return getPreNTLMResponse(password, challenge);
        }
    }

    /**
     * Computes the 24 byte Unicode password hash given the 8 byte server challenge.
     *
     * @param challenge the server challenge bytes
     * @return the Unicode password hash
     */
    public byte[] getUnicodeHash(final byte[] challenge) {
        if (hashesExternal) {
            return unicodeHash;
        }

     * extracts the user principal from successful authentication.
     *
     * @return The login credential containing the authenticated username,
     *         an ActionResponseCredential for authentication challenges,
     *         or null if no authentication information is available
     * @throws SsoLoginException if SPNEGO authentication fails
     */
    @Override
    public LoginCredential getLoginCredential() {

          assertThat(response.code).isEqualTo(HttpURLConnection.HTTP_PROXY_AUTH)
          assertThat(response.request.url.host).isEqualTo("android.com")
          val challenges = response.challenges()
          assertThat(challenges[0].scheme).isEqualTo("OkHttp-Preemptive")
          response.request
            .newBuilder()
            .header("Proxy-Authorization", credential)
            .build()

 *  Fix: Limit to 20 authorization attempts.

## Version 2.1.0

_2014-11-11_

 *  New: Typesafe APIs for interacting with cipher suites and TLS versions.
 *  Fix: Don't crash when mixing authorization challenges with upload retries.


## Version 2.1.0-RC1

_2014-11-04_

 *  **OkHttp now caches private responses**. We've changed from a shared cache

     */
    fun fastFallback(fastFallback: Boolean) =
      apply {
        this.fastFallback = fastFallback
      }

    /**
     * Sets the authenticator used to respond to challenges from origin servers. Use
     * [proxyAuthenticator] to set the authenticator for proxy servers.
     *
     * If unset, the [no authentication will be attempted][Authenticator.NONE].
     */

	public final fun body ()Lokhttp3/ResponseBody;
	public final fun cacheControl ()Lokhttp3/CacheControl;
	public final fun cacheResponse ()Lokhttp3/Response;
	public final fun challenges ()Ljava/util/List;
	public fun close ()V
	public final fun code ()I
	public final fun handshake ()Lokhttp3/Handshake;
	public final fun header (Ljava/lang/String;)Ljava/lang/String;

 *  New: `EventListener.followUpDecision()` is called each time a response is received. It notifies
    your listener if OkHttp has decided to make a follow-up request. Some common follow-ups are
    authentication challenges and redirects.

 *  New: Handy constants for `Headers.EMPTY`, `RequestBody.EMPTY`, and `ResponseBody.EMPTY`.

 *  New: OkHttp now calls `StrictMode.noteSlowCall()` when initializing TLS on Android. Use

    val response = authenticator.onlyResponse()
    assertThat(
      response.request.url
        .toUrl()
        .path,
    ).isEqualTo("/private")
    assertThat(response.challenges()).isEqualTo(listOf(Challenge("Basic", "protected area")))
  }

  @Test
  fun customTokenAuthenticator() {
    server.enqueue(
      MockResponse(
        code = 401,

import java.util.Collections.singletonMap
import java.util.Locale.US
import kotlin.text.Charsets.ISO_8859_1
import okhttp3.internal.unmodifiable

/**
 * An [RFC 7235][rfc_7235] challenge.
 *
 * [rfc_7235]: https://tools.ietf.org/html/rfc7235
 */
class Challenge(
  /** Returns the authentication scheme, like `Basic`. */
  @get:JvmName("scheme") val scheme: String,
  authParams: Map<String?, String>,
) {
  /**

	public final fun body ()Lokhttp3/ResponseBody;
	public final fun cacheControl ()Lokhttp3/CacheControl;
	public final fun cacheResponse ()Lokhttp3/Response;
	public final fun challenges ()Ljava/util/List;
	public fun close ()V
	public final fun code ()I
	public final fun handshake ()Lokhttp3/Handshake;
	public final fun header (Ljava/lang/String;)Ljava/lang/String;