import sun.security.krb5.internal.AuthorizationData; //導入方法依賴的package包/類
private Map decodeAuthorizationData(AuthorizationData authorizationData) throws Exception{
Map clientDetailsFromPac = new HashMap();
//Iterate through the authorizationData and find adData with adType = AD-IF-RELEVANT (1) - see RFC 4210 section 7.5.4
for( int i = 0; i < authorizationData.count(); i++) {
if (authorizationData.item(i).adType == 1){
DerInputStream adDataStream = new DerInputStream(authorizationData.item(i).adData);
DerValue[] values = adDataStream.getSet(authorizationData.item(i).adData.length, true);
//values[0] contains authorizationData entry with adType = AD-WIN2k-PAC (128) - see RFC 4210 section 7.5.4
DerValue pacDerValue = values[0];
AuthorizationDataEntry pacAuthorizationDataEntry = new AuthorizationDataEntry(pacDerValue);
if (pacAuthorizationDataEntry.adType != 128){
throw new IOException("PAC not found within authorization data as expected. Was expecting adType=128 (AD-WIN2K-PAC) within AD-IF-RELEVANT");
}
Pac pac = new Pac(pacAuthorizationDataEntry.adData, this.serverPrivateKey);
clientDetailsFromPac.put("pac", pac);
clientDetailsFromPac.put("fullName", pac.getFullName());
clientDetailsFromPac.put("groupMemberships", pac.getGroupMemberships());
clientDetailsFromPac.put("homeDirectory", pac.getHomeDirectory());
clientDetailsFromPac.put("groupCount", pac.getiGroupCount());
clientDetailsFromPac.put("kdc", pac.getKdc());
clientDetailsFromPac.put("logonCount", pac.getLogonCount());
clientDetailsFromPac.put("logonDomainName", pac.getLogonDomainName());
clientDetailsFromPac.put("passwordExpiryDateTime", pac.getPasswordExpiresDateTime());
clientDetailsFromPac.put("passwordSetDateTime", pac.getPasswordSetDateTime());
clientDetailsFromPac.put("primaryGroup", pac.getPrimaryGroup());
clientDetailsFromPac.put("profilePath", pac.getProfilePath());
}
}
return clientDetailsFromPac;
}