cloned.domain = toClone.domain;
        cloned.username = toClone.username;
        cloned.password = toClone.password != null ? toClone.password.clone() : null;
        cloned.type = toClone.type;
    }

    /**
     * Returns the domain.
     */
    @Override
    public String getUserDomain() {
        return this.domain;

        assertArrayEquals(originalPassword, clonedPassword, "Cloned password content should match");

        // Wipe original - should not affect clone
        authenticator.secureWipePassword();

        char[] originalAfterWipe = (char[]) passwordField.get(authenticator);
        char[] clonedAfterWipe = (char[]) passwordField.get(cloned);

    }

    /**
     * Test clone with secure password
     */
    @Test
    public void testCloneWithSecurePassword() {
        char[] testPassword = "ClonePass123!".toCharArray();
        NtlmPasswordAuthenticator original = new NtlmPasswordAuthenticator("DOMAIN", "testuser", testPassword);

        NtlmPasswordAuthenticator cloned = original.clone();

        // Verify cloned values

        Kerb5Authenticator cloned = auth.clone();

        assertNotSame(auth, cloned);
        assertEquals(subj, cloned.getSubject());
        assertEquals("alice", cloned.getUser());
        assertEquals("EXAMPLE.COM", cloned.getRealm());
        assertEquals("cifs", cloned.getService());
        assertEquals(123, cloned.getUserLifeTime());
        assertEquals(456, cloned.getLifeTime());

        char[] plaintext = "SamePassword".toCharArray();

        // Encrypt twice
        byte[] encrypted1 = storage.encryptCredentials(plaintext.clone());
        byte[] encrypted2 = storage.encryptCredentials(plaintext.clone());

        // Should produce different ciphertexts due to random IV
        assertFalse(Arrays.equals(encrypted1, encrypted2), "Different encryptions should produce different ciphertexts");

    @Override
    protected byte[] getNTHash() {
        return this.ntHash;
    }

    @Override
    public NtlmPasswordAuthenticator clone() {
        final NtlmNtHashAuthenticator cloned = new NtlmNtHashAuthenticator(this.ntHash.clone());
        cloneInternal(cloned, this);
        return cloned;
    }

        // Cast and check we can call clone() from CredentialsInternal contract
        CredentialsInternal ci = (CredentialsInternal) impl;
        CredentialsInternal cloned = ci.clone();
        assertNotNull(cloned, "clone() should return a non-null CredentialsInternal");
    }

            orig.refresh();
            // Clone should retain its cached Subject
            assertSame(copySubj, copy.getSubject(), "Clone should retain its cached Subject");
        } else {
            // If JAAS is not configured and getSubject() returns null, verify cloning still works
            assertNull(first, "First call to getSubject() returned null - JAAS not configured");

            // Clone should also return null for getSubject() calls

            when(mockMd5.clone()).thenReturn(clonedMd5);

            HMACT64 clonedHmac = (HMACT64) originalHmac.clone();

            assertNotNull(clonedHmac);
            assertNotSame(originalHmac, clonedHmac);
            verify(mockMd5, times(1)).clone(); // Verify that the internal MD5 was cloned
        }
    }

    @Test
    void testCloneNotSupportedException() throws NoSuchAlgorithmException, CloneNotSupportedException {

        return this.context;
    }

    @Override
    public NtlmPasswordAuthentication clone() {
        final NtlmPasswordAuthentication cloned = new NtlmPasswordAuthentication();
        cloneInternal(cloned, this);
        return cloned;
    }

    /**
     * Clone internal fields from one NtlmPasswordAuthentication to another.
     *