* prepare preemptive authentication. OkHttp will call [authenticate] with a fake `HTTP/1.1 407
 * Proxy Authentication Required` response that has a `Proxy-Authenticate: OkHttp-Preemptive`
 * challenge. The proxy authenticator may return either an authenticated request, or null to
 * connect without authentication.
 *
 * ```java

        .protocol(HTTP_2)
        .message("Unauthorized")
        .build()
    val authRequest = authenticator.authenticate(route, response)

    assertEquals(
      "Basic ${RecordingAuthenticator.BASE_64_CREDENTIALS}",
      authRequest!!.header("Authorization"),
    )
  }

  @Test
  fun noSupportForNonBasicAuth() {
    val request =
      Request
        .Builder()

 */
package okhttp3.internal.authenticator

import java.io.IOException
import java.net.Authenticator
import java.net.InetAddress
import java.net.InetSocketAddress
import java.net.Proxy
import okhttp3.Credentials
import okhttp3.Dns
import okhttp3.HttpUrl
import okhttp3.Request
import okhttp3.Response
import okhttp3.Route

/**

        SsoAuthenticator[] authenticators = ssoManager.getAuthenticators();
        assertEquals(3, authenticators.length);
        assertEquals(authenticator1, authenticators[0]);
        assertEquals(authenticator2, authenticators[1]);
        assertEquals(authenticator3, authenticators[2]);
    }

    public void test_getAuthenticators_withNoRegisteredAuthenticators() {
        SsoAuthenticator[] authenticators = ssoManager.getAuthenticators();

 */
package okhttp3

import java.io.IOException
import okhttp3.Authenticator.Companion.JAVA_NET_AUTHENTICATOR

/**
 * Do not use this.
 *
 * Instead, configure your OkHttpClient.Builder to use `Authenticator.JAVA_NET_AUTHENTICATOR`:
 *
 * ```
 *   val okHttpClient = OkHttpClient.Builder()
 *     .authenticator(okhttp3.Authenticator.Companion.JAVA_NET_AUTHENTICATOR)
 *     .build()
 * ```
 */

     * @return The action response from the SSO authenticator, or null if SSO is not available
     */
    public ActionResponse getResponse(final SsoResponseType responseType) {
        if (available()) {
            final SsoAuthenticator authenticator = getAuthenticator();
            if (authenticator != null) {
                return authenticator.getResponse(responseType);
            }
        }
        return null;

 */
public class NtlmPasswordAuthenticatorSecurityTest {

    private NtlmPasswordAuthenticator authenticator;

    @BeforeEach
    public void setUp() {
        authenticator = null;
    }

    @AfterEach
    public void tearDown() throws Exception {
        if (authenticator != null) {
            authenticator.close();
        }
    }

    @Test
    @DisplayName("Test password stored as char array")

        // Execute
        authenticator.resolveCredential(resolver);

        // Verify
        assertTrue(authenticator.isResolverCalled());
        assertNotNull(authenticator.getLastResolver());
    }

    public void test_resolveCredential_withNullResolver() {
        // Execute
        authenticator.resolveCredential(null);

        // Verify

import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.spnego.NegTokenInit;

/**
 * Base kerberos authenticator
 *
 * Uses a subject that contains kerberos credentials for use in GSSAPI context establishment.
 *
 * Be advised that short/NetBIOS name usage is not supported with this authenticator. Always specify full FQDNs.

import java.io.IOException
import okhttp3.Authenticator
import okhttp3.Credentials
import okhttp3.OkHttpClient
import okhttp3.Request
import okhttp3.Response
import okhttp3.Route

class Authenticate {
  private val client =
    OkHttpClient
      .Builder()
      .authenticator(
        object : Authenticator {
          @Throws(IOException::class)
          override fun authenticate(
            route: Route?,