*
 * @author Zoe Piepmeier
 * @since 16.0
 */
@Beta
public final class HashingOutputStream extends FilterOutputStream {
  private final Hasher hasher;

  /**
   * Creates an output stream that hashes using the given {@link HashFunction}, and forwards all
   * data written to it to the underlying {@link OutputStream}.
   *
   * <p>The {@link OutputStream} should not be written to before or after the hand-off.
   */

import jcifs.smb1.smb1.NtlmPasswordAuthentication;
import jcifs.smb1.util.Base64;

/**
 * This class is used internally by {@code NtlmHttpFilter},
 * {@code NtlmServlet}, and {@code NetworkExplorer} to negiotiate password
 * hashes via NTLM SSP with MSIE. It might also be used directly by servlet
 * containers to incorporate similar functionality.
 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is

   * into 29 bits):
   *
   * <ul>
   *   <li>If the IPv6 address contains an embedded IPv4 address, the function hashes that.
   *   <li>Otherwise, it hashes the upper 64 bits of the IPv6 address.
   * </ul>
   *
   * <p>A "coerced" IPv4 address is equivalent to itself.
   *

        assertEquals("DOMAIN", auth.getDomain());
        assertEquals("user", auth.getUsername());
        assertNotNull(auth.getPassword()); // Should fall back to default
    }

    // Test constructor with external hashes
    @Test
    void testConstructorWithExternalHashes() {
        byte[] challenge = new byte[8];
        byte[] ansiHash = new byte[24];
        byte[] unicodeHash = new byte[24];

    private static final int DEFAULT_HASH_ALGORITHM = HASH_ALGO_SHA512;
    private static final int SALT_SIZE = 32; // 32 bytes as per SMB 3.1.1 spec
    private static final int HASH_SIZE_SHA512 = 64; // SHA-512 produces 64-byte hashes

    // Session-specific preauth integrity contexts
    private final ConcurrentMap<String, PreauthIntegrityContext> sessionContexts = new ConcurrentHashMap<>();

    // Security configuration

     * @return the username
     */
    public String getUsername() {
        return this.username;
    }

    /**
     * Returns the password in plain text or <code>null</code> if the raw password
     * hashes were used to construct this <code>NtlmPasswordAuthentication</code>
     * object which will be the case when NTLM HTTP Authentication is
     * used. There is no way to retrieve a users password in plain text unless

  // is masked in order to correspond to the current table size. For example, if the table size
  // is 128 then the mask is 127 == 0x7f, keeping the bottom 7 bits of the hash value.
  // If a key hashes to 0x89abcdef the mask reduces it to 0x89abcdef & 0x7f == 0x6f. We'll call this
  // the "short hash".
  //
  // The `keys`, `values`, and `entries` arrays always have the same size as each other. They can be

            }
            if (sae.getNtStatus() == NtStatus.NT_STATUS_ACCESS_VIOLATION) {
                /* Server challenge no longer valid for
                 * externally supplied password hashes.
                 */
                resp.sendRedirect(req.getRequestURL().toString());
                return;
            }
            resp.setHeader("WWW-Authenticate", "NTLM");
            if (offerBasic) {

            // Test with concrete implementation
            assertDoesNotThrow(() -> concreteImplementation.replaceCache());
        }

        @Test
        @DisplayName("Should check if resolve hashes")
        void testIsResolveHashes() {
            // Test with mock
            when(mockReferralData.isResolveHashes()).thenReturn(true);
            assertTrue(mockReferralData.isResolveHashes());

 *
 */
public class DocumentHelper {
    private static final Logger logger = LogManager.getLogger(DocumentHelper.class);

    /** Prefix used for encoded similar document hashes */
    protected static final String SIMILAR_DOC_HASH_PREFIX = "$";

    /**
     * Default constructor for DocumentHelper.
     * Creates a new document helper instance.
     */
    public DocumentHelper() {