*/
public class NtlmPasswordAuthenticatorSecurityTest {

    private NtlmPasswordAuthenticator authenticator;

    @BeforeEach
    public void setUp() {
        authenticator = null;
    }

    @AfterEach
    public void tearDown() throws Exception {
        if (authenticator != null) {
            authenticator.close();
        }
    }

    @Test
    @DisplayName("Test password stored as char array")

    private String url;
    private SmbAuthException sae;

    /**
     * Set the default <code>NtlmAuthenticator</code>. Once the default authenticator is set it cannot be changed. Calling
     * this metho again will have no effect.
     *
     * @param a the authenticator to set as default
     */

    public synchronized static void setDefault(final NtlmAuthenticator a) {
        if (auth != null) {
            return;

import org.slf4j.LoggerFactory;

import jcifs.CIFSException;

/**
 * JAAS kerberos authenticator
 *
 * Either configure JAAS for credential caching or reuse a single instance of this authenticator -otherwise you won't
 * get proper ticket caching.
 *
 * Be advised that short/NetBIOS name usage is not supported with this authenticator. Always specify full FQDNs/Realm.

    }

    /**
     * Test that closed authenticator prevents all sensitive operations
     */
    @Test
    @DisplayName("Test closed authenticator blocks all sensitive operations")
    public void testClosedAuthenticatorBlocking() throws Exception {
        NtlmPasswordAuthenticator auth = new NtlmPasswordAuthenticator("DOMAIN", "user", "BlockedPass123!");

        // Close the authenticator
        auth.close();

import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.spnego.NegTokenInit;

/**
 * Base kerberos authenticator
 *
 * Uses a subject that contains kerberos credentials for use in GSSAPI context establishment.
 *
 * Be advised that short/NetBIOS name usage is not supported with this authenticator. Always specify full FQDNs.

    private void reset() {
        url = null;
        sae = null;
    }

    /**
     * Set the default <code>NtlmAuthenticator</code>. Once the default authenticator is set it cannot be changed. Calling this metho again will have no effect.
     * @param a the authenticator to set as default
     */

    public synchronized static void setDefault(final NtlmAuthenticator a) {
        if (auth != null) {
            return;
        }

        cloneInternal(cloned, this);
        return cloned;
    }

    /**
     * Clone internal fields from one authenticator to another.
     *
     * @param cloned the target authenticator to copy to
     * @param toClone the source authenticator to copy from
     */
    protected static void cloneInternal(NtlmPasswordAuthenticator cloned, NtlmPasswordAuthenticator toClone) {

        auth.refresh();
        Subject afterRefresh = auth.getSubject();
        // After refresh, may succeed or fail depending on JAAS configuration
        // Just verify that refresh doesn't break the authenticator
        assertNotNull(auth, "Authenticator should remain usable after refresh");
    }

    @Test
    @DisplayName("handle: sets NameCallback and PasswordCallback on happy path")

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.smb;

import org.bouncycastle.util.encoders.Hex;

/**
 * Authenticator directly specifing the user's NT hash
 *
 * @author mbechler
 *
 */
public class NtlmNtHashAuthenticator extends NtlmPasswordAuthenticator {

    private static final long serialVersionUID = 4328214169536360351L;

	claims.SetExpiry(UTCNow().Add(defaultJWTExpiry))
	claims.SetAccessKey(accessKey)
	token := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, claims)
	return token.SignedString([]byte(secretKey))
}

// Tests web request authenticator.
func TestWebRequestAuthenticate(t *testing.T) {
	ctx, cancel := context.WithCancel(t.Context())
	defer cancel()

	obj, fsDir, err := prepareFS(ctx)
	if err != nil {
		t.Fatal(err)
	}