class HTTPClient::SSPINegotiateAuth

SSPINegotiateAuth depends on ‘win32/sspi’ module.
Used in ProxyAuth.
Authentication filter for handling Negotiate/NTLM negotiation.

def challenge(uri, param_str)

Challenge handler: remember URL and challenge token for response. 
def challenge(uri, param_str)
  return false unless SSPIEnabled
  if param_str.nil? or @challenge[uri].nil?
    c = @challenge[uri] = {}
    c[:state] = :init
    c[:authenticator] = nil
    c[:authphrase] = ""
  else
    c = @challenge[uri]
    c[:state] = :response
    c[:authphrase] = param_str
  end
  true
end

def get(req)

See win32/sspi for negotiation state transition.
Response handler: returns credential. 
def get(req)
  return nil unless SSPIEnabled
  target_uri = req.header.request_uri
  domain_uri, param = @challenge.find { |uri, v|
    Util.uri_part_of(target_uri, uri)
  }
  return nil unless param
  state = param[:state]
  authenticator = param[:authenticator]
  authphrase = param[:authphrase]
  case state
  when :init
    authenticator = param[:authenticator] = Win32::SSPI::NegotiateAuth.new
    return authenticator.get_initial_token(@scheme)
  when :response
    @challenge.delete(domain_uri)
    return authenticator.complete_authentication(authphrase)
  end
  nil
end

def initialize

Creates new SSPINegotiateAuth filter. 
def initialize
  @challenge = {}
  @scheme = "Negotiate"
end

def reset_challenge

server sends '*Authentication' again.
Resets challenge state. Do not send '*Authorization' header until the 
def reset_challenge
  @challenge.clear
end

def set(uri, user, passwd)

See win32/sspi for more details.
NOT SUPPORTED: username and necessary data is retrieved by win32/sspi.
Set authentication credential. 
def set(uri, user, passwd)
  # not supported
end