The mechanism presently contains the following implementation:

        byte[] hA1 = getH_A1(messageDigest, username, messageRealm);

        if (hA1 == null) {
            httpDigest.trace("Failed: unable to get expected proof");
            fail();
            request.authenticationFailed(httpDigest.authenticationFailed(), httpResponse -> prepareResponse(selectedRealm, httpResponse, false));
            return;
        }

However getH_A1 will never return null, instead it will throw AuthenticationMechanismException.

This block should be updated to handle the Exception instead of the null check.

We probably need to be careful with the call to fail() incase the username was not set on the ServerAuthenticationContext as this now could throw an IllegalStateException which we would want to ignore.