// observed too that signatures on error responses are sometimes wrong??
        // Looks like the failure case also is just reflecting back the signature we sent

        // with SMB3's negotiation validation it's no longer possible to ignore this (on the validation response)
        // make sure that validation is performed in any case
        final Smb2SigningDigest dgst = getDigest();

    private int capabilities;

    /**
     * Constructs a session setup AndX request.
     *
     * @param tc the CIFS context containing configuration and credentials
     * @param negotiated the negotiation response containing server capabilities
     * @param andx the next command in the AndX chain, or null
     * @param cred the authentication credentials to use for the session

        assertTrue(context.isEstablished());
        assertArrayEquals(serverChallenge, context.getServerChallenge());
        // Signing key may or may not be generated depending on flags negotiation
        // The context negotiates flags with server, so we can't guarantee signing key
    }

    @Test
    void testInitSecContext_state2_withoutSigning() throws Exception {

    public boolean canReuse(final CIFSContext tc, final boolean forceSigning) {
        return this.getConfig().equals(tc.getConfig());
    }

    /**
     * Returns the index of the selected SMB dialect from the negotiation.
     *
     * @return the dialectIndex
     */
    public int getDialectIndex() {
        return this.dialectIndex;
    }

    /**

        response.getServerData().smaxMpxCount = 1;
        response.getServerData().maxBufferSize = 16384;

        assertTrue(response.isValid(mockContext, request));
        // After negotiation, check if unicode capability is preserved
        assertTrue((response.getNegotiatedCapabilities() & SmbConstants.CAP_UNICODE) != 0);
    }

    @Test
    public void testIsValidWithInvalidDialect() {

import jakarta.servlet.http.HttpServletResponse;

/**
 * SPNEGO (Security Provider Negotiation Protocol) authenticator implementation.
 *
 * This class provides Single Sign-On (SSO) authentication using the SPNEGO protocol,
 * which is commonly used for Kerberos-based authentication in Windows environments.
 * It handles the negotiation between client and server to establish a secure

     */
    @Test
    @DisplayName("Pre-auth integrity hash should be thread-safe")
    void testPreauthHashThreadSafety() throws Exception {
        // Setup SMB3.1.1 negotiation
        when(negotiateResponse.getSelectedDialect()).thenReturn(DialectVersion.SMB311);
        when(negotiateResponse.getSelectedPreauthHash()).thenReturn(1); // SHA-512
        setPrivateField(transport, "smb2", true);

    /** Extended attributes supported flag */
    int FLAGS2_EXTENDED_ATTRIBUTES = 0x0002;
    /** Security signatures supported flag */
    int FLAGS2_SECURITY_SIGNATURES = 0x0004;
    /** Extended security negotiation flag */
    int FLAGS2_EXTENDED_SECURITY_NEGOTIATION = 0x0800;
    /** Resolve paths in DFS flag */
    int FLAGS2_RESOLVE_PATHS_IN_DFS = 0x1000;
    /** Permit read if execute permission flag */

 *  * If `server_max_window_bits` is less than 15, OkHttp will waste memory on an oversized buffer.
 *
 * See [RFC 7692, 7.1][rfc_7692] for details on negotiation process.
 *
 * [rfc_7692]: https://tools.ietf.org/html/rfc7692#section-7.1
 */
@IgnoreJRERequirement // As of AGP 3.4.1, D8 desugars API 24 hashCode methods.
data class WebSocketExtensions(

        assertNotNull(channelManager.getChannels());
        // Note: isUseMultiChannel() checks if actual multi-channel is negotiated with server
        // In mock environment, this will be false until we mock successful negotiation

        // Verify load balancer is initialized
        assertNotNull(channelManager.getLoadBalancer());
    }

    @Test
    void testNetworkInterfaceInfo() throws Exception {