}

  @Test @Disabled
  fun challenge() {
    val challenge = Challenge("", mapOf("" to ""))
    val scheme: String = challenge.scheme()
    val authParams: Map<String?, String> = challenge.authParams()
    val realm: String? = challenge.realm()
    val charset: Charset = challenge.charset()
  }

  @Test @Disabled
  fun cipherSuite() {

    @Mock
    private HttpServletRequest mockRequest;

    @Mock
    private HttpServletResponse mockResponse;

    private NtlmSsp ntlmSsp;

    // A sample challenge array
    private final byte[] challenge = new byte[] { 0x01, 0x23, 0x45, 0x67, (byte) 0x89, (byte) 0xab, (byte) 0xcd, (byte) 0xef };

    // Base64 encoded Type 1 message: NTLMSSP, Type 1, flags=0x00088207

    private Type2Message createMockType2Message() {
        // Create a basic Type 2 message with challenge
        byte[] challenge = new byte[8];
        new SecureRandom().nextBytes(challenge);

        int flags = NtlmFlags.NTLMSSP_NEGOTIATE_UNICODE | NtlmFlags.NTLMSSP_NEGOTIATE_NTLM;

        return new Type2Message(createMockContext(), flags, challenge, "TARGET");
    }

    /**

                    }
                    dc = chal.dc;
                    challenge = chal.challenge;
                } else {
                    dc = getTransportContext().getNameServiceClient().getByName(this.domainController, true);
                    challenge = getTransportContext().getTransportPool().getChallenge(getTransportContext(), dc);
                }

   * auth param in the challenge at key null. Invalid headers and challenges are ignored.
   * No semantic validation is done, for example that `Basic` auth must have a `realm`
   * auth param, this is up to the caller that interprets these challenges.
   */
  fun challenges(): List<Challenge> {
    return headers.parseChallenges(
      when (code) {
        HTTP_UNAUTHORIZED -> "WWW-Authenticate"
        HTTP_PROXY_AUTH -> "Proxy-Authenticate"

     * @param workstation The workstation.
     * @param challenge The Type 2 challenge message.
     * @return The Type 3 message.
     * @throws NTLMEngineException if an NTLM engine error occurs.
     */
    @Override
    public String generateType3Msg(final String username, final String password, final String domain, final String workstation,
            final String challenge) throws NTLMEngineException {

        }

        @Test
        @DisplayName("Should handle exception when getting challenge")
        void testGetChallengeException() throws CIFSException {
            // Given
            when(transportPool.getChallenge(context, address)).thenThrow(new CIFSException("Failed to get challenge"));

            // When & Then

     * Authenticates using the provided context
     *
     * @param context the CIFS context
     * @param challenge the server challenge (may be null for some auth types)
     * @return authentication response data
     * @throws CIFSException if authentication fails
     */
    byte[] authenticate(CIFSContext context, byte[] challenge) throws CIFSException;

    /**
     * Gets the session key after successful authentication
     *

If the response issues an authorization challenge, OkHttp will ask the [`Authenticator`](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-authenticator/) (if one is configured) to satisfy the challenge. If the authenticator supplies a credential, the request is retried with that credential included.

## Retrying Requests

     */
    @Deprecated
    void logon(CIFSContext tc, Address dc, int port) throws CIFSException;

    /**
     * Get NTLM challenge from a server
     *
     * @param dc the domain controller address
     * @param tc the CIFS context containing credentials
     * @return NTLM challenge
     * @throws CIFSException if an error occurs during authentication