import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Map;

import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;

import org.junit.jupiter.api.Test;

/**
 * Tests for the PacMac class.
 */
class PacMacTest {

        transport = new SmbTransportImpl(context, address, 445, null, 0, false);
    }

    /**
     * Test that pre-auth integrity hash is properly synchronized
     */
    @Test
    @DisplayName("Pre-auth integrity hash should be thread-safe")
    void testPreauthHashThreadSafety() throws Exception {
        // Setup SMB3.1.1 negotiation

		return ErrSTSAccessDenied
	}
}

func checkAssumeRoleAuth(ctx context.Context, r *http.Request) (auth.Credentials, APIErrorCode) {
	if !isRequestSignatureV4(r) {
		return auth.Credentials{}, ErrAccessDenied
	}

	s3Err := isReqAuthenticated(ctx, r, globalSite.Region(), serviceSTS)
	if s3Err != ErrNone {
		return auth.Credentials{}, s3Err
	}

	user, _, s3Err := getReqAccessKeyV4(r, globalSite.Region(), serviceSTS)

//     - http://docs.aws.amazon.com/AmazonS3/latest/dev/auth-request-sig-v2.html
// returns true if matches, false otherwise. if error is not nil then it is always false

func validateV2AuthHeader(r *http.Request) (auth.Credentials, APIErrorCode) {
	var cred auth.Credentials
	v2Auth := r.Header.Get(xhttp.Authorization)
	if v2Auth == "" {
		return cred, ErrAuthHeaderEmpty
	}

    public synchronized static void setDefault(final NtlmAuthenticator a) {
        if (auth != null) {
            return;
        }
        auth = a;
    }

    /**
     * Gets the default NTLM authenticator.
     * @return the default authentication credentials provider
     */
    public static NtlmAuthenticator getDefault() {
        return auth;
    }

    /**
     * Gets the URL that is requesting authentication.

	// Get current object layer instance.
	objectAPI := newObjectLayerFn()
	if objectAPI == nil || globalNotificationSys == nil {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL)
		return nil, auth.Credentials{}
	}

	for _, action := range actions {
		// Validate request signature.

     * @param url the DCERPC URL specifying the endpoint
     * @param auth the NTLM authentication credentials
     * @throws UnknownHostException if the host cannot be resolved
     * @throws MalformedURLException if the URL is malformed
     * @throws DcerpcException if DCERPC initialization fails
     */
    public DcerpcPipeHandle(String url, final NtlmPasswordAuthentication auth)

		return updatedAt, errServerNotInitialized
	}

	if !auth.IsAccessKeyValid(accessKey) {
		return updatedAt, auth.ErrInvalidAccessKeyLength
	}

	if auth.ContainsReservedChars(accessKey) {
		return updatedAt, auth.ErrContainsReservedChars
	}

	if !auth.IsSecretKeyValid(ureq.SecretKey) {
		return updatedAt, auth.ErrInvalidSecretKeyLength
	}

                ssn.removeAttribute("NtlmHttpChal");
            } else {
                final String auth = new String(Base64.decode(msg.substring(6)), "US-ASCII");
                int index = auth.indexOf(':');
                String user = index != -1 ? auth.substring(0, index) : auth;
                final String password = index != -1 ? auth.substring(index + 1) : "";
                index = user.indexOf('\\');
                if (index == -1) {

package jcifs.pac.kerberos;

import java.security.Key;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/**
 * Kerberos credentials management class that handles authentication through JAAS.
 */
public class KerberosCredentials {