Class NegTokenInit2

java.lang.Object
com.hierynomus.spnego.SpnegoToken
com.hierynomus.spnego.NegTokenInit
com.hierynomus.spnego.NegTokenInit2
public class NegTokenInit2 extends NegTokenInit
This class can encode and decode the MS extension of the SPNEGO negTokenInit2 Token.

The NegTokenInit2 message extends the NegTokenInit message with a 

negHints
field.

The entire token is an ASN.1 DER encoded sequence of bytes in little endian byte encoding.

The following is the full ASN.1 specification of the token: 

GSSAPI          ::=  [APPLICATION 0] IMPLICIT SEQUENCE {
  mech                MechType,
  negTokenInit        NegotiationToken
}

NegotiationToken ::=  CHOICE {
  negTokenInit   [0]  NegTokenInit2,
  negTokenTarg   [1]  NegTokenTarg
}

NegTokenInit2    ::=  SEQUENCE {
  mechTypes      [0]  MechTypeList  OPTIONAL,
  reqFlags       [1]  ContextFlags  OPTIONAL,
  mechToken      [2]  OCTET STRING  OPTIONAL,
  negHints       [3]  NegHints OPTIONAL,
  mechListMIC    [4]  OCTET STRING  OPTIONAL
}

MechTypeList     ::=  SEQUENCE of MechType

ContextFlags     ::=  BIT_STRING {
  delegFlag      (0),
  mutualFlag     (1),
  replayFlag     (2),
  sequenceFlag   (3),
  anonFlag       (4),
  confFlag       (5),
  integFlag      (6)
}

NegHints         ::=  SEQUENCE {
  hintName       [0] GeneralString OPTIONAL,
  hintAddress    [1] OCTET STRING OPTIONAL
}

MechType         ::=  OBJECT IDENTIFIER

In the context of this class only the NegTokenInit is covered.

  • When an InitToken is sent, it is prepended by the generic GSSAPI header.
  • The "mech" field of the GSSAPI header is always set to the SPNEGO OID (1.3.6.1.5.5.2)
  • The negTokenInit will have a lead byte of 0xa0 (the CHOICE tagged object).

  • Constructor Details

    • NegTokenInit2

      public NegTokenInit2()

  • Method Details