private byte[] parseToken(byte[] rawToken) {
byte[] token = rawToken;
DerValue tmpToken = new DerValue(rawToken);
if (debug.messageEnabled()) {
debug.message("token tag:" + DerValue.printByte(tmpToken.getTag()));
}
if (tmpToken.getTag() != (byte) 0x60) {
return null;
}
ByteArrayInputStream tmpInput = new ByteArrayInputStream(tmpToken.getData());
// check for SPNEGO OID
byte[] oidArray = new byte[spnegoOID.length];
tmpInput.read(oidArray, 0, oidArray.length);
if (Arrays.equals(oidArray, spnegoOID)) {
debug.message("SPNEGO OID found in the Auth Token");
tmpToken = new DerValue(tmpInput);
// 0xa0 indicates an init token(NegTokenInit); 0xa1 indicates an
// response arg token(NegTokenTarg). no arg token is needed for us.
if (tmpToken.getTag() == (byte) 0xa0) {
debug.message("DerValue: found init token");
tmpToken = new DerValue(tmpToken.getData());
if (tmpToken.getTag() == (byte) 0x30) {
debug.message("DerValue: 0x30 constructed token found");
tmpInput = new ByteArrayInputStream(tmpToken.getData());
tmpToken = new DerValue(tmpInput);
// In an init token, it can contain 4 optional arguments:
// a0: mechTypes
// a1: contextFlags
// a2: octect string(with leading char 0x04) for the token
// a3: message integrity value
while (tmpToken.getTag() != (byte) -1 && tmpToken.getTag() != (byte) 0xa2) {
// look for next mech token DER
tmpToken = new DerValue(tmpInput);
}
if (tmpToken.getTag() != (byte) -1) {
// retrieve octet string
tmpToken = new DerValue(tmpToken.getData());
token = tmpToken.getData();
}
}
}
} else {
debug.message("SPNEGO OID not found in the Auth Token");
byte[] krb5Oid = new byte[KERBEROS_V5_OID.length];
int i = 0;
for (; i < oidArray.length; i++) {
krb5Oid[i] = oidArray[i];
}
tmpInput.read(krb5Oid, i, krb5Oid.length - i);
if (!Arrays.equals(krb5Oid, KERBEROS_V5_OID)) {
debug.message("Kerberos V5 OID not found in the Auth Token");
token = null;
} else {
debug.message("Kerberos V5 OID found in the Auth Token");
}
}
return token;
}
