* hashes via NTLM SSP with MSIE. It might also be used directly by servlet
 * containers to incorporate similar functionality.
 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is
 * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
 * Authentication Scheme for HTTP</A>.  <p> Also, read <a
 * href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and

        // Should only offer NTLM, not Basic auth
        verify(response).setHeader("WWW-Authenticate", "NTLM");
        verify(response, never()).addHeader(eq("WWW-Authenticate"), eq("Basic realm=\"TestRealm\""));
    }

    @Test
    void testDoFilter_ntlmType1Message() throws Exception {
        // Test NTLM Type 1 message handling

    static {
        String domain = System.getProperty("http.auth.ntlm.domain");
        if (domain == null) {
            domain = Type3Message.getDefaultDomain();
        }
        DEFAULT_DOMAIN = domain;
    }

    /**
     * Creates a new NTLM HTTP URL connection that wraps an existing HTTP connection.
     *
     * @param connection the HTTP connection to wrap for NTLM authentication
     */

    /**
     * Challenge
     */
    public byte[] challenge;

    /**
     * Server address
     */
    public UniAddress dc;

    /**
     * Creates a new NTLM challenge with the specified parameters.
     * @param challenge the NTLM challenge bytes
     * @param dc the domain controller address
     */
    public NtlmChallenge(final byte[] challenge, final UniAddress dc) {
        this.challenge = challenge;

    void createContext_forceFallback_triggersNtlmAndFailsOnNonNtlmToken() throws CIFSException {
        when(tc.getConfig()).thenReturn(config);
        when(config.isAllowNTLMFallback()).thenReturn(true);
        when(config.isUseRawNTLM()).thenReturn(false);

        // Enable NTLM fallback by providing NTLM creds in constructor

                if (hashesExternal && ntlm.hashesExternal) {
                    return Arrays.equals(ansiHash, ntlm.ansiHash) && Arrays.equals(unicodeHash, ntlm.unicodeHash);
                    /* This still isn't quite right. If one npa object does not have external
                     * hashes and the other does then they will not be considered equal even

        verify(mockResponse).setHeader("WWW-Authenticate", "NTLM");
        verify(mockResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        verify(mockResponse).setContentLength(0);
        verify(mockResponse).flushBuffer();
    }

    /**
     * Test case for when the 'Authorization' header contains a Type 1 NTLM message.

        verify(response).setHeader("WWW-Authenticate", "NTLM");
        verify(response).addHeader("WWW-Authenticate", "Basic realm=\"TestRealm\"");
        verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }

    /**
     * Test the service method with a valid NTLM Authorization header.
     * Simulates a successful NTLM authentication.
     * @throws ServletException
     * @throws IOException

        if (super.equals(obj)) {
            if (!(obj instanceof final NtlmPasswordAuthentication ntlm)) {
                return !this.areHashesExternal();
            }
            if (this.areHashesExternal() && ntlm.areHashesExternal()) {
                return Arrays.equals(this.ansiHash, ntlm.ansiHash) && Arrays.equals(this.unicodeHash, ntlm.unicodeHash);
                /*

                ntlm = new NtlmPasswordAuthentication(domain, user, password);
            }

            req.getSession().setAttribute("npa-" + server, ntlm);

        } else if (!credentialsSupplied) {
            if (ssn != null) {
                ntlm = (NtlmPasswordAuthentication) ssn.getAttribute("npa-" + server);
            }
            if (ntlm == null) {