}

    // Test getAnsiHash always returns 24 bytes regardless of lmCompatibility
    @Test
    void testGetAnsiHashAlwaysReturns24Bytes() {
        NtlmPasswordAuthentication auth = new NtlmPasswordAuthentication("DOMAIN", "user", "password");
        byte[] challenge = { 1, 2, 3, 4, 5, 6, 7, 8 };
        byte[] hash = auth.getAnsiHash(challenge);
        assertNotNull(hash);

     * {@inheritDoc}
     *
     * @see jcifs.smb.NtlmPasswordAuthenticator#getAnsiHash(jcifs.CIFSContext, byte[])
     */
    @Override
    public byte[] getAnsiHash(final CIFSContext tc, final byte[] chlng) throws GeneralSecurityException {
        if (this.hashesExternal) {
            return this.ansiHash;
        }
        return super.getAnsiHash(tc, chlng);
    }

    /**
     * {@inheritDoc}
     *

                    ntHash = new byte[0];
                    capabilities &= ~SmbConstants.CAP_EXTENDED_SECURITY;
                } else if (session.transport.server.encryptedPasswords) {
                    lmHash = auth.getAnsiHash(session.transport.server.encryptionKey);
                    ntHash = auth.getUnicodeHash(session.transport.server.encryptionKey);
                    // prohibit HTTP auth attempts for the null session

        mockAuth.username = "testuser";
        mockAuth.domain = "TESTDOMAIN";
        mockAuth.password = "testpass";

        when(mockAuth.getAnsiHash(any(byte[].class))).thenReturn(new byte[24]);
        when(mockAuth.getUnicodeHash(any(byte[].class))).thenReturn(new byte[24]);
        when(mockAuth.getName()).thenReturn("testuser");

            if (session.transport.server.encryptedPasswords) {
                // encrypted
                password = session.auth.getAnsiHash(session.transport.server.encryptionKey);
                passwordLength = password.length;
            } else if (DISABLE_PLAIN_TEXT_PASSWORDS) {
                throw new RuntimeException("Plain text passwords are disabled");

                this.passwordLength = 1;
            } else if (this.server.encryptedPasswords) {
                // encrypted
                try {
                    this.password = pwAuth.getAnsiHash(this.ctx, this.server.encryptionKey);
                } catch (final GeneralSecurityException e) {
                    throw new RuntimeCIFSException("Failed to encrypt password", e);
                }

                    }
                    this.primaryDomain = a.getUserDomain() != null ? a.getUserDomain().toUpperCase() : "?";
                    if (server.encryptedPasswords) {
                        this.lmHash = a.getAnsiHash(tc, server.encryptionKey);
                        this.ntHash = a.getUnicodeHash(tc, server.encryptionKey);
                        // prohibit HTTP auth attempts for the null session

     * @throws GeneralSecurityException if a security error occurs
     * @deprecated NTLMv1 is insecure. Use NTLMv2 (LM compatibility level 3 or higher)
     */
    @Deprecated
    public byte[] getAnsiHash(CIFSContext tc, byte[] chlng) throws GeneralSecurityException {
        int compatibility = tc.getConfig().getLanManCompatibility();

        // Log warning for insecure NTLMv1 usage
        if (compatibility < 3) {

    /**
     * Computes the 24 byte ANSI password hash given the 8 byte server challenge.
     *
     * @param challenge the server challenge bytes
     * @return the ANSI password hash
     */
    public byte[] getAnsiHash(final byte[] challenge) {
        if (hashesExternal) {
            return ansiHash;
        }
        switch (LM_COMPATIBILITY) {
        case 0:
        case 1: