in kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssTokenV2.java [229:272]
private void reconstructTokenHeader(MessageProp prop, InputStream is) throws GSSException {
try {
if (is.read(header, 0, header.length) != header.length) {
throw new GSSException(GSSException.FAILURE, -1, "Token header can not be read");
}
int tokenIDRecv = (((int) header[0]) << 8) + header[1];
if (tokenIDRecv != tokenType) {
throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
"Token ID should be " + tokenType + " instead of " + tokenIDRecv);
}
int senderFlag = isInitiator ? FLAG_SENT_BY_ACCEPTOR : 0;
int senderFlagRecv = header[2] & FLAG_SENT_BY_ACCEPTOR;
if (senderFlagRecv != senderFlag) {
throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1, "Invalid acceptor flag");
}
int confFlagRecv = header[2] & FLAG_SEALED;
if (confFlagRecv == FLAG_SEALED && tokenType == TOKEN_WRAP_V2) {
prop.setPrivacy(true);
} else {
prop.setPrivacy(false);
}
if (tokenType == TOKEN_WRAP_V2) {
if (header[3] != (byte) 0xFF) {
throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1, "Invalid token filler");
}
ec = BytesUtil.bytes2short(header, OFFSET_EC, true);
rrc = BytesUtil.bytes2short(header, OFFSET_RRC, true);
} else if (tokenType == TOKEN_MIC_V2) {
for (int i = 3; i < 8; i++) {
if ((header[i] & 0xFF) != 0xFF) {
throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1, "Invalid token filler");
}
}
}
prop.setQOP(0);
sequenceNumber = (int) BytesUtil.bytes2long(header, 0, true);
} catch (IOException e) {
throw new GSSException(GSSException.FAILURE, -1, "Phrase token header failed");
}
}