}

    @Test
    @DisplayName("Parse rejects wrong SPNEGO OID")
    void testParseRejectsWrongOid() throws Exception {
        byte[] token = buildInitToken(new ASN1ObjectIdentifier[] { OID_KRB }, 0, null, null, false, "1.2.840.113554.1.2.2", // Kerberos OID instead of SPNEGO OID
                null, null);

package jcifs.spnego;

import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertSame;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

import java.io.IOException;

import org.junit.jupiter.api.DisplayName;

	</component>
	<component name="samlAuthenticator" class="org.codelibs.fess.sso.saml.SamlAuthenticator">
	</component>
	<component name="spnegoAuthenticator" class="org.codelibs.fess.sso.spnego.SpnegoAuthenticator">
	</component>

package jcifs.spnego;

import static org.junit.jupiter.api.Assertions.assertAll;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.Map;
import java.util.regex.Pattern;

import org.junit.jupiter.api.DisplayName;

- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features
- **Per-context configuration**: No global state, each context encapsulates configuration
- **Authentication**: NTLM, Kerberos, SPNEGO unified subsystem
- **SLF4J Logging**: Comprehensive logging throughout the codebase
- **Resource Management**: AutoCloseable patterns for file handles and connections
- **Thread Safety**: Components support concurrent access

 *
 * This interface defines the contract for SSO authentication providers that can be
 * integrated with Fess. Implementations handle specific SSO protocols like SAML,
 * OAuth, SPNEGO, or other authentication mechanisms. Each authenticator is responsible
 * for obtaining login credentials, resolving user information, and managing SSO
 * lifecycle operations like logout and metadata exchange.
 */

import jcifs.CIFSException;
import jcifs.Configuration;
import jcifs.spnego.NegTokenInit;

@ExtendWith(MockitoExtension.class)
class Kerb5AuthenticatorTest {

    @Mock
    CIFSContext tc;

    @Mock
    Configuration config;

    private static byte[] spnegoInitWithMechs(ASN1ObjectIdentifier... mechs) {
        // Build a minimal SPNEGO NegTokenInit containing the provided mechanisms

 * scattered authentication implementations.
 */
public interface AuthenticationProvider {

    /**
     * Authentication type enumeration
     */
    enum AuthType {
        NTLM, KERBEROS, SPNEGO, GUEST, ANONYMOUS
    }

    /**
     * Gets the authentication type
     *
     * @return the authentication type
     */
    AuthType getAuthType();

    /**

package jcifs.spnego;

import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;

import java.io.IOException;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;

/**

    protected boolean allowNTLMFallback = true;
    /** Whether to use raw NTLM authentication without SPNEGO */
    protected boolean useRawNTLM = false;
    /** Whether to disable SPNEGO integrity checking */
    protected boolean disableSpnegoIntegrity = false;
    /** Whether to enforce SPNEGO integrity checking */
    protected boolean enforceSpnegoIntegrity = true;
    /** Whether plain text passwords are disabled */