* Provides core functionality for encoding/decoding SMB messages, handling message signing,
 * and managing message metadata such as IDs, commands, and authentication information.
 *
 * @author mbechler
 */
public interface CommonServerMessageBlock extends Message {

    /**
     * Decode message data from the given byte array
     *

sasl_username    (string)    username for SASL/PLAIN or SASL/SCRAM authentication
sasl_password    (string)    password for SASL/PLAIN or SASL/SCRAM authentication
sasl_mechanism   (string)    sasl authentication mechanism, default 'PLAIN'
tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth
sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS

**NOTE**: When configuring multiple OpenID based authentication providers on a MinIO cluster, any number of Role Policy based providers may be configured, and at most one JWT Claim based provider may be configured.

<details><summary>Example 1: Two role policy providers</summary>

import kotlin.text.Charsets.ISO_8859_1
import okhttp3.internal.unmodifiable

/**
 * An [RFC 7235][rfc_7235] challenge.
 *
 * [rfc_7235]: https://tools.ietf.org/html/rfc7235
 */
class Challenge(
  /** Returns the authentication scheme, like `Basic`. */
  @get:JvmName("scheme") val scheme: String,
  authParams: Map<String?, String>,
) {
  /**
   * Returns the auth params, including [realm] and [charset] if present, but as

import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.BERTags;

import jcifs.pac.ASN1Util;
import jcifs.pac.PACDecodingException;

/**
 * Represents a Kerberos authentication token.
 */
public class KerberosToken {

    private KerberosApRequest apRequest;

    /**
     * Constructs a KerberosToken from token bytes.
     *
     * @param token the token bytes

    // retry, we return true and try a new route.
    return true
  }

  /**
   * Figures out the HTTP request to make in response to receiving [userResponse]. This will
   * either add authentication headers, follow redirects or handle a client request timeout. If a
   * follow-up is either unnecessary or not applicable, this returns null.
   */
  @Throws(IOException::class)
  private fun followUpRequest(

        assertFalse(exception.isAuthenticationError());
        assertFalse(exception.isFileSystemError());
        assertFalse(exception.isTransientError());

        // Authentication error
        exception = new SmbOperationException(SmbOperationException.ErrorCode.INVALID_CREDENTIALS, "Bad password");
        assertFalse(exception.isNetworkError());
        assertTrue(exception.isAuthenticationError());

 * is used to verify the signature of the "www.squareup.com" certificate.
 *
 * This roles are reversed for client authentication. In that case the client has a private key and
 * a chain of certificates. The server uses a set of trusted root certificates to authenticate the
 * client. Subject alternative names are not used for client authentication.
 */
@Suppress("DEPRECATION")
class HeldCertificate(
  @get:JvmName("keyPair") val keyPair: KeyPair,

This is very useful when you need to:

* Have shared logic (the same code logic again and again).
* Share database connections.
* Enforce security, authentication, role requirements, etc.
* And many other things...

All these, while minimizing code repetition.

## First Steps { #first-steps }

import jcifs.CIFSException;

/**
 * Security Support Provider (SSP) context.
 *
 * This interface provides context for security support provider
 * operations during SMB authentication.
 *
 * @author mbechler
 */
public interface SSPContext {

    /**
     * Gets the signing key for the session.
     * @return the signing key for the session