*            NT password hash, hex encoded
     */
    public NtlmNtHashAuthenticator(final String domain, final String username, final String passwordHashHex) {
        this(domain, username, Hex.decode(passwordHashHex));
    }

    private NtlmNtHashAuthenticator(final byte[] passwordHash) {
        this.ntHash = passwordHash;
    }

    /**
     * {@inheritDoc}
     *

     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })
    public ActionResponse download(final String id) {
        final String filename = new String(Base64.getDecoder().decode(id), StandardCharsets.UTF_8).replace("..", "").replaceAll("\\s", "");
        final String logFilePath = systemHelper.getLogFilePath();
        if (StringUtil.isNotBlank(logFilePath) && isLogFilename(filename)) {

        if (msg != null && msg.startsWith("NTLM ")) {
            final byte[] src = Base64.decode(msg.substring(5));
            if (src[8] == 1) {
                final Type1Message type1 = new Type1Message(src);
                final Type2Message type2 = new Type2Message(tc, type1, challenge, null);
                msg = new String(Base64.encode(type2.toByteArray()), "US-ASCII");
                resp.setHeader("WWW-Authenticate", "NTLM " + msg);

	respBody, err := client.callWithContext(ctx, peerRESTMethodDownloadProfilingData, nil, nil, -1)
	if err != nil {
		return
	}
	defer xhttp.DrainBody(respBody)
	err = gob.NewDecoder(respBody).Decode(&data)
	return data, err
}

// GetBucketStats - load bucket statistics
func (client *peerRESTClient) GetBucketStats(ctx context.Context, bucket string) (BucketStats, error) {

import jcifs.smb1.ntlmssp.NtlmMessage;
import jcifs.smb1.ntlmssp.Type1Message;
import jcifs.smb1.ntlmssp.Type2Message;
import jcifs.smb1.ntlmssp.Type3Message;
import jcifs.smb1.util.Base64;

/**
 * Wraps an <code>HttpURLConnection</code> to provide NTLM authentication
 * services.
 *
 * Please read <a href="../../../httpclient.html">Using jCIFS NTLM Authentication for HTTP Connections</a>.
 */

	v := healingTracker{}
	var buf bytes.Buffer
	msgp.Encode(&buf, &v)

	m := v.Msgsize()
	if buf.Len() > m {
		t.Log("WARNING: TestEncodeDecodehealingTracker Msgsize() is inaccurate")
	}

	vn := healingTracker{}
	err := msgp.Decode(&buf, &vn)
	if err != nil {
		t.Error(err)
	}

	buf.Reset()
	msgp.Encode(&buf, &v)
	err = msgp.NewReader(&buf).Skip()
	if err != nil {
		t.Error(err)
	}

	// secret key, temporary credentials become invalid if
	// server admin credentials change. This is done to ensure
	// that clients cannot decode the token using the temp
	// secret keys and generate an entirely new claim by essentially
	// hijacking the policies. We need to make sure that this is
	// based on admin credential such that token cannot be decoded
	// on the client side and is treated like an opaque value.

        for (int i = 0; i < getNumEntries(); i++) {
            results[i] = e = new FileBothDirectoryInfo(getConfig(), isUseUnicode());

            e.decode(buffer, bufferIndex, len);

            /*
             * lastNameOffset ends up pointing to either to
             * the exact location of the filename(e.g. Win98)

        final int bufferLength = SMBUtil.readInt4(buffer, bufferIndex);
        bufferIndex += 4;
        final Decodable i = createInformation(this.expectInfoType, this.expectInfoClass);
        if (i != null) {
            i.decode(buffer, bufferOffset, bufferLength);
        }
        bufferIndex = Math.max(bufferIndex, bufferOffset + bufferLength);
        this.info = i;
        return bufferIndex - start;
    }

        if (this.getErrorCode() != 0) {
            return 4;
        }

        try {
            this.securityDescriptor = new SecurityDescriptor();
            bufferIndex += this.securityDescriptor.decode(buffer, bufferIndex, len);
        } catch (final IOException ioe) {
            throw new RuntimeCIFSException(ioe.getMessage());
        }

        return bufferIndex - start;
    }

    @Override