// Arrange: stub renew() to return a mocked CredentialsInternal
        when(renewable.renew()).thenReturn(returned);

        // Act: invoke renew()
        CredentialsInternal result = renewable.renew();

        // Assert: verify interaction and returned value
        verify(renewable, times(1)).renew();
        assertSame(returned, result, "renew() should return the stubbed value");

    }

    @Test
    @DisplayName("Should renew credentials when they are renewable and renew() returns new credentials")
    void testRenewCredentials_RenewableAndRenewed() {
        // Set up the wrapper with renewable credentials
        wrapper = new CIFSContextCredentialWrapper(mockDelegate, mockRenewableCredentials);
        when(mockRenewableCredentials.renew()).thenReturn(mockRenewedCredentialsInternal);

 *
 * @author mbechler
 */
public interface SmbRenewableCredentials extends CredentialsInternal {

    /**
     * Renew the credentials
     *
     * @return the renewed credentials
     */
    CredentialsInternal renew();

            this.cachedSubject = null;
            return null;
        }
    }

    /**
     * {@inheritDoc}
     *
     * @see jcifs.smb.SmbRenewableCredentials#renew()
     */
    @Override
    public CredentialsInternal renew() {
        log.debug("Renewing credentials");
        this.cachedSubject = null;
        getSubject();
        return this;
    }

    /**
     * {@inheritDoc}

        final Credentials cred = getCredentials();
        if (cred instanceof final SmbRenewableCredentials renewable) {
            final CredentialsInternal renewed = renewable.renew();
            if (renewed != null) {
                this.creds = renewed;
                return true;
            }
        }
        final NtlmAuthenticator auth = NtlmAuthenticator.getDefault();

        }
    }

    @Test
    @DisplayName("renew: invokes getSubject and returns self")
    void testRenewInvokesGetSubjectAndReturnsSelf() {
        JAASAuthenticator auth = spy(new JAASAuthenticator());
        // Avoid real JAAS by stubbing getSubject
        doReturn(new Subject()).when(auth).getSubject();

        // Act
        CredentialsInternal result = auth.renew();

        // Assert interaction and return value

        // Then
        assertEquals(newContext, context);
        verify(mockContext).withCredentials(creds);
    }

    @Test
    @DisplayName("Should renew credentials")
    void testRenewCredentials() {
        // Given
        String hint = "hint";
        Throwable error = new Exception();
        when(mockContext.renewCredentials(hint, error)).thenReturn(true);

     *
     * @param creds the credentials to use
     * @return a child context using using the given credentials
     */
    CIFSContext withCredentials(Credentials creds);

    /**
     * Attempt to renew credentials after authentication failure
     *
     * @param locationHint URL or location hint for credential renewal
     * @param error the error that triggered renewal
     * @return whether new credentials are obtained

<img src="/img/deployment/https/https.drawio.svg">

The **TLS certificates** are **associated with a domain name**, not with an IP address.

So, to renew the certificates, the renewal program needs to **prove** to the authority (Let's Encrypt) that it indeed **"owns" and controls that domain**.

                }
            } else {
                if (!this.ctx.renewCredentials(loc.getURL().toString(), sae)) {
                    throw sae;
                }
                log.debug("Trying to renew credentials after auth error");
                try (SmbSessionInternal s = trans.getSmbSession(this.ctx, treesess.getTargetHost(), treesess.getTargetDomain())