*
 * This class represents login credentials obtained through SPNEGO (Security Provider
 * Negotiation Protocol) authentication. It contains the username extracted from the
 * SPNEGO authentication process, typically from a Kerberos ticket.
 */
public class SpnegoCredential implements LoginCredential, FessCredential {

    /** The username extracted from SPNEGO authentication. */
    private final String username;

    /**

package jcifs.pac.kerberos;

import static org.junit.jupiter.api.Assertions.assertEquals;

import org.junit.jupiter.api.Test;

/**
 * Tests for the KerberosConstants interface.
 */
class KerberosConstantsTest {

    /**
     * This test primarily exists to ensure the constants interface can be loaded
     * and to provide a basic check of its values.

 */
package jcifs.pac;

import jcifs.CIFSException;

/**
 * Exception thrown when PAC (Privilege Attribute Certificate) data cannot be decoded.
 * Indicates malformed or invalid PAC structures in Kerberos tickets.
 */
public class PACDecodingException extends CIFSException {

    private static final long serialVersionUID = 1L;

    /**
     * Constructs a new PAC decoding exception with no detail message.
     */

 * scattered authentication implementations.
 */
public interface AuthenticationProvider {

    /**
     * Authentication type enumeration
     */
    enum AuthType {
        NTLM, KERBEROS, SPNEGO, GUEST, ANONYMOUS
    }

    /**
     * Gets the authentication type
     *
     * @return the authentication type
     */
    AuthType getAuthType();

    /**

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.smb;

/**
 * This class represents the Secrity_Blob in SMB Block and is set to support
 * kerberos authentication.
 *
 * @author Shun
 *
 */
class SecurityBlob {

    private byte[] b = {};

    SecurityBlob() {
    }

    SecurityBlob(final byte[] b) {
        set(b);
    }

        }
    }

    /**
     * This constructor used to instance a SigningDigest object for
     * signing/verifying SMB using kerberos session key.
     * The MAC Key = concat(Session Key, Digest of Challenge);
     * Because of Kerberos Authentication don't have challenge,
     * The MAC Key = Session Key
     *
     * @param macSigningKey
     *            The MAC key used to sign or verify SMB.

     */
    int LOGON_EXTRA_SIDS = 0x20;
    /**
     * Flag for resource groups in logon information.
     */
    int LOGON_RESOURCE_GROUPS = 0x200;

    /**
     * Kerberos salt type for MD5 checksums.
     */
    int MD5_KRB_SALT = 17;
    /**
     * MD5 block length in bytes.
     */
    int MD5_BLOCK_LENGTH = 64;

import org.bouncycastle.asn1.DLSequence;

/**
 * Utility class for ASN.1 parsing and manipulation operations.
 *
 * This class provides helper methods for working with ASN.1
 * encoded data structures used in Kerberos PAC processing.
 */
public final class ASN1Util {

    private ASN1Util() {
    }

    /**
     * Casts an object to the specified type with type checking
     * @param <T> the target type

import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.CIFSException;

/**
 * JAAS kerberos authenticator
 *
 * Either configure JAAS for credential caching or reuse a single instance of this authenticator -otherwise you won't
 * get proper ticket caching.
 *

        buf[i++] = (byte) (nameLen & 0xFF);
        // NAME
        System.arraycopy(nameBytes, 0, buf, i, nameLen);
        return buf;
    }

    // Provide a common OID for tests (Kerberos V5 mechanism OID encoded in DER)
    private static ASN1ObjectIdentifier testOid() {
        return new ASN1ObjectIdentifier("1.2.840.113554.1.2.2");
    }

    private static byte[] oidDer() {