assertSame(transport, t);
        verify(transport, times(1)).acquire();
    }

    @Test
    @DisplayName("isSignatureSetupRequired depends on digest and negotiate flags")
    void testIsSignatureSetupRequired() throws Exception {
        SmbSessionImpl session = newSession();

        // Case 1: digest already set -> false

 * **reactive** authentication after receiving a challenge from either an origin web server or proxy
 * server.
 *
 * ## Preemptive Authentication
 *
 * To make HTTPS calls using an HTTP proxy server OkHttp must first negotiate a connection with
 * the proxy. This proxy connection is called a "TLS Tunnel" and is specified by
 * [RFC 2817][1]. The HTTP CONNECT request that creates this tunnel connection is special: it

    memory if web socket compression is negotiated but not used.


## Version 4.5.0-RC1

_2020-03-17_

**This release candidate turns on web socket compression.**

The [spec][rfc_7692] includes a sophisticated mechanism for client and server to negotiate
compression features. We strive to offer great performance in our default configuration and so we're

        // observed too that signatures on error responses are sometimes wrong??
        // Looks like the failure case also is just reflecting back the signature we sent

        // with SMB3's negotiation validation it's no longer possible to ignore this (on the validation response)
        // make sure that validation is performed in any case
        final Smb2SigningDigest dgst = getDigest();

    /** Extended attributes supported flag */
    int FLAGS2_EXTENDED_ATTRIBUTES = 0x0002;
    /** Security signatures supported flag */
    int FLAGS2_SECURITY_SIGNATURES = 0x0004;
    /** Extended security negotiation flag */
    int FLAGS2_EXTENDED_SECURITY_NEGOTIATION = 0x0800;
    /** Resolve paths in DFS flag */
    int FLAGS2_RESOLVE_PATHS_IN_DFS = 0x1000;
    /** Permit read if execute permission flag */

     * both internally supplied passwords are equal. If one {@code NtlmPasswordAuthentication} object has external
     * hashes (meaning negotiated via NTLM HTTP Authentication) and the other does not they will not be equal. This is
     * technically not correct however the server 8 byte challenge would be required to compute and compare the password

        response.getServerData().smaxMpxCount = 1;
        response.getServerData().maxBufferSize = 16384;

        assertTrue(response.isValid(mockContext, request));
        // After negotiation, check if unicode capability is preserved
        assertTrue((response.getNegotiatedCapabilities() & SmbConstants.CAP_UNICODE) != 0);
    }

    @Test
    public void testIsValidWithInvalidDialect() {

import jakarta.servlet.http.HttpServletResponse;

/**
 * SPNEGO (Security Provider Negotiation Protocol) authenticator implementation.
 *
 * This class provides Single Sign-On (SSO) authentication using the SPNEGO protocol,
 * which is commonly used for Kerberos-based authentication in Windows environments.
 * It handles the negotiation between client and server to establish a secure

   OkHttp.
 * Expose the transport ("http/1.1", "spdy/3", etc.) via magic request headers.
   Use `X-Android-Transports` to write the preferred transports and
   `X-Android-Selected-Transport` to read the negotiated transport.


## Version 1.0.2

_2013-05-11_

 * Fix: Remove use of Java 6-only APIs.
 * Fix: Properly handle exceptions from `NetworkInterface` when querying MTU.

There may be many routes for a single address. For example, a webserver that is hosted in multiple datacenters may yield multiple IP addresses in its DNS response.