* one or more streams, and then released. An allocated connection won't be stolen by other calls
 * while a redirect or authorization challenge is being handled.
 *
 * When the maximum concurrent streams limit is reduced, some allocations will be rescinded.
 * Attempting to create new streams on these allocations will fail.
 *

     *
     * This method handles the primary SSO authentication flow. It checks if a user
     * is already logged in, attempts SSO authentication, and handles various
     * authentication scenarios including success, failure, and challenge responses.
     *
     * @return ActionResponse directing to the appropriate page based on authentication result
     */
    @Execute
    public ActionResponse index() {

   *
   *  * A stale connection. The request was made on a reused connection and that reused connection
   *    has since been closed by the server.
   *  * A client timeout (HTTP 408).
   *  * A authorization challenge (HTTP 401 and 407) that is satisfied by the [Authenticator].
   *  * A retryable server failure (HTTP 503 with a `Retry-After: 0` response header).
   *  * A misdirected request (HTTP 421) on a coalesced connection.
   */

        // This simplified test just verifies the initial handshake detection
    }

    /**
     * Test handshake failure when the server does not return an NTLM challenge.
     * @throws IOException
     */
    @Test
    void testHandshakeFails_NoNtlmChallenge() throws IOException {
        // Arrange
        mockResponse(HTTP_UNAUTHORIZED, "Unauthorized",

        final long expiration = System.currentTimeMillis() + Dfs.TTL * 1000;

        int di = 0;
        for (;;) {
            /* NTLM HTTP Authentication must be re-negotiated
             * with challenge from 'server' to access DFS vol. */
            dr.resolveHashes = auth.hashesExternal;
            dr.ttl = resp.referrals[di].ttl;
            dr.expiration = expiration;
            if (path.equals("")) {

 * **Cache**: directory
 * **CacheControl**: immutable, maxAgeSeconds, maxStaleSeconds, minFreshSeconds, mustRevalidate,
   noCache, noStore, noTransform, onlyIfCached, sMaxAgeSeconds
 * **Challenge**: authParams, charset, realm, scheme
 * **CipherSuite**: javaName
 * **ConnectionSpec**: cipherSuites, supportsTlsExtensions, tlsVersions
 * **Cookie**: domain, expiresAt, hostOnly, httpOnly, name, path, persistent, value

    application code to omit a message.

 *  The challenge's scheme and realm are now non-null. If you are calling
    `new Challenge(scheme, realm)` you must provide non-null values. These were
    never null in challenges created by OkHttp, but could have been null in
    application code that creates challenges.

 *  New: The `TlsVersion` of a `Handshake` is now non-null. If you are calling

   *  * [OkHttpClient.followSslRedirects] must be true to follow redirects that add or remove HTTPS.
   *  * [OkHttpClient.authenticator] must respond to an authorization challenge.
   *
   * @param networkResponse the intermediate response that may require a follow-up request.
   * @param nextRequest the follow-up request that will be made. Null if no follow-up will be made.
   */

	public final fun matchesCertificate (Ljava/security/cert/X509Certificate;)Z
	public final fun matchesHostname (Ljava/lang/String;)Z
	public fun toString ()Ljava/lang/String;
}

public final class okhttp3/Challenge {
	public final fun -deprecated_authParams ()Ljava/util/Map;
	public final fun -deprecated_charset ()Ljava/nio/charset/Charset;
	public final fun -deprecated_realm ()Ljava/lang/String;

 *  **OkAuthenticator has been replaced with Authenticator.** This new
    authenticator has access to the full incoming response and can respond with
    whichever followup request is appropriate. The `Challenge` class is now a
    top-level class and `Credential` is replaced with a utility class called
    `Credentials`.

 *  **OkHttpClient.getFollowProtocolRedirects() renamed to