*/
package jcifs.internal.smb2.nego;

import jcifs.internal.SMBProtocolDecodingException;
import jcifs.internal.smb2.Smb2Constants;
import jcifs.internal.util.SMBUtil;

/**
 * SMB2 RDMA Transform Capabilities negotiate context.
 *
 * This context is used during SMB2 negotiation to indicate RDMA transform
 * capabilities when SMB Direct is supported by the client and server.
 */

import jcifs.ntlmssp.Type3Message;
import jcifs.smb.NtlmPasswordAuthentication;

/**
 * This class is used internally by {@code NtlmHttpFilter},
 * {@code NtlmServlet}, and {@code NetworkExplorer} to negotiate password
 * hashes via NTLM SSP with MSIE. It might also be used directly by servlet
 * containers to incorporate similar functionality.
 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is

     * @return A <code>byte[]</code> containing the local security
     * context.  This is used by the client to negotiate local
     * authentication.
     */
    public byte[] getContext() {
        return context;
    }

    /**
     * Sets the local security context.  This is used by the client
     * to negotiate local authentication.
     *
     * @param context The local security context.
     */

        assertSame(transport, t);
        verify(transport, times(1)).acquire();
    }

    @Test
    @DisplayName("isSignatureSetupRequired depends on digest and negotiate flags")
    void testIsSignatureSetupRequired() throws Exception {
        SmbSessionImpl session = newSession();

        // Case 1: digest already set -> false

 * **reactive** authentication after receiving a challenge from either an origin web server or proxy
 * server.
 *
 * ## Preemptive Authentication
 *
 * To make HTTPS calls using an HTTP proxy server OkHttp must first negotiate a connection with
 * the proxy. This proxy connection is called a "TLS Tunnel" and is specified by
 * [RFC 2817][1]. The HTTP CONNECT request that creates this tunnel connection is special: it

        assertTrue(context.isEstablished());
        assertArrayEquals(serverChallenge, context.getServerChallenge());
        // Signing key may or may not be generated depending on flags negotiation
        // The context negotiates flags with server, so we can't guarantee signing key
    }

    @Test
    void testInitSecContext_state2_withoutSigning() throws Exception {

        // TCP fallback doesn't support real RDMA write
        throw new UnsupportedOperationException("RDMA write not supported by TCP fallback");
    }

    @Override
    public RdmaNegotiateResponse negotiate(RdmaNegotiateRequest request) throws IOException {
        // For TCP fallback, we simulate successful negotiation
        RdmaNegotiateResponse response = new RdmaNegotiateResponse();
        response.setStatus(0); // Success

There may be many routes for a single address. For example, a webserver that is hosted in multiple datacenters may yield multiple IP addresses in its DNS response.

    /**
     * Function code to trim file level storage
     */
    public static final int FSCTL_FILE_LEVEL_TRIM = 0x00098208;
    /**
     * Function code to validate SMB2 negotiate information
     */
    public static final int FSCTL_VALIDATE_NEGOTIATE_INFO = 0x000140204;

    /**
     * Flag indicating this IOCTL is a file system control operation
     */

        } catch (Exception e) {
            state = RdmaConnectionState.ERROR;
            throw new IOException("DiSNI RDMA write failed", e);
        }
    }

    @Override
    public RdmaNegotiateResponse negotiate(RdmaNegotiateRequest request) throws IOException {
        // Simulate successful negotiation for skeleton implementation
        RdmaNegotiateResponse response = new RdmaNegotiateResponse();