private byte[] parseToken(byte[] rawToken) { byte[] token = rawToken; DerValue tmpToken = new DerValue(rawToken); if (debug.messageEnabled()) { debug.message("token tag:" + DerValue.printByte(tmpToken.getTag())); } if (tmpToken.getTag() != (byte) 0x60) { return null; } ByteArrayInputStream tmpInput = new ByteArrayInputStream(tmpToken.getData()); // check for SPNEGO OID byte[] oidArray = new byte[spnegoOID.length]; tmpInput.read(oidArray, 0, oidArray.length); if (Arrays.equals(oidArray, spnegoOID)) { debug.message("SPNEGO OID found in the Auth Token"); tmpToken = new DerValue(tmpInput); // 0xa0 indicates an init token(NegTokenInit); 0xa1 indicates an // response arg token(NegTokenTarg). no arg token is needed for us. if (tmpToken.getTag() == (byte) 0xa0) { debug.message("DerValue: found init token"); tmpToken = new DerValue(tmpToken.getData()); if (tmpToken.getTag() == (byte) 0x30) { debug.message("DerValue: 0x30 constructed token found"); tmpInput = new ByteArrayInputStream(tmpToken.getData()); tmpToken = new DerValue(tmpInput); // In an init token, it can contain 4 optional arguments: // a0: mechTypes // a1: contextFlags // a2: octect string(with leading char 0x04) for the token // a3: message integrity value while (tmpToken.getTag() != (byte) -1 && tmpToken.getTag() != (byte) 0xa2) { // look for next mech token DER tmpToken = new DerValue(tmpInput); } if (tmpToken.getTag() != (byte) -1) { // retrieve octet string tmpToken = new DerValue(tmpToken.getData()); token = tmpToken.getData(); } } } } else { debug.message("SPNEGO OID not found in the Auth Token"); byte[] krb5Oid = new byte[KERBEROS_V5_OID.length]; int i = 0; for (; i < oidArray.length; i++) { krb5Oid[i] = oidArray[i]; } tmpInput.read(krb5Oid, i, krb5Oid.length - i); if (!Arrays.equals(krb5Oid, KERBEROS_V5_OID)) { debug.message("Kerberos V5 OID not found in the Auth Token"); token = null; } else { debug.message("Kerberos V5 OID found in the Auth Token"); } } return token; }