protected static final String SPNEGO_LOGIN_CONF = "spnego.login.conf";

    /** Configuration key for SPNEGO logger level. */
    protected static final String SPNEGO_LOGGER_LEVEL = "spnego.logger.level";

    /** The underlying SPNEGO authenticator instance. */
    protected org.codelibs.spnego.SpnegoAuthenticator authenticator = null;

    /**
     * Constructs a new SPNEGO authenticator.
     */

import org.slf4j.LoggerFactory;

import jcifs.CIFSException;
import jcifs.Configuration;
import jcifs.spnego.NegTokenInit;
import jcifs.spnego.NegTokenTarg;
import jcifs.spnego.SpnegoException;
import jcifs.spnego.SpnegoToken;
import jcifs.util.Hexdump;

/**
 * This class used to wrap a {@link SSPContext} to provide SPNEGO feature.
 *
 * @author Shun
 *
 */
class SpnegoContext implements SSPContext {

                throw new IOException("Malformed SPNEGO token " + constructed);
            }

            final ASN1Sequence vec = (ASN1Sequence) constructed.getBaseObject();

            final ASN1ObjectIdentifier spnego = (ASN1ObjectIdentifier) vec.getObjectAt(0);
            if (!SPNEGO_OID.equals(spnego)) {
                throw new IOException("Malformed SPNEGO token, OID " + spnego);
            }

    }

    @Test
    @DisplayName("Parse rejects wrong SPNEGO OID")
    void testParseRejectsWrongOid() throws Exception {
        byte[] token = buildInitToken(new ASN1ObjectIdentifier[] { OID_KRB }, 0, null, null, false, "1.2.840.113554.1.2.2", // Kerberos OID instead of SPNEGO OID
                null, null);

import jcifs.CIFSException;
import jcifs.Configuration;
import jcifs.spnego.NegTokenInit;

@ExtendWith(MockitoExtension.class)
class Kerb5AuthenticatorTest {

    @Mock
    CIFSContext tc;

    @Mock
    Configuration config;

    private static byte[] spnegoInitWithMechs(ASN1ObjectIdentifier... mechs) {
        // Build a minimal SPNEGO NegTokenInit containing the provided mechanisms

    protected boolean allowNTLMFallback = true;
    /** Whether to use raw NTLM authentication without SPNEGO */
    protected boolean useRawNTLM = false;
    /** Whether to disable SPNEGO integrity checking */
    protected boolean disableSpnegoIntegrity = false;
    /** Whether to enforce SPNEGO integrity checking */
    protected boolean enforceSpnegoIntegrity = true;
    /** Whether plain text passwords are disabled */

     *
     * @return whether to disable sending/verifying SPNEGO mechanismListMIC
     */
    boolean isDisableSpnegoIntegrity();

    /**
     *
     * Property {@code jcifs.smb.client.enforceSpnegoIntegrity} (boolean, false)
     *
     * @return whether to enforce verifying SPNEGO mechanismListMIC
     */
    boolean isEnforceSpnegoIntegrity();

    /**

import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.CIFSException;
import jcifs.spnego.NegTokenInit;

/**
 * This class used to provide Kerberos feature when setup GSSContext.
 *
 * @author Shun
 */
class Kerb5Context implements SSPContext {

import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.spnego.NegTokenInit;

/**
 * Base kerberos authenticator
 *
 * Uses a subject that contains kerberos credentials for use in GSSAPI context establishment.
 *

            bufferIndex += this.server.guid.length;
            this.server.oemDomainName = new String();

            if (this.byteCount > 16) {
                // have initial spnego token
                this.server.encryptionKeyLength = this.byteCount - 16;
                this.server.encryptionKey = new byte[this.server.encryptionKeyLength];