import com.google.common.io.BaseEncoding.DecodingException;

import jakarta.annotation.PostConstruct;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;

/**
 * OpenID Connect authenticator for SSO integration.
 */
public class OpenIdConnectAuthenticator implements SsoAuthenticator {

    /**
     * Default constructor.
     */
    public OpenIdConnectAuthenticator() {

	public static final field JAVA_NET_AUTHENTICATOR Lokhttp3/Authenticator;
	public static final field NONE Lokhttp3/Authenticator;
	public abstract fun authenticate (Lokhttp3/Route;Lokhttp3/Response;)Lokhttp3/Request;
}

public final class okhttp3/Authenticator$Companion {
}

public final class okhttp3/Cache : java/io/Closeable, java/io/Flushable {
	public static final field Companion Lokhttp3/Cache$Companion;

 */
package jcifs.smb;

import org.bouncycastle.util.encoders.Hex;

/**
 * Authenticator directly specifing the user's NT hash
 *
 * @author mbechler
 *
 */
public class NtlmNtHashAuthenticator extends NtlmPasswordAuthenticator {

    private static final long serialVersionUID = 4328214169536360351L;
    /** The NT hash for authentication */
    private final byte[] ntHash;

    /**

   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *
   * In order to support preemptive authentication we pass a fake "Auth Failed" response to the
   * authenticator. This gives the authenticator the option to customize the CONNECT request. It can
   * decline to do so by returning null, in which case OkHttp will use it as-is.
   */
  @Throws(IOException::class)

      public Authenticate() {
        client = new OkHttpClient.Builder()
            .authenticator(new Authenticator() {
              @Override public Request authenticate(Route route, Response response) throws IOException {
                if (response.request().header("Authorization") != null) {
                  return null; // Give up, we've already attempted to authenticate.
                }

   *    has since been closed by the server.
   *  * A client timeout (HTTP 408).
   *  * A authorization challenge (HTTP 401 and 407) that is satisfied by the [Authenticator].
   *  * A retryable server failure (HTTP 503 with a `Retry-After: 0` response header).
   *  * A misdirected request (HTTP 421) on a coalesced connection.
   */
  open fun isOneShot(): Boolean = false

        } catch (final Exception e) {
            throw new SsoLoginException("Failed to parse an authentication response.", e);
        }
    }

    /**
     * Validates the nonce in the authentication result.
     * @param stateData The stored state data containing the expected nonce.
     * @param authData The authentication result containing the actual nonce.
     */

 * Wraps an <code>HttpURLConnection</code> to provide NTLM authentication
 * services.
 *
 * Please read <a href="../../../httpclient.html">Using jCIFS NTLM Authentication for HTTP Connections</a>.
 *
 * Warning: Do not use this if there is a chance that you might have multiple connections (even plain
 * HttpURLConnections, for the complete JRE) to the same host with different or mixed anonymous/authenticated

  verbose "Falling back to use Java to download"
  javaSource="$TMP_DOWNLOAD_DIR/Downloader.java"
  targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName"
  cat >"$javaSource" <<-END
	public class Downloader extends java.net.Authenticator
	{
	  protected java.net.PasswordAuthentication getPasswordAuthentication()
	  {
	    return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() );

  var taskRunner: TaskRunner = taskFaker.taskRunner
  var dns: Dns = Dns.SYSTEM
  var proxy: Proxy = Proxy.NO_PROXY
  var proxySelector: ProxySelector = RecordingProxySelector()
  var proxyAuthenticator: Authenticator = RecordingOkAuthenticator("password", null)
  var connectionSpecs: List<ConnectionSpec> =
    listOf(
      ConnectionSpec.MODERN_TLS,
      ConnectionSpec.COMPATIBLE_TLS,
      ConnectionSpec.CLEARTEXT,
    )