import jcifs.internal.smb2.ServerMessageBlock2Response;
import jcifs.internal.util.SMBUtil;
import jcifs.smb.NtStatus;

/**
 * SMB2 Session Setup response message. This response contains the server's authentication
 * challenge or confirms successful session establishment.
 *
 * @author mbechler
 *
 */
public class Smb2SessionSetupResponse extends ServerMessageBlock2Response {

    /**

        throw IOException(npe)
      }
    }
  }

  /**
   * Does all the work to build an HTTPS connection over a proxy tunnel. The catch here is that a
   * proxy server can issue an auth challenge and then close the connection.
   *
   * @return the next plan to attempt, or null if no further attempt should be made either because
   *     we've successfully connected or because no further attempts should be made.

 * one or more streams, and then released. An allocated connection won't be stolen by other calls
 * while a redirect or authorization challenge is being handled.
 *
 * When the maximum concurrent streams limit is reduced, some allocations will be rescinded.
 * Attempting to create new streams on these allocations will fail.
 *

     *
     * This method handles the primary SSO authentication flow. It checks if a user
     * is already logged in, attempts SSO authentication, and handles various
     * authentication scenarios including success, failure, and challenge responses.
     *
     * @return ActionResponse directing to the appropriate page based on authentication result
     */
    @Execute
    public ActionResponse index() {

        verify(pooledSpy).disconnect(false, false);
        verify(nonPooledSpy).disconnect(false, false);
    }

    @Test
    @DisplayName("Should get challenge from server")
    void testGetChallenge() throws Exception {
        // Given: Mock transport with server key
        byte[] expectedKey = { 1, 2, 3, 4 };

        SmbTransportPoolImpl poolSpy = spy(pool);

        // This simplified test just verifies the initial handshake detection
    }

    /**
     * Test handshake failure when the server does not return an NTLM challenge.
     * @throws IOException
     */
    @Test
    void testHandshakeFails_NoNtlmChallenge() throws IOException {
        // Arrange
        mockResponse(HTTP_UNAUTHORIZED, "Unauthorized",

   *
   *  * A stale connection. The request was made on a reused connection and that reused connection
   *    has since been closed by the server.
   *  * A client timeout (HTTP 408).
   *  * A authorization challenge (HTTP 401 and 407) that is satisfied by the [Authenticator].
   *  * A retryable server failure (HTTP 503 with a `Retry-After: 0` response header).
   *  * A misdirected request (HTTP 421) on a coalesced connection.
   */

    application code to omit a message.

 *  The challenge's scheme and realm are now non-null. If you are calling
    `new Challenge(scheme, realm)` you must provide non-null values. These were
    never null in challenges created by OkHttp, but could have been null in
    application code that creates challenges.

 *  New: The `TlsVersion` of a `Handshake` is now non-null. If you are calling

        final long expiration = System.currentTimeMillis() + Dfs.TTL * 1000;

        int di = 0;
        for (;;) {
            /* NTLM HTTP Authentication must be re-negotiated
             * with challenge from 'server' to access DFS vol. */
            dr.resolveHashes = auth.hashesExternal;
            dr.ttl = resp.referrals[di].ttl;
            dr.expiration = expiration;
            if (path.equals("")) {

 * **Cache**: directory
 * **CacheControl**: immutable, maxAgeSeconds, maxStaleSeconds, minFreshSeconds, mustRevalidate,
   noCache, noStore, noTransform, onlyIfCached, sMaxAgeSeconds
 * **Challenge**: authParams, charset, realm, scheme
 * **CipherSuite**: javaName
 * **ConnectionSpec**: cipherSuites, supportsTlsExtensions, tlsVersions
 * **Cookie**: domain, expiresAt, hostOnly, httpOnly, name, path, persistent, value