* hashes. This is used exclusively by the {@code jcifs.http.NtlmSsp}
     * class which is in turn used by NTLM HTTP authentication functionality.
     *
     * @param domain the authentication domain
     * @param username the username to authenticate with
     * @param challenge the server challenge bytes
     * @param ansiHash the ANSI password hash

hmac-sha1-96
```

### Certificate-based authentication

`--sftp=trusted-user-ca-key=...` specifies a file containing public key of certificate authority that is trusted
to sign user certificates for authentication.

Implementation is identical with "TrustedUserCAKeys" setting in OpenSSH server with exception that only one CA
key can be defined.

import jcifs.smb1.util.Encdec;
import jcifs.smb1.util.Hexdump;
import jcifs.smb1.util.LogStream;

/**
For initiating NTLM authentication (including NTLMv2). If you want to add NTLMv2 authentication support to something this is what you want to use. See the code for details. Note that JCIFS does not implement the acceptor side of NTLM authentication.
 */

public class NtlmContext {

    NtlmPasswordAuthentication auth;
    int ntlmsspFlags;

    }

    /**
     * Returns the authentication target.
     *
     * @return A <code>String</code> containing the authentication target.
     */
    public String getTarget() {
        return this.target;
    }

    /**
     * Sets the authentication target.
     *
     * @param target
     *            The authentication target.
     */

    /** The security context lifetime */
    private int contextLifetime = GSSContext.DEFAULT_LIFETIME;
    /** Flag indicating if fallback authentication is allowed */
    private boolean canFallback = false;
    /** Flag to force fallback authentication */
    private boolean forceFallback;

    static {
        PREFERRED_MECHS.add(new ASN1ObjectIdentifier("1.2.840.113554.1.2.2"));

 * <p>
 * How NTLMSSP is used in conjunction with HTTP and MSIE clients is
 * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
 * Authentication Scheme for HTTP</A>.  <p> Also, read <a
 * href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and
 * the Network Explorer Servlet</a> related information.
 */

public class NtlmSsp implements NtlmFlags {

    /**
     * Default constructor.

    /** The default domain for NTLM authentication */
    private String defaultDomain;

    /** The domain controller for authentication */
    private String domainController;

    /** Flag to enable load balancing across domain controllers */
    private boolean loadBalance;

    /** Flag to enable basic authentication */
    private boolean enableBasic;

    /** Flag to allow insecure basic authentication */

        ntlmServlet.service(request, response);

        // Verify that no authentication challenge is sent
        verify(response, never()).setHeader(eq("WWW-Authenticate"), anyString());
        verify(response, never()).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }

    /**
     * Helper method to set up common mocks required for authentication tests.
     * @throws CIFSException
     */

 * MSIE clients using NTLM SSP. This is similar to {@code Authentication:
 * BASIC} but weakly encrypted and without requiring the user to re-supply
 * authentication credentials.
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> for complete details.
 */

/**
 * An HTTP servlet filter that provides NTLM authentication support for SMB1 protocol.

        repositorySystem.injectAuthentication(Arrays.asList(repository), Arrays.asList(server));
        Authentication authentication = repository.getAuthentication();
        assertNotNull(authentication);
        assertEquals("jason", authentication.getUsername());
        assertEquals("abc123", authentication.getPassword());
    }