */
    protected static final String SPNEGO_LOGGER_LEVEL = "spnego.logger.level";

    /** The underlying SPNEGO authenticator instance. */
    protected org.codelibs.spnego.SpnegoAuthenticator authenticator = null;

    /**
     * Constructs a new SPNEGO authenticator.
     */

        // SPNEGO
        fessConfig.setSystemProperty("spnego.krb5.conf", form.spnegoKrb5Conf);
        fessConfig.setSystemProperty("spnego.login.conf", form.spnegoLoginConf);
        fessConfig.setSystemProperty("spnego.login.client.module", form.spnegoLoginClientModule);
        fessConfig.setSystemProperty("spnego.login.server.module", form.spnegoLoginServerModule);

import org.slf4j.LoggerFactory;

import jcifs.CIFSException;
import jcifs.Configuration;
import jcifs.spnego.NegTokenInit;
import jcifs.spnego.NegTokenTarg;
import jcifs.spnego.SpnegoException;
import jcifs.spnego.SpnegoToken;
import jcifs.util.Hexdump;

/**
 * This class used to wrap a {@link SSPContext} to provide SPNEGO feature.
 *
 * @author Shun
 *
 */
class SpnegoContext implements SSPContext {

                throw new IOException("Malformed SPNEGO token " + constructed);
            }

            final ASN1Sequence vec = (ASN1Sequence) constructed.getBaseObject();

            final ASN1ObjectIdentifier spnego = (ASN1ObjectIdentifier) vec.getObjectAt(0);
            if (!SPNEGO_OID.equals(spnego)) {
                throw new IOException("Malformed SPNEGO token, OID " + spnego);
            }

    /** SPNEGO JAAS login server module name. */
    @Size(max = 1000)
    public String spnegoLoginServerModule;

    /** SPNEGO pre-authentication username. */
    @Size(max = 1000)
    public String spnegoPreauthUsername;

    /** SPNEGO pre-authentication password. */
    @Size(max = 1000)
    public String spnegoPreauthPassword;

    /** Enable or disable SPNEGO basic authentication. */
    @Size(max = 10)

    }

    @Test
    @DisplayName("Parse rejects wrong SPNEGO OID")
    void testParseRejectsWrongOid() throws Exception {
        byte[] token = buildInitToken(new ASN1ObjectIdentifier[] { OID_KRB }, 0, null, null, false, "1.2.840.113554.1.2.2", // Kerberos OID instead of SPNEGO OID
                null, null);

    protected boolean allowNTLMFallback = true;
    /** Whether to use raw NTLM authentication without SPNEGO */
    protected boolean useRawNTLM = false;
    /** Whether to disable SPNEGO integrity checking */
    protected boolean disableSpnegoIntegrity = false;
    /** Whether to enforce SPNEGO integrity checking */
    protected boolean enforceSpnegoIntegrity = true;
    /** Whether plain text passwords are disabled */

     *
     * @return whether to disable sending/verifying SPNEGO mechanismListMIC
     */
    boolean isDisableSpnegoIntegrity();

    /**
     *
     * Property {@code jcifs.smb.client.enforceSpnegoIntegrity} (boolean, false)
     *
     * @return whether to enforce verifying SPNEGO mechanismListMIC
     */
    boolean isEnforceSpnegoIntegrity();

    /**

import jcifs.CIFSException;
import jcifs.Configuration;
import jcifs.spnego.NegTokenInit;

@ExtendWith(MockitoExtension.class)
class Kerb5AuthenticatorTest {

    @Mock
    CIFSContext tc;

    @Mock
    Configuration config;

    private static byte[] spnegoInitWithMechs(ASN1ObjectIdentifier... mechs) {
        // Build a minimal SPNEGO NegTokenInit containing the provided mechanisms

            bufferIndex += this.server.guid.length;
            this.server.oemDomainName = new String();

            if (this.byteCount > 16) {
                // have initial spnego token
                this.server.encryptionKeyLength = this.byteCount - 16;
                this.server.encryptionKey = new byte[this.server.encryptionKeyLength];