}
        case 3, 4, 5 -> {
            // NTLMv2 - returns empty for unicode hash as NTLMv2 doesn't use it
            yield new byte[0];
        }
        default -> {
            // Default to NTLMv2 behavior (empty response)
            log.info("Defaulting to secure NTLMv2 authentication (no unicode hash)");
            yield new byte[0];
        }
        };
    }

    /**

import jcifs.ntlmssp.Type2Message;
import jcifs.ntlmssp.Type3Message;
import jcifs.util.Crypto;
import jcifs.util.Hexdump;

/**
 * For initiating NTLM authentication (including NTLMv2). If you want to add NTLMv2 authentication support to something
 * this is what you want to use. See the code for details. Note that JCIFS does not implement the acceptor side of NTLM
 * authentication.
 *
 */

        lenient().when(mockConfig.getOemEncoding()).thenReturn("UTF-8");
        lenient().when(mockConfig.getRandom()).thenReturn(mockRandom);
        lenient().when(mockConfig.getLanManCompatibility()).thenReturn(3); // Default NTLMv2
        lenient().when(mockConfig.getMachineId()).thenReturn(machineId);
        lenient().when(mockCtx.getConfig()).thenReturn(mockConfig);
        lenient().when(mockCtx.getNameServiceClient()).thenReturn(mockNameServiceClient);

        assertTrue("Minimum version should be at least SMB2.0.2", config.getMinimumVersion().atLeast(DialectVersion.SMB202));

        // Verify LM compatibility level is 3 or higher (NTLMv2 only)
        assertTrue("LM compatibility should be 3 or higher for NTLMv2 only", config.getLanManCompatibility() >= 3);
        assertEquals("LM compatibility should default to 3", 3, config.getLanManCompatibility());

    * Indicates that the NTLM2 signing and sealing scheme should be used
    * for protecting authenticated communications.  This refers to a
    * particular session security scheme, and is not related to the use
    * of NTLMv2 authentication.
    */
    int NTLMSSP_NEGOTIATE_NTLM2 = 0x00080000;

    /**
     * Requests an initial response token.
     */
    int NTLMSSP_REQUEST_INIT_RESPONSE = 0x00100000;

    /**

     *         The target information block is used by the client to create an
     *         NTLMv2 response.
     */
    public byte[] getTargetInformation() {
        return this.targetInformation;
    }

    /**
     * Sets the target information block.
     * The target information block is used by the client to create
     * an NTLMv2 response.
     *
     * @param targetInformation

    }

    /**
     * Returns the NT/NTLMv2 response.
     *
     * @return A <code>byte[]</code> containing the NT/NTLMv2 response.
     */
    public byte[] getNTResponse() {
        return ntResponse;
    }

    /**
     * Sets the NT/NTLMv2 response for this message.
     *
     * @param ntResponse The NT/NTLMv2 response.
     */

        byte[] viaPassword = NtlmUtil.nTOWFv2(domain, user, password);

        // Assert: overloads consistent
        assertArrayEquals(viaHash, viaPassword, "Both overloads must compute same NTLMv2 key");

        // Changing domain should change the key (domain is part of MAC input)
        byte[] differentDomain = NtlmUtil.nTOWFv2("DOMAIN", user, password);

     * Indicates that the NTLM2 signing and sealing scheme should be used
     * for protecting authenticated communications. This refers to a
     * particular session security scheme, and is not related to the use
     * of NTLMv2 authentication.
     */
    int NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x00080000;

    /**
     * ?? According to spec this is a reserved bit and must be set to zero
     */

import jcifs.smb1.ntlmssp.Type3Message;
import jcifs.smb1.util.Encdec;
import jcifs.smb1.util.Hexdump;
import jcifs.smb1.util.LogStream;

/**
For initiating NTLM authentication (including NTLMv2). If you want to add NTLMv2 authentication support to something this is what you want to use. See the code for details. Note that JCIFS does not implement the acceptor side of NTLM authentication.
 */

public class NtlmContext {