import jcifs.smb1.util.MD4;

/**
 * This class stores and encrypts NTLM user credentials. The default
 * credentials are retrieved from the {@code jcifs.smb1.smb1.client.domain},
 * {@code jcifs.smb1.smb1.client.username}, and {@code jcifs.smb1.smb1.client.password}
 * properties.
 * <p>
 * Read <a href="../../../authhandler.html">jCIFS Exceptions and
 * NtlmAuthenticator</a> for related information.
 */

minio server /data
```

NOTE: If `etcd` is configured with `Client-to-server authentication with HTTPS client certificates` then you need to use additional envs such as `MINIO_ETCD_CLIENT_CERT` pointing to path to `etcd-client.crt` and `MINIO_ETCD_CLIENT_CERT_KEY` path to `etcd-client.key` .

### 4. Test with MinIO STS API

Once etcd is configured, **any STS configuration** will work including Client Grants, Web Identity or AD/LDAP.

```
MINIO_IDENTITY_OPENID_DISPLAY_NAME="my first openid"
MINIO_IDENTITY_OPENID_CONFIG_URL=http://myopenid.com/.well-known/openid-configuration
MINIO_IDENTITY_OPENID_CLIENT_ID="minio-client-app"
MINIO_IDENTITY_OPENID_CLIENT_SECRET="minio-client-app-secret"
MINIO_IDENTITY_OPENID_SCOPES="openid,groups"
MINIO_IDENTITY_OPENID_REDIRECT_URI="http://127.0.0.1:10000/oauth_callback"
MINIO_IDENTITY_OPENID_ROLE_POLICY="consoleAdmin"

Also, note that the certificate has to contain the `Extended Key Usage: TLS Web Client Authentication`. Otherwise, MinIO would not accept the certificate as client certificate.

Now, the STS certificate-based authentication happens in 4 steps:

- Client sends HTTP `POST` request over a TLS connection hitting the MinIO TLS STS API.
- MinIO verifies that the client certificate is valid.

        .build()
    var client = buildClient(clientCert, clientIntermediateCa.certificate)
    val listener = RecordingEventListener()
    client =
      client
        .newBuilder()
        .eventListener(listener)
        .build()
    val socketFactory = buildServerSslSocketFactory()
    server.useHttps(socketFactory)
    server.requireClientAuth()

        Thread.sleep(1000)
        sendTestRequest(twitterRequest)
        Thread.sleep(1000)
        sendTestRequest(googleRequest)
        Thread.sleep(2000)
      }
    } finally {
      client.connectionPool.evictAll()
      client.dispatcher.executorService.shutdownNow()

      if (launch == CommandLine) {
        process?.destroyForcibly()
      }
    }
  }

  private fun sendTestRequest(request: Request) {

public static final String USE_RDMA = "jcifs.smb.client.useRDMA";
public static final String RDMA_PROVIDER = "jcifs.smb.client.rdmaProvider";
public static final String RDMA_READ_WRITE_THRESHOLD = "jcifs.smb.client.rdmaReadWriteThreshold";
public static final String RDMA_MAX_SEND_SIZE = "jcifs.smb.client.rdmaMaxSendSize";
public static final String RDMA_MAX_RECEIVE_SIZE = "jcifs.smb.client.rdmaMaxReceiveSize";

    client.newCall(request).execute().use {
      assertThat(it.protocol).isEqualTo(Protocol.HTTP_2)
      assertThat(it.handshake!!.tlsVersion).isEqualTo(TlsVersion.TLS_1_3)
    }

    client.connectionPool.evictAll()
    assertEquals(0, client.connectionPool.connectionCount())

    client.newCall(request).execute().use {

  val clientTestRule = OkHttpClientTestRule()

  @StartStop
  private val server = MockWebServer()

  private var client = clientTestRule.newClient()

  @Test
  fun testNetscapeResponse() {
    val cookieManager = CookieManager(null, CookiePolicy.ACCEPT_ORIGINAL_SERVER)
    client =
      client
        .newBuilder()
        .cookieJar(JavaNetCookieJar(cookieManager))
        .build()

 */
package jcifs;

import java.net.URLStreamHandler;

/**
 * Encapsulation of client context
 *
 *
 * A context holds the client configuration, shared services as well as the active credentials.
 *
 * Usually you will want to create one context per client configuration and then
 * multiple sub-contexts using different credentials (if necessary).
 *