package jcifs.smb;


import org.bouncycastle.asn1.ASN1ObjectIdentifier;

import jcifs.CIFSException;


/**
 * @author mbechler
 *
 */
public interface SSPContext {

    /**
     * @return the signing key for the session
     * 
     * @throws CIFSException
     */
    byte[] getSigningKey () throws CIFSException;


    /**
     * @return whether the context is established
     */

     * 
     * @param tc
     * @param chlng
     *            The server challenge.
     * @return A <code>byte[]</code> containing the effective user session key,
     *         used in SMB MAC signing and NTLMSSP signing and sealing.
     */
    public byte[] getUserSessionKey ( CIFSContext tc, byte[] chlng ) {
        byte[] key = new byte[16];
        try {
            getUserSessionKey(tc, chlng, key, 0);
        }

                 * junk. We need to bump up the wordCount here so that this method returns
                 * the correct number of bytes for signing purposes. Otherwise we get a
                 * signing verification failure.
                 */
                if (command == SMB_COM_NT_CREATE_ANDX && ((SmbComNTCreateAndXResponse)this).isExtended)
                    wordCount += 8;

                 * junk. We need to bump up the wordCount here so that this method returns
                 * the correct number of bytes for signing purposes. Otherwise we get a
                 * signing verification failure.
                 */
                if ( this.getCommand() == SMB_COM_NT_CREATE_ANDX && ( (SmbComNTCreateAndXResponse) this ).isExtended()

  }

  /**
   * Returns true if [toVerify] was signed by [signingCert]'s public key.
   *
   * @param minIntermediates the minimum number of intermediate certificates in [signingCert]. This
   *     is -1 if signing cert is a lone self-signed certificate.
   */
  private fun verifySignature(
    toVerify: X509Certificate,
    signingCert: X509Certificate,
    minIntermediates: Int,
  ): Boolean {

    )
    server.enqueue(MockResponse())
    assertFailsWith<SSLPeerUnverifiedException> {
      val response = execute(url)
      response.close()
    }
  }

  /** Can still coalesce when pinning is used if pins match.  */
  @Test
  fun coalescesWhenCertificatePinsMatch() {
    val pinner =
      CertificatePinner.Builder()
        .add("san.com", pin(certificate.certificate))
        .build()

     * If the host platform is compromised or misconfigured this may contain untrustworthy root
     * certificates. Applications that connect to a known set of servers may be able to mitigate
     * this problem with [certificate pinning][CertificatePinner].
     */
    fun addPlatformTrustedCertificates() =
      apply {
        val platformTrustManager = Platform.get().platformTrustManager()

      // do not retry.
      if (e.cause is CertificateException) {
        return false
      }
    }
    if (e is SSLPeerUnverifiedException) {
      // e.g. a certificate pinning error.
      return false
    }
    // An example of one we might want to retry with a different route is a problem connecting to a

   *
   * <p>Any parts of the range not already present in this map are mapped to the specified value,
   * unless the value is {@code null}.
   *
   * <p>Any existing entry spanning either range boundary may be split at the boundary, even if the
   * merge does not affect its value. For example, if {@code rangeMap} had one entry {@code [1, 5]

     * 
     * @return whether to enable SMB signing (for everything), if available
     */
    boolean isSigningEnabled ();


    /**
     * 
     * Property <tt>jcifs.smb.client.ipcSigningEnforced</tt> (boolean, default true)
     * 
     * @return whether to enforce SMB signing for IPC connections
     */
    boolean isIpcSigningEnforced ();


    /**