throw e;
        }
    }

    /**
     * Changes the password for a user identified by username.
     * Updates both the authentication manager and the database with the new encrypted password.
     *
     * @param username the username of the user
     * @param password the new password in plain text
     * @throws FessUserNotFoundException if the user is not found
     */

                // encrypted
                try {
                    this.password = pwAuth.getAnsiHash(this.ctx, this.server.encryptionKey);
                } catch (final GeneralSecurityException e) {
                    throw new RuntimeCIFSException("Failed to encrypt password", e);
                }
                this.passwordLength = this.password.length;
            } else if (this.ctx.getConfig().isDisablePlainTextPasswords()) {

    }

    /** The username. */
    @NotBlank
    public String username;

    /** The password. */
    @NotBlank
    public String password;

    /** The confirm password. */
    public String confirmPassword;

    /**
     * Clears the security info.
     */
    public void clearSecurityInfo() {
        password = null;
        confirmPassword = null;
    }

     * @param domain the domain for authentication
     * @param username the username for authentication
     * @param password the password for authentication
     */
    public JAASAuthenticator(String serviceName, String domain, String username, String password) {
        super(null, domain, username, password);
        this.serviceName = serviceName;
    }

    /**
     * Create an authenticator using the given credentials

    }

    @Test
    @DisplayName("handle: empty user/domain edge yields '@' and null password")
    void testHandleWithEmptyUserAndDomainEdge() throws Exception {
        // Default constructor results in empty strings for user and domain, null for password
        JAASAuthenticator auth = new JAASAuthenticator();
        NameCallback nc = new NameCallback("user:");

            credentials = new NTCredentials(username, password == null ? StringUtil.EMPTY : password,
                    workstation == null ? StringUtil.EMPTY : workstation, domain == null ? StringUtil.EMPTY : domain);
        } else {
            credentials = new UsernamePasswordCredentials(username, password == null ? StringUtil.EMPTY : password);
        }
        return credentials;
    }

labels.suggestWord=Suggest Word
labels.targetLabel=Label
labels.term=Term
labels.fields=Fields
labels.ex_q=Extended Query
labels.oldPassword=Current Password
labels.newPassword=New Password
labels.confirmNewPassword=New Password (Confirm)

labels.menu_system=System
labels.menu_wizard=Wizard
labels.menu_crawl_config=General
labels.menu_scheduler_config=Scheduler
labels.menu_dashboard_config=Dashboard

            throw new IllegalArgumentException("Password hash must be provided, expected length 16 byte");
        }
        this.ntHash = passwordHash;
    }

    /**
     * Create username/password credentials with specified domain
     *
     * @param domain the authentication domain
     * @param username the username
     * @param passwordHashHex
     *            NT password hash, hex encoded
     */

            auth1.close();
            auth2.close();
        }
    }

    /**
     * Test concurrent password comparisons to ensure thread safety and consistent timing.
     */
    @Test
    public void testConcurrentTimingConsistency() throws Exception {
        final char[] password = "concurrenttestpassword".toCharArray();
        final char[] wrongPassword = "concurrenttestpassworX".toCharArray(); // Different at end

            throw new IllegalArgumentException("Master password cannot be null or empty");
        }

        // Generate salt for key derivation
        this.salt = new byte[SALT_SIZE];
        secureRandom.nextBytes(this.salt);

        // Derive master key from password
        this.masterKey = deriveKey(masterPassword, salt);

        // Clear the master password after use
        Arrays.fill(masterPassword, '\0');
    }