// Test the method directly
        char[] password1 = "testpassword".toCharArray();
        char[] password2 = "testpassword".toCharArray();
        char[] password3 = "testpassworX".toCharArray();

        Boolean result1 = (Boolean) constantTimeMethod.invoke(null, password1, password2);
        Boolean result2 = (Boolean) constantTimeMethod.invoke(null, password1, password3);

        byte[] actual = NtlmUtil.getNTHash(password);

        // Assert
        assertArrayEquals(expected, actual, "NT hash must match known test vector");
    }

    @Test
    @DisplayName("getNTHash: verify different passwords produce different hashes")
    void testGetNTHash_differentPasswords() {
        // Arrange
        String password1 = "password";
        String password2 = "Password";

        // Act

        NtlmPasswordAuthenticator auth2 = new NtlmPasswordAuthenticator("DOMAIN", "user", password2);
        NtlmPasswordAuthenticator auth3 = new NtlmPasswordAuthenticator("DOMAIN", "user", password3);

        // Test equality with same password
        assertEquals(auth1, auth2);
        assertEquals(auth1.hashCode(), auth2.hashCode());

        // Test inequality with different password

        // Verify it returns a clone, not the original
        password[0] = 'X';
        char[] password2 = authenticator.getPasswordAsCharArray();
        assertNotEquals(password[0], password2[0], "Should return a clone, not the original");
    }

    @Test
    public void testPasswordConstructorWithCharArray() {
        char[] passwordChars = "charArrayPassword".toCharArray();

# Einfaches OAuth2 mit Password und Bearer { #simple-oauth2-with-password-and-bearer }

Lassen Sie uns nun auf dem vorherigen Kapitel aufbauen und die fehlenden Teile hinzufügen, um einen vollständigen Sicherheits-Flow zu erhalten.

## `username` und `password` entgegennehmen { #get-the-username-and-password }

Wir werden **FastAPIs** Sicherheits-Werkzeuge verwenden, um den `username` und das `password` entgegenzunehmen.

If the passwords don't match, we return the same error.

#### Password hashing { #password-hashing }

"Hashing" means: converting some content (a password in this case) into a sequence of bytes (just a string) that looks like gibberish.

Whenever you pass exactly the same content (exactly the same password) you get exactly the same gibberish.

Nunca deberías guardar passwords en texto plano, así que, usaremos el sistema de hash de passwords (falso).

Si los passwords no coinciden, devolvemos el mismo error.

#### Hashing de passwords { #password-hashing }

"Hacer hash" significa: convertir algún contenido (un password en este caso) en una secuencia de bytes (solo un string) que parece un galimatías.

            server = server.clone();

            String password = server.getPassword();
            if (securityDispatcher.isAnyEncryptedString(password)) {
                try {
                    if (securityDispatcher.isLegacyEncryptedString(password)) {
                        problems.add(new DefaultSettingsProblem(
                                "Pre-Maven 4 legacy encrypted password detected for server " + server.getId()

        return ntResponse;
    }

    /**
     * Generates the NTOWFv1 hash for the given password.
     *
     * @param password the password to hash
     * @return the NTOWFv1 hash bytes
     */
    public static byte[] nTOWFv1(final String password) {
        if (password == null) {
            throw new RuntimeException("Password parameter is required");
        }
        try {
            final MD4 md4 = new MD4();

///

## Password hashing { #password-hashing }

"Hashing" means converting some content (a password in this case) into a sequence of bytes (just a string) that looks like gibberish.

Whenever you pass exactly the same content (exactly the same password) you get exactly the same gibberish.

But you cannot convert from the gibberish back to the password.

### Why use password hashing { #why-use-password-hashing }