switch ( tagged.getTagNo() ) {
            case 0: // Ticket Flags
                break;
            case 1: // Key
                break;
            case 2: // Realm
                DERGeneralString derRealm = ASN1Util.as(DERGeneralString.class, tagged);
                this.userRealm = derRealm.getString();
                break;
            case 3: // Principal

                pvno: 5
                msg-type: krb-ap-req (14)
                Padding: 0
                ap-options: 20000000
                ticket
                    tkt-vno: 5
                    realm: W2K19SINGLE.SPRINGFIELD
                    sname
                        name-type: kRB5-NT-UNKNOWN (0)
                        sname-string: 2 items
                            SNameString: cifs

labels.authRealm=Realm
labels.available=Статус
labels.createdBy=Создано
labels.createdTime=Время создания
labels.depth=Глубина
labels.excludedPaths=Исключенные пути для сканирования
labels.excludedUrls=Исключенные URLs для сканирования
labels.excludedDocPaths=Исключенные пути для индексаци
labels.excludedDocUrls=Исключенные URLs для индексации
labels.hostname=Hostname
labels.id=ID
labels.includedPaths=Включить путь для сканирования

   * auth param in the challenge at key null. Invalid headers and challenges are ignored.
   * No semantic validation is done, for example that `Basic` auth must have a `realm`
   * auth param, this is up to the caller that interprets these challenges.
   */
  fun challenges(): List<Challenge> {
    return headers.parseChallenges(
      when (code) {

labels.authRealm=Realm
labels.available=Status
labels.createdBy=Created by
labels.createdTime=Created Time
labels.depth=Depth
labels.excludedPaths=Excluded Paths For Crawling
labels.excludedUrls=Excluded URLs For Crawling
labels.excludedDocPaths=Excluded Paths For Indexing
labels.excludedDocUrls=Excluded URLs For Indexing
labels.hostname=Hostname
labels.id=ID
labels.includedPaths=Included Paths For Crawling

    var challenge = Challenge("", mapOf("" to ""))
    challenge = Challenge("", "")
    val scheme: String = challenge.scheme
    val authParams: Map<String?, String> = challenge.authParams
    val realm: String? = challenge.realm
    val charset: Charset = challenge.charset
    val utf8: Challenge = challenge.withCharset(Charsets.UTF_8)
  }

  @Test
  fun cipherSuite() {

  fun proxyAuthenticateOnConnect() {
    server.useHttps(handshakeCertificates.sslSocketFactory())
    server.enqueue(
      MockResponse(
        code = 407,
        headers = headersOf("Proxy-Authenticate", "Basic realm=\"localhost\""),
        inTunnel = true,
      ),
    )
    server.enqueue(
      MockResponse(inTunnel = true),
    )
    server.enqueue(
      MockResponse(body = "response body"),
    )

At the very least in the short term the resource needs to know how to look up the component that is required to perform the work. This needs to be made simple, for the time being we can write and test plugins working in the same realm until we get complete isolation working.

h3. Plugins need a specific metadata model

    when (responseCode) {
      HttpURLConnection.HTTP_PROXY_AUTH -> {
        builder.addHeader("Proxy-Authenticate: Basic realm=\"protected area\"")
      }

      HttpURLConnection.HTTP_UNAUTHORIZED -> {
        builder.addHeader("WWW-Authenticate: Basic realm=\"protected area\"")
      }

      HttpURLConnection.HTTP_NO_CONTENT, HttpURLConnection.HTTP_RESET -> {

  ) {
    setUp(protocol, mockWebServer)
    server.enqueue(
      MockResponse(
        code = HttpURLConnection.HTTP_UNAUTHORIZED,
        headers = headersOf("www-authenticate", "Basic realm=\"protected area\""),
        body = "Please authenticate.",
      ),
    )
    server.enqueue(
      MockResponse(body = "Successful auth!"),
    )
    val credential = basic("username", "password")