* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

package jcifs.spnego;

/**
 * Constants for SPNEGO authentication mechanism OIDs used in GSS-API negotiations
 */
public interface SpnegoConstants {

    /**
     * OID for the SPNEGO mechanism
     */
    String SPNEGO_MECHANISM = "1.3.6.1.5.5.2";

    /**
     * OID for the Kerberos v5 mechanism
     */

package jcifs.spnego;

import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;

        // SPNEGO logout should return null (relies on Kerberos infrastructure)
        String logoutUrl = authenticator.logout(null);
        assertNull(logoutUrl);
    }

    @Test
    public void test_nullSafeGetResponse() {
        SpnegoAuthenticator authenticator = new SpnegoAuthenticator();

        // SPNEGO typically doesn't provide special response handling

    }

    @Test
    @DisplayName("Parse rejects wrong SPNEGO OID")
    void testParseRejectsWrongOid() throws Exception {
        byte[] token = buildInitToken(new ASN1ObjectIdentifier[] { OID_KRB }, 0, null, null, false, "1.2.840.113554.1.2.2", // Kerberos OID instead of SPNEGO OID
                null, null);

- Web, file system, and data store crawling
- Multi-format document support (Office, PDF, etc.)
- Admin GUI for configuration
- REST API for programmatic access
- SSO integration (OIDC, SAML, SPNEGO, Entra ID)
- i18n support (20+ languages)

## Tech Stack

| Component | Technology |
|-----------|------------|
| Web Framework | LastaFlute (MVC framework) |
| DI Container | Lasta Di |

 *
 * This interface defines the contract for SSO authentication providers that can be
 * integrated with Fess. Implementations handle specific SSO protocols like SAML,
 * OAuth, SPNEGO, or other authentication mechanisms. Each authenticator is responsible
 * for obtaining login credentials, resolving user information, and managing SSO
 * lifecycle operations like logout and metadata exchange.
 */

- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features
- **Per-context configuration**: No global state, each context encapsulates configuration
- **Authentication**: NTLM, Kerberos, SPNEGO unified subsystem
- **SLF4J Logging**: Comprehensive logging throughout the codebase
- **Resource Management**: AutoCloseable patterns for file handles and connections
- **Thread Safety**: Components support concurrent access

            }
        } else {
            server.guid = new byte[16];
            System.arraycopy(buffer, bufferIndex, server.guid, 0, 16);
            server.oemDomainName = new String();
            // ignore SPNEGO token for now ...
        }

        return bufferIndex - start;
    }

    @Override
    public String toString() {

 * scattered authentication implementations.
 */
public interface AuthenticationProvider {

    /**
     * Authentication type enumeration
     */
    enum AuthType {
        NTLM, KERBEROS, SPNEGO, GUEST, ANONYMOUS
    }

    /**
     * Gets the authentication type
     *
     * @return the authentication type
     */
    AuthType getAuthType();

    /**

    protected boolean allowNTLMFallback = true;
    /** Whether to use raw NTLM authentication without SPNEGO */
    protected boolean useRawNTLM = false;
    /** Whether to disable SPNEGO integrity checking */
    protected boolean disableSpnegoIntegrity = false;
    /** Whether to enforce SPNEGO integrity checking */
    protected boolean enforceSpnegoIntegrity = true;
    /** Whether plain text passwords are disabled */