}

        @Test
        @DisplayName("Should handle exception when getting challenge")
        void testGetChallengeException() throws CIFSException {
            // Given
            when(transportPool.getChallenge(context, address)).thenThrow(new CIFSException("Failed to get challenge"));

            // When & Then

     * Authenticates using the provided context
     *
     * @param context the CIFS context
     * @param challenge the server challenge (may be null for some auth types)
     * @return authentication response data
     * @throws CIFSException if authentication fails
     */
    byte[] authenticate(CIFSContext context, byte[] challenge) throws CIFSException;

    /**
     * Gets the session key after successful authentication
     *

If the response issues an authorization challenge, OkHttp will ask the [`Authenticator`](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-authenticator/) (if one is configured) to satisfy the challenge. If the authenticator supplies a credential, the request is retried with that credential included.

## Retrying Requests

     * @param username the username to authenticate with
     * @param challenge the server challenge bytes
     * @param ansiHash the ANSI password hash
     * @param unicodeHash the Unicode password hash
     */
    public NtlmPasswordAuthentication(final String domain, final String username, final byte[] challenge, final byte[] ansiHash,
            final byte[] unicodeHash) {

     */
    @Deprecated
    void logon(CIFSContext tc, Address dc, int port) throws CIFSException;

    /**
     * Get NTLM challenge from a server
     *
     * @param dc the domain controller address
     * @param tc the CIFS context containing credentials
     * @return NTLM challenge
     * @throws CIFSException if an error occurs during authentication

        }
        return new NtlmChallenge(trans.server.encryptionKey, dc);
    }

    /**
     * Retrieves an NTLM challenge from a domain controller for the configured domain.
     *
     * @return the NTLM challenge from the domain controller
     * @throws SmbException if an SMB error occurs
     * @throws UnknownHostException if the domain controller cannot be resolved
     */

            }
            NtlmPasswordAuthentication ntlm;
            if (msg.startsWith("NTLM ")) {
                final byte[] challenge = SmbSession.getChallenge(dc);
                ntlm = NtlmSsp.authenticate(request, response, challenge);
                if (ntlm == null) {
                    return;
                }
            } else {

        NtlmContext context = new NtlmContext(mockAuth, true);

        // State 1: Generate Type 1 message
        context.initSecContext(new byte[0], 0, 0);

        // Create a mock Type 2 message (server challenge)
        byte[] serverChallenge = new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
        int type2Flags = NtlmFlags.NTLMSSP_NEGOTIATE_NTLM | NtlmFlags.NTLMSSP_REQUEST_TARGET | NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH

            assertEquals(expectedFlags, message.getFlags(), "Default flags should be set correctly");
            assertNull(message.getChallenge(), "Challenge should initially be null");
            assertNull(message.getTarget(), "Target should initially be null");
            assertNull(message.getTargetInformation(), "Target information should be null when no target is set");
        }

// error if the server message is invalid.  Calling Step after a conversation
// completes is also an error.
func (x *XDGSCRAMClient) Step(challenge string) (response string, err error) {
	response, err = x.ClientConversation.Step(challenge)
	return response, err
}

// Done returns true if the conversation is completed or has errored.
func (x *XDGSCRAMClient) Done() bool {
	return x.ClientConversation.Done()