}

    /**
     * This constructor used to instance a SigningDigest object for
     * signing/verifying SMB using kerberos session key.
     * The MAC Key = concat(Session Key, Digest of Challenge);
     * Because of Kerberos Authentication don't have challenge,
     * The MAC Key = Session Key
     *
     * @param macSigningKey
     *            The MAC key used to sign or verify SMB.
     */

                }

                req.getSession(); /* ensure session id is set for cluster env. */
                challenge = getTransportContext().getTransportPool().getChallenge(getTransportContext(), dc);
                if ((ntlm = NtlmSsp.authenticate(getTransportContext(), req, resp, challenge)) == null) {
                    return;
                }
            } else { /* Basic */

    /**
     * Calculates the LMv2 response for NTLM authentication.
     *
     * @param type2 the Type-2 message containing the server challenge
     * @param domain the domain name
     * @param user the username
     * @param password the user's password
     * @param clientChallenge the client challenge bytes
     * @return the calculated LMv2 response
     */

     * @throws CIFSException
     */
    @Test
    void testService_NtlmAuth_Success() throws Exception {
        ntlmServlet.init(servletConfig);
        setupMocksForAuth();

        byte[] challenge = new byte[8];
        NtlmPasswordAuthentication ntlmAuth = new NtlmPasswordAuthentication(cifsContext, "TEST_DOMAIN", "user", "password");

        try (MockedStatic<NtlmSsp> ntlmSspMock = Mockito.mockStatic(NtlmSsp.class)) {

            }
            NtlmPasswordAuthentication ntlm;
            if (msg.startsWith("NTLM ")) {
                final byte[] challenge = getTransportContext().getTransportPool().getChallenge(getTransportContext(), dc);
                ntlm = NtlmSsp.authenticate(getTransportContext(), request, response, challenge);
                if (ntlm == null) {
                    return;
                }
            } else {

    }

    @Override
    public boolean isEstablished() {
        return this.isEstablished;
    }

    /**
     * Gets the server's NTLM challenge bytes.
     * @return the server's challenge
     */
    public byte[] getServerChallenge() {
        return this.serverChallenge;
    }

    @Override
    public byte[] getSigningKey() {
        return this.masterKey;

                }

                req.getSession(); /* ensure session id is set for cluster env. */
                challenge = SmbSession.getChallenge(dc);
                if ((ntlm = NtlmSsp.authenticate(req, resp, challenge)) == null) {
                    return;
                }
            } else { /* Basic */

import jcifs.Configuration;
import jcifs.internal.util.SMBUtil;

/**
 * NTLMSSP AV pair representing single host information in NTLM authentication.
 * Contains host-specific data used during the NTLM challenge-response process.
 *
 * @author mbechler
 */
public class AvSingleHost extends AvPair {

    /**
     * Constructs an AvSingleHost from raw byte data
     *

        """
        The OAuth 2 specification doesn't define the challenge that should be used,
        because a `Bearer` token is not really the only option to authenticate.

        But declaring any other authentication challenge would be application-specific
        as it's not defined in the specification.

        For practical reasons, this method uses the `Bearer` challenge by default, as
        it's probably the most common one.

In limited situations OkHttp will retry a route if connecting fails:

 * When making an HTTPS connection through an HTTP proxy, the proxy may issue an authentication challenge. OkHttp will call the proxy [authenticator](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-authenticator/) and try again.