}
    }

    // Integration test with actual MD5 to verify HMAC calculation logic
    @Test
    void testHMACT64WithActualMD5() throws NoSuchAlgorithmException {
        // This test uses a real MD5 instance to verify the HMAC calculation logic
        // HMACT64 is a modified HMAC-MD5 where the key is truncated at 64 bytes
        // instead of being hashed when it exceeds the block size.

	streamingContentSHA256        = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"
	streamingContentSHA256Trailer = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER"
	signV4ChunkedAlgorithm        = "AWS4-HMAC-SHA256-PAYLOAD"
	signV4ChunkedAlgorithmTrailer = "AWS4-HMAC-SHA256-TRAILER"
	streamingContentEncoding      = "aws-chunked"
	awsTrailerHeader              = "X-Amz-Trailer"

 * supporting various checksum algorithms including HMAC-MD5 and HMAC-SHA1 with AES.
 */
public class PacSignature {

    /**
     * Kerberos checksum type for HMAC-MD5 (ARCFOUR-HMAC).
     */
    public static final int KERB_CHECKSUM_HMAC_MD5 = 0xFFFFFF76;
    /**
     * Kerberos checksum type for HMAC-SHA1-96 with AES-128.
     */
    public static final int HMAC_SHA1_96_AES128 = 0x0000000F;

    /**
     * Calculates a MAC using the ARCFOUR-HMAC-MD5 algorithm.
     * This method implements the Microsoft variant of the Kerberos ARCFOUR-HMAC-MD5 checksum.
     *
     * @param keyusage the Kerberos key usage number for this operation
     * @param key the encryption key to use for MAC calculation
     * @param data the data to calculate the MAC for
     * @return the calculated MAC bytes

		{
			policy:  `{"conditions":[["eq","$bucket","asdf"],["eq","$key","hello.txt"]],"conditions":[["eq","$success_action_status","201"],["eq","$Content-Type","plain/text"],["eq","$success_action_status","201"],["eq","$x-amz-algorithm","AWS4-HMAC-SHA256"],["eq","$x-amz-credential","Q3AM3UQ867SPQQA43P2F/20210315/us-east-1/s3/aws4_request"],["eq","$x-amz-date","20210315T091621Z"]]}`,
			success: false,
		},
		// invalid json.
		{

        final byte[] response = new byte[24];
        MessageDigest hmac = Crypto.getHMACT64(passwordHash);
        hmac.update(Strings.getUNIBytes(user.toUpperCase()));
        hmac.update(Strings.getUNIBytes(domain.toUpperCase()));
        hmac = Crypto.getHMACT64(hmac.digest());
        hmac.update(challenge);
        hmac.update(clientChallenge);
        hmac.digest(response, 0, 16);

        }

        this.md5 = Crypto.getMD5();
        engineReset();
    }

    private HMACT64(final HMACT64 hmac) throws CloneNotSupportedException {
        super("HMACT64");
        this.ipad = hmac.ipad;
        this.opad = hmac.opad;
        this.md5 = (MessageDigest) hmac.md5.clone();
    }

    @Override
    public Object clone() {
        try {
            return new HMACT64(this);

            throw new IllegalStateException(ex.getMessage());
        }
        engineReset();
    }

    private HMACT64(final HMACT64 hmac) throws CloneNotSupportedException {
        super("HMACT64");
        this.ipad = hmac.ipad;
        this.opad = hmac.opad;
        this.md5 = (MessageDigest) hmac.md5.clone();
    }

    @Override
    public Object clone() {
        try {
            return new HMACT64(this);

            HMACT64 hmac = new HMACT64(md4.digest());
            hmac.update(user.toUpperCase().getBytes(SmbConstants.UNI_ENCODING));
            hmac.update(domain.toUpperCase().getBytes(SmbConstants.UNI_ENCODING));
            hmac = new HMACT64(hmac.digest());
            hmac.update(challenge);
            hmac.update(clientChallenge);
            hmac.digest(response, 0, 16);

    }

    @Test
    @DisplayName("Should calculate HMAC-T64 correctly")
    void testHMACT64() {
        // Given
        byte[] key = "secret".getBytes();
        byte[] data = "Hello World".getBytes();

        // When
        MessageDigest hmac = Crypto.getHMACT64(key);
        byte[] result = hmac.digest(data);

        // Then
        assertNotNull(result);