cloned.domain = toClone.domain;
        cloned.username = toClone.username;
        cloned.password = toClone.password != null ? toClone.password.clone() : null;
        cloned.type = toClone.type;
    }

    /**
     * Returns the domain.
     */
    @Override
    public String getUserDomain() {
        return this.domain;

pkg hash, type Cloner interface { BlockSize, Clone, Reset, Size, Sum, Write } #69521
pkg hash, type Cloner interface, BlockSize() int #69521
pkg hash, type Cloner interface, Clone() (Cloner, error) #69521
pkg hash, type Cloner interface, Reset() #69521
pkg hash, type Cloner interface, Size() int #69521
pkg hash, type Cloner interface, Sum([]uint8) []uint8 #69521
pkg hash, type Cloner interface, Write([]uint8) (int, error) #69521

        assertArrayEquals(originalPassword, clonedPassword, "Cloned password content should match");

        // Wipe original - should not affect clone
        authenticator.secureWipePassword();

        char[] originalAfterWipe = (char[]) passwordField.get(authenticator);
        char[] clonedAfterWipe = (char[]) passwordField.get(cloned);

        SecurityBlob copy = assertDoesNotThrow(() -> (SecurityBlob) original.clone(), "clone() should not throw");

        // Assert
        assertNotSame(original, copy, "clone should return a different instance");
        assertTrue(original.equals(copy), "Cloned instance should be equal by content");

        // Mutate original backing array; clone should remain based on previous snapshot
        data[0] = 99;

    }

    /**
     * Test clone with secure password
     */
    @Test
    public void testCloneWithSecurePassword() {
        char[] testPassword = "ClonePass123!".toCharArray();
        NtlmPasswordAuthenticator original = new NtlmPasswordAuthenticator("DOMAIN", "testuser", testPassword);

        NtlmPasswordAuthenticator cloned = original.clone();

        // Verify cloned values

    server.enqueue(MockResponse(body = "def"))

    val request = Request(server.url("/"))

    val call = client.newCall(request)
    val response1 = call.execute()

    val cloned = call.clone()
    val response2 = cloned.execute()

    assertThat("abc").isEqualTo(response1.body.string())
    assertThat("def").isEqualTo(response2.body.string())
  }

  @Test
  @Flaky
  fun testMockWebserverRequest() {

        Kerb5Authenticator cloned = auth.clone();

        assertNotSame(auth, cloned);
        assertEquals(subj, cloned.getSubject());
        assertEquals("alice", cloned.getUser());
        assertEquals("EXAMPLE.COM", cloned.getRealm());
        assertEquals("cifs", cloned.getService());
        assertEquals(123, cloned.getUserLifeTime());
        assertEquals(456, cloned.getLifeTime());

        char[] plaintext = "SamePassword".toCharArray();

        // Encrypt twice
        byte[] encrypted1 = storage.encryptCredentials(plaintext.clone());
        byte[] encrypted2 = storage.encryptCredentials(plaintext.clone());

        // Should produce different ciphertexts due to random IV
        assertFalse(Arrays.equals(encrypted1, encrypted2), "Different encryptions should produce different ciphertexts");

    @Override
    protected byte[] getNTHash() {
        return this.ntHash;
    }

    @Override
    public NtlmPasswordAuthenticator clone() {
        final NtlmNtHashAuthenticator cloned = new NtlmNtHashAuthenticator(this.ntHash.clone());
        cloneInternal(cloned, this);
        return cloned;
    }

        // Cast and check we can call clone() from CredentialsInternal contract
        CredentialsInternal ci = (CredentialsInternal) impl;
        CredentialsInternal cloned = ci.clone();
        assertNotNull(cloned, "clone() should return a non-null CredentialsInternal");
    }