import jcifs.internal.smb2.ServerMessageBlock2Response;
import jcifs.internal.util.SMBUtil;
import jcifs.smb.NtStatus;

/**
 * SMB2 Session Setup response message. This response contains the server's authentication
 * challenge or confirms successful session establishment.
 *
 * @author mbechler
 *
 */
public class Smb2SessionSetupResponse extends ServerMessageBlock2Response {

    /**

     *
     * This method handles the primary SSO authentication flow. It checks if a user
     * is already logged in, attempts SSO authentication, and handles various
     * authentication scenarios including success, failure, and challenge responses.
     *
     * @return ActionResponse directing to the appropriate page based on authentication result
     */
    @Execute
    public ActionResponse index() {

        verify(pooledSpy).disconnect(false, false);
        verify(nonPooledSpy).disconnect(false, false);
    }

    @Test
    @DisplayName("Should get challenge from server")
    void testGetChallenge() throws Exception {
        // Given: Mock transport with server key
        byte[] expectedKey = { 1, 2, 3, 4 };

        SmbTransportPoolImpl poolSpy = spy(pool);

        // This simplified test just verifies the initial handshake detection
    }

    /**
     * Test handshake failure when the server does not return an NTLM challenge.
     * @throws IOException
     */
    @Test
    void testHandshakeFails_NoNtlmChallenge() throws IOException {
        // Arrange
        mockResponse(HTTP_UNAUTHORIZED, "Unauthorized",

   *
   *  * A stale connection. The request was made on a reused connection and that reused connection
   *    has since been closed by the server.
   *  * A client timeout (HTTP 408).
   *  * A authorization challenge (HTTP 401 and 407) that is satisfied by the [Authenticator].
   *  * A retryable server failure (HTTP 503 with a `Retry-After: 0` response header).
   *  * A misdirected request (HTTP 421) on a coalesced connection.
   */

        final long expiration = System.currentTimeMillis() + Dfs.TTL * 1000;

        int di = 0;
        for (;;) {
            /* NTLM HTTP Authentication must be re-negotiated
             * with challenge from 'server' to access DFS vol. */
            dr.resolveHashes = auth.hashesExternal;
            dr.ttl = resp.referrals[di].ttl;
            dr.expiration = expiration;
            if (path.equals("")) {

 * **Cache**: directory
 * **CacheControl**: immutable, maxAgeSeconds, maxStaleSeconds, minFreshSeconds, mustRevalidate,
   noCache, noStore, noTransform, onlyIfCached, sMaxAgeSeconds
 * **Challenge**: authParams, charset, realm, scheme
 * **CipherSuite**: javaName
 * **ConnectionSpec**: cipherSuites, supportsTlsExtensions, tlsVersions
 * **Cookie**: domain, expiresAt, hostOnly, httpOnly, name, path, persistent, value

        include a WWW-Authenticate header.

        Ref: https://datatracker.ietf.org/doc/html/rfc9110#name-401-unauthorized

        For this, this method sends a custom challenge `APIKey`.
        """
        return HTTPException(
            status_code=HTTP_401_UNAUTHORIZED,
            detail="Not authenticated",
            headers={"WWW-Authenticate": "APIKey"},
        )

          call: Call,
          response: Response,
        ) {
          responses.offer(response.body.string())
        }
      }

    // Make the first request waiting until we get our auth challenge.
    val request = Request(server.url("/"))
    blockingAuthClient.newCall(request).enqueue(callback)
    val response1 = responses.take()
    assertThat(response1).isEqualTo("")

        .addHeader("Last-Modified: " + formatDate(-1, TimeUnit.HOURS))
        .addHeader("Expires: " + formatDate(1, TimeUnit.HOURS))
        .code(responseCode)
        .body("ABCDE")
        .addHeader("WWW-Authenticate: challenge")
    when (responseCode) {
      HttpURLConnection.HTTP_PROXY_AUTH -> {
        builder.addHeader("Proxy-Authenticate: Basic realm=\"protected area\"")
      }

      HttpURLConnection.HTTP_UNAUTHORIZED -> {