// Test the method directly
        char[] password1 = "testpassword".toCharArray();
        char[] password2 = "testpassword".toCharArray();
        char[] password3 = "testpassworX".toCharArray();

        Boolean result1 = (Boolean) constantTimeMethod.invoke(null, password1, password2);
        Boolean result2 = (Boolean) constantTimeMethod.invoke(null, password1, password3);

        NtlmPasswordAuthenticator auth2 = new NtlmPasswordAuthenticator("DOMAIN", "user", password2);
        NtlmPasswordAuthenticator auth3 = new NtlmPasswordAuthenticator("DOMAIN", "user", password3);

        // Test equality with same password
        assertEquals(auth1, auth2);
        assertEquals(auth1.hashCode(), auth2.hashCode());

        // Test inequality with different password

        byte[] actual = NtlmUtil.getNTHash(password);

        // Assert
        assertArrayEquals(expected, actual, "NT hash must match known test vector");
    }

    @Test
    @DisplayName("getNTHash: verify different passwords produce different hashes")
    void testGetNTHash_differentPasswords() {
        // Arrange
        String password1 = "password";
        String password2 = "Password";

        // Act

        assertEquals("errors.password_no_lowercase", systemHelper.validatePassword("PASSWORD1!"));
        assertEquals("errors.password_no_digit", systemHelper.validatePassword("Password!"));
        assertEquals("errors.password_no_special_char", systemHelper.validatePassword("Password1"));
        assertEquals("", systemHelper.validatePassword("Password1!"));

              }

              println("Authenticating for response: $response")
              println("Challenges: ${response.challenges()}")
              val credential = Credentials.basic("jesse", "password1")
              return response.request.newBuilder()
                  .header("Authorization", credential)
                  .build()
            }
          })
          .build()

      fun run() {

        .build(),
    )
    server.enqueue(MockResponse(body = "encrypted response from the origin server"))
    val credential = basic("jesse", "password1")
    client =
      client
        .newBuilder()
        .sslSocketFactory(
          handshakeCertificates.sslSocketFactory(),
          handshakeCertificates.trustManager,
        ).proxy(server.proxyAddress)
        .hostnameVerifier(RecordingHostnameVerifier())

        // Verify it returns a clone, not the original
        password[0] = 'X';
        char[] password2 = authenticator.getPasswordAsCharArray();
        assertNotEquals(password[0], password2[0], "Should return a clone, not the original");
    }

    @Test
    public void testPasswordConstructorWithCharArray() {
        char[] passwordChars = "charArrayPassword".toCharArray();

///

## Password hashing { #password-hashing }

"Hashing", bazı içerikleri (bu örnekte bir password) anlamsız görünen bir bayt dizisine (pratikte bir string) dönüştürmek demektir.

Aynı içeriği (aynı password'ü) her seferinde verirseniz, her seferinde aynı anlamsız çıktıyı elde edersiniz.

Ancak bu anlamsız çıktıdan geri password'e dönüştürme yapılamaz.

### Neden password hashing kullanılır { #why-use-password-hashing }

///

## Passwort-Hashing { #password-hashing }

„Hashing“ bedeutet: Konvertieren eines Inhalts (in diesem Fall eines Passworts) in eine Folge von Bytes (ein schlichter String), die wie Kauderwelsch aussieht.

Immer wenn Sie genau den gleichen Inhalt (genau das gleiche Passwort) übergeben, erhalten Sie genau den gleichen Kauderwelsch.

# Einfaches OAuth2 mit Password und Bearer { #simple-oauth2-with-password-and-bearer }

Lassen Sie uns nun auf dem vorherigen Kapitel aufbauen und die fehlenden Teile hinzufügen, um einen vollständigen Sicherheits-Flow zu erhalten.

## `username` und `password` entgegennehmen { #get-the-username-and-password }

Wir werden **FastAPIs** Sicherheits-Werkzeuge verwenden, um den `username` und das `password` entgegenzunehmen.