* {@code Iterable}. Except as noted, each method has a corresponding {@link Iterator}-based method
 * in the {@link Iterators} class.
 *
 * <p><b>Java 8+ users:</b> several common uses for this class are now more comprehensively
 * addressed by the new {@link java.util.stream.Stream} library. Read the method documentation below

   * response code is 407 proxy unauthorized, this returns the "Proxy-Authenticate" challenges.
   * Otherwise this returns an empty list of challenges.
   *
   * If a challenge uses the `token68` variant instead of auth params, there is exactly one
   * auth param in the challenge at key null. Invalid headers and challenges are ignored.

import okio.ByteString
import okio.Source
import okio.buffer

/**
 * Read and write HPACK v10.
 *
 * http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-12
 *
 * This implementation uses an array for the dynamic table and a list for indexed entries. Dynamic
 * entries are added to the array, starting in the last position moving forward. When the array
 * fills, it is doubled.
 */
@Suppress("NAME_SHADOWING")

     * requests may be assisted by the cache via conditional GET requests.
     */
    @JvmField
    val FORCE_NETWORK = commonForceNetwork()

    /**
     * Cache control request directives that uses the cache only, even if the cached response is
     * stale. If the response isn't available in the cache or requires server validation, the call
     * will fail with a `504 Unsatisfiable Request`.
     */
    @JvmField

        handshakeCertificates.sslSocketFactory(),
        handshakeCertificates.trustManager,
      ).build()
  }

  private fun buildServerSslSocketFactory(): SSLSocketFactory {
    // The test uses JDK default SSL Context instead of the Platform provided one
    // as Conscrypt seems to have some differences, we only want to test client side here.
    return try {
      val keyManager =
        newKeyManager(

 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */

import jcifs.RuntimeCIFSException;
import jcifs.config.PropertyConfiguration;
import jcifs.context.BaseContext;
import jcifs.smb.NtlmPasswordAuthentication;

/**
 * Tests for the NtlmHttpURLConnection class.
 * This class uses Mockito to simulate the behavior of HttpURLConnection and other dependencies.
 */
@ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT)
class NtlmHttpURLConnectionTest {

    @Mock

   * this address.
   *
   * If [planToReplace] is non-null, this will swap it for a pooled connection if that pooled
   * connection uses HTTP/2. That results in fewer sockets overall and thus fewer TCP slow starts.
   */
  internal fun planReusePooledConnection(
    planToReplace: ConnectPlan? = null,
    routes: List<Route>? = null,
  ): ReusePlan? {

        // Also verify client challenge sits at mac(16) + blob offset 16
        assertArrayEquals(clientChallenge, Arrays.copyOfRange(actual, 16 + 16, 16 + 16 + 8));
    }

    @Test
    @DisplayName("getPreNTLMResponse: uses OEM bytes, truncates to 14, verifies interactions")
    void testGetPreNTLMResponse_basicAndInteractions() throws Exception {
        // Arrange
        when(cifsContext.getConfig()).thenReturn(configuration);

 * is used to verify the signature of the "www.squareup.com" certificate.
 *
 * This roles are reversed for client authentication. In that case the client has a private key and
 * a chain of certificates. The server uses a set of trusted root certificates to authenticate the
 * client. Subject alternative names are not used for client authentication.
 */
@Suppress("DEPRECATION")
class HeldCertificate(