import org.codelibs.jcifs.smb.ntlmssp.Type2Message;
import org.codelibs.jcifs.smb.ntlmssp.Type3Message;

/**
 * JcifsEngine is a NTLM Engine implementation based on JCIFS.
 *
 * @author shinsuke
 *
 */
public class JcifsEngine implements NTLMEngine {

    /** Flags for Type 1 NTLM message. */
    protected static final int TYPE_1_FLAGS = NtlmFlags.NTLMSSP_NEGOTIATE_56 | NtlmFlags.NTLMSSP_NEGOTIATE_128

 * hashes via NTLM SSP with MSIE. It might also be used directly by servlet
 * containers to incorporate similar functionality.
 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is
 * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
 * Authentication Scheme for HTTP</A>.  <p> Also, read <a
 * href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and

    void createContext_forceFallback_triggersNtlmAndFailsOnNonNtlmToken() throws CIFSException {
        when(tc.getConfig()).thenReturn(config);
        when(config.isAllowNTLMFallback()).thenReturn(true);
        when(config.isUseRawNTLM()).thenReturn(false);

        // Enable NTLM fallback by providing NTLM creds in constructor

        // Should only offer NTLM, not Basic auth
        verify(response).setHeader("WWW-Authenticate", "NTLM");
        verify(response, never()).addHeader(eq("WWW-Authenticate"), eq("Basic realm=\"TestRealm\""));
    }

    @Test
    void testDoFilter_ntlmType1Message() throws Exception {
        // Test NTLM Type 1 message handling

    public boolean equals(Object obj) {
        if (obj instanceof NtlmPasswordAuthenticator ntlm) {
            String domA = ntlm.getUserDomain() != null ? ntlm.getUserDomain().toUpperCase() : null;
            String domB = this.getUserDomain() != null ? this.getUserDomain().toUpperCase() : null;
            return ntlm.type == this.type && Objects.equals(domA, domB) && ntlm.getUsername().equalsIgnoreCase(this.getUsername())

        verify(mockResponse).setHeader("WWW-Authenticate", "NTLM");
        verify(mockResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        verify(mockResponse).setContentLength(0);
        verify(mockResponse).flushBuffer();
    }

    /**
     * Test case for when the 'Authorization' header contains a Type 1 NTLM message.

    /**
     * Challenge
     */
    public byte[] challenge;

    /**
     * Server address
     */
    public UniAddress dc;

    /**
     * Creates a new NTLM challenge with the specified parameters.
     * @param challenge the NTLM challenge bytes
     * @param dc the domain controller address
     */
    public NtlmChallenge(final byte[] challenge, final UniAddress dc) {
        this.challenge = challenge;

     */
    @Deprecated
    void logon(CIFSContext tc, Address dc, int port) throws CIFSException;

    /**
     * Get NTLM challenge from a server
     *
     * @param dc the domain controller address
     * @param tc the CIFS context containing credentials
     * @return NTLM challenge
     * @throws CIFSException if an error occurs during authentication

                ntlm = new NtlmPasswordAuthentication(domain, user, password);
            }

            req.getSession().setAttribute("npa-" + server, ntlm);

        } else if (!credentialsSupplied) {
            if (ssn != null) {
                ntlm = (NtlmPasswordAuthentication) ssn.getAttribute("npa-" + server);
            }
            if (ntlm == null) {

        verify(response).setHeader("WWW-Authenticate", "NTLM");
        verify(response).addHeader("WWW-Authenticate", "Basic realm=\"TestRealm\"");
        verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }

    /**
     * Test the service method with a valid NTLM Authorization header.
     * Simulates a successful NTLM authentication.
     * @throws ServletException
     * @throws IOException