public synchronized static void setDefault(final NtlmAuthenticator a) {
        if (auth != null) {
            return;
        }
        auth = a;
    }

    /**
     * Gets the default NTLM authenticator.
     * @return the default authentication credentials provider
     */
    public static NtlmAuthenticator getDefault() {
        return auth;
    }

    /**
     * Gets the URL that is requesting authentication.

 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.crawler.client.http.ntlm;

import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthSchemeProvider;
import org.apache.http.impl.auth.NTLMScheme;
import org.apache.http.protocol.HttpContext;

/**
 * This class is AuthSchemeFactory implementation for NTLM.
 *
 * @author shinsuke
 *
 */

		return updatedAt, errServerNotInitialized
	}

	if !auth.IsAccessKeyValid(accessKey) {
		return updatedAt, auth.ErrInvalidAccessKeyLength
	}

	if auth.ContainsReservedChars(accessKey) {
		return updatedAt, auth.ErrContainsReservedChars
	}

	if !auth.IsSecretKeyValid(ureq.SecretKey) {
		return updatedAt, auth.ErrInvalidSecretKeyLength
	}

                this.creds = renewed;
                return true;
            }
        }
        final NtlmAuthenticator auth = NtlmAuthenticator.getDefault();
        if (auth != null) {
            final NtlmPasswordAuthenticator newAuth =
                    NtlmAuthenticator.requestNtlmPasswordAuthentication(auth, locationHint, error instanceof SmbAuthException s ? s : null);
            if (newAuth != null) {
                this.creds = newAuth;

        if (session.transport.server.security == SECURITY_SHARE && (session.auth.hashesExternal || session.auth.password.length() > 0)) {

            if (session.transport.server.encryptedPasswords) {
                // encrypted
                password = session.auth.getAnsiHash(session.transport.server.encryptionKey);
                passwordLength = password.length;

    void matchesBehavior() {
        // Two distinct auth instances
        NtlmPasswordAuthentication a1 = new NtlmPasswordAuthentication("DOM", "user", "pwd");
        NtlmPasswordAuthentication a2 = new NtlmPasswordAuthentication("DOM", "user", "pwd");
        SmbSession s1 = new SmbSession(addr, 445, inet, 0, a1);
        SmbSession s2 = new SmbSession(addr, 445, inet, 0, a2);
        // same auth instance => matches
        assertTrue(s1.matches(a1));

     * @param pipeType the type of the pipe
     * @param auth the authentication credentials to use
     * @throws MalformedURLException if the URL is not properly formatted
     * @throws UnknownHostException if the host cannot be resolved
     */
    public SmbNamedPipe(final String url, final int pipeType, final NtlmPasswordAuthentication auth)
            throws MalformedURLException, UnknownHostException {

//     - http://docs.aws.amazon.com/AmazonS3/latest/dev/auth-request-sig-v2.html
// returns true if matches, false otherwise. if error is not nil then it is always false

func validateV2AuthHeader(r *http.Request) (auth.Credentials, APIErrorCode) {
	var cred auth.Credentials
	v2Auth := r.Header.Get(xhttp.Authorization)
	if v2Auth == "" {
		return cred, ErrAuthHeaderEmpty
	}

        DcerpcHandle handle = null;
        LsaPolicyHandle policyHandle = null;

        synchronized (sid_cache) {
            try {
                handle = DcerpcHandle.getHandle("ncacn_np:" + authorityServerName + "[\\PIPE\\lsarpc]", auth);
                String server = authorityServerName;

		return ErrSTSAccessDenied
	}
}

func checkAssumeRoleAuth(ctx context.Context, r *http.Request) (auth.Credentials, APIErrorCode) {
	if !isRequestSignatureV4(r) {
		return auth.Credentials{}, ErrAccessDenied
	}

	s3Err := isReqAuthenticated(ctx, r, globalSite.Region(), serviceSTS)
	if s3Err != ErrNone {
		return auth.Credentials{}, s3Err
	}

	user, _, s3Err := getReqAccessKeyV4(r, globalSite.Region(), serviceSTS)