case 1:
            // NTLMv1 - deprecated and insecure
            log.warn("NTLMv1 LM response is deprecated and insecure. Consider using NTLMv2.");
            return NtlmUtil.getPreNTLMResponse(tc, getPasswordAsCharArray(), chlng);
        case 2:
            // NTLMv1 with NTLM response - still insecure
            log.warn("NTLMv1 NTLM response is deprecated and insecure. Consider using NTLMv2.");

     * gaps. For example, an insecure TLS connection is capable of negotiating HTTP/2 with ALPN and
     * it also has a regular-looking handshake.
     *
     * **This feature is not supported on Android API levels less than 24.** Prior releases lacked
     * a mechanism to trust some hosts and not others.
     *
     * @param hostname the exact hostname from the URL for insecure connections.
     */

    /** Flag to enable load balancing across domain controllers */
    private boolean loadBalance;

    /** Flag to enable basic authentication */
    private boolean enableBasic;

    /** Flag to allow insecure basic authentication */
    private boolean insecureBasic;

    /** The authentication realm */
    private String realm;

    @Override
    public void init(final ServletConfig config) throws ServletException {

        filter.init(filterConfig);

        // Test request over insecure connection
        when(request.getHeader("Authorization")).thenReturn(null);
        when(request.isSecure()).thenReturn(false);
        when(httpSession.getAttribute("NtlmHttpAuth")).thenReturn(null);

        filter.doFilter(request, response, filterChain);

  ).int()
    .default(DEFAULT_TIMEOUT)

  val followRedirects: Boolean by option("-L", "--location").help("Follow redirects").flag()

  val allowInsecure: Boolean by option("-k", "--insecure").help("Allow connections to SSL sites without certs").flag()

  val showHeaders: Boolean by option("-i", "--include").help("Include protocol headers in the output").flag()

And it should have an `access_token`, with a string containing our access token.

For this simple example, we are going to just be completely insecure and return the same `username` as the token.

/// tip

In the next chapter, you will see a real secure implementation, with password hashing and <abbr title="JSON Web Tokens">JWT</abbr> tokens.

But for now, let's focus on the specific details we need.

///

    /** Flag to enable load balancing across domain controllers */
    private boolean loadBalance;

    /** Flag to enable basic authentication */
    private boolean enableBasic;

    /** Flag to allow insecure basic authentication */
    private boolean insecureBasic;

    /** The authentication realm */
    private String realm;

    /** The CIFS context for transport operations */

    .build();
```

With a server that holds a certificate and a client that trusts it we have enough for an HTTPS
handshake. The best part of this example is that we don't need to make our test code insecure with a
a fake `HostnameVerifier` or `X509TrustManager`.

Certificate Authorities
-----------------------

The above example uses a self-signed certificate. This is convenient for testing but not

  }

  @Test
  fun decodeRsa512() {
    // The certificate + private key below was generated with OpenSSL. Never generate certificates
    // with MD5 or 512-bit RSA; that's insecure!
    //
    // openssl req \
    //   -x509 \
    //   -md5 \
    //   -nodes \
    //   -days 1 \
    //   -newkey rsa:512 \
    //   -keyout privateKey.key \
    //   -out certificate.crt

  public static final String UPGRADE = "Upgrade";

  /**
   * The HTTP <a href="https://w3c.github.io/webappsec-upgrade-insecure-requests/#preference">{@code
   * Upgrade-Insecure-Requests}</a> header field name.
   *
   * @since 28.1
   */
  public static final String UPGRADE_INSECURE_REQUESTS = "Upgrade-Insecure-Requests";

  /** The HTTP {@code User-Agent} header field name. */
  public static final String USER_AGENT = "User-Agent";