*/
package jcifs.pac.kerberos;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import javax.security.auth.kerberos.KerberosKey;

import jcifs.pac.PACDecodingException;

/**
 * Abstract base class for Kerberos authorization data.
 * This class provides parsing capabilities for different types of Kerberos authorization data.
 */

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.pac.kerberos;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;

import javax.security.auth.kerberos.KerberosKey;

import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;

 */
package jcifs.pac.kerberos;

import java.security.Key;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/**

    }

    @Test
    @DisplayName("createContext: no Kerberos in initial token and no fallback -> throws")
    void createContext_noKerberosNoFallback_throws() throws CIFSException {
        Kerb5Authenticator auth = new Kerb5Authenticator((Subject) null);

        // Build a token with an arbitrary non-kerberos mechanism OID
        ASN1ObjectIdentifier unsupported = new ASN1ObjectIdentifier("1.2.3.4.5");

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.pac.kerberos;

import java.util.Map;

import javax.security.auth.kerberos.KerberosKey;

import jcifs.pac.PACDecodingException;
import jcifs.pac.Pac;

/**
 * Kerberos authorization data containing PAC (Privilege Attribute Certificate) information.
 */

package jcifs.pac.kerberos;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

import java.io.IOException;

import javax.security.auth.kerberos.KerberosKey;

import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;

    /**
     * OID for the SPNEGO mechanism
     */
    String SPNEGO_MECHANISM = "1.3.6.1.5.5.2";

    /**
     * OID for the Kerberos v5 mechanism
     */
    String KERBEROS_MECHANISM = "1.2.840.113554.1.2.2";

    /**
     * OID for the legacy Kerberos v5 mechanism
     */
    String LEGACY_KERBEROS_MECHANISM = "1.2.840.48018.1.2.2";

    /**
     * OID for the NTLMSSP mechanism
     */

This fork from [jcifs-ng](https://github.com/AgNO3/jcifs-ng) merges backward compatibility with legacy SMB devices while supporting modern SMB2/SMB3 protocols. Key features include SMB2 support, per-context configuration, SLF4J logging, NTLMSSP/Kerberos authentication, and streaming operations.

## Version

[Versions in Maven Repository](https://repo1.maven.org/maven2/org/codelibs/jcifs/)

## Requirements

- Java 17 or higher
- SLF4J for logging

/**
 * SPNEGO (Security Provider Negotiation Protocol) authenticator implementation.
 *
 * This class provides Single Sign-On (SSO) authentication using the SPNEGO protocol,
 * which is commonly used for Kerberos-based authentication in Windows environments.
 * It handles the negotiation between client and server to establish a secure
 * authentication context without requiring users to explicitly enter credentials.
 *

 */
package jcifs.smb;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.Key;

import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;