/// <summary>
/// Decode the KRB_ERROR token got from application.
/// </summary>
/// <param name="errorToken">The token got from an application message. This argument cannot be null.</param>
/// <returns>The decoded AP response.</returns>
/// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception>
/// <exception cref="System.FormatException">Thrown when the errorToken is not valid.</exception>
public KileKrbError ParseKrbError(byte[] errorToken)
{
if (errorToken == null)
{
throw new ArgumentNullException(nameof(errorToken));
}
byte[] errorBody = KerberosUtility.VerifyGssApiTokenHeader(errorToken);
// Check if it has a two-byte tok_id
if (errorBody == null || errorBody.Length <= sizeof(TOK_ID))
{
throw new FormatException("Not a valid KRB_ERROR token!");
}
TOK_ID id = (TOK_ID)KerberosUtility.ConvertEndian(BitConverter.ToUInt16(errorBody, 0));
if (id != TOK_ID.KRB_ERROR)
{
throw new FormatException("Not a valid KRB_ERROR token!");
}
errorBody = ArrayUtility.SubArray(errorBody, sizeof(TOK_ID));
var error = new KileKrbError();
error.FromBytes(errorBody);
return(error);
}