internal static KerberosAuthorizationData Parse(DERValue value)
        {
            if (!value.CheckSequence())
            {
                throw new InvalidDataException();
            }
            KerberosAuthorizationDataType type = 0;

            byte[] data = null;
            foreach (var next in value.Children)
            {
                if (next.Type != DERTagType.ContextSpecific)
                {
                    throw new InvalidDataException();
                }
                switch (next.Tag)
                {
                case 0:
                    type = (KerberosAuthorizationDataType)next.ReadChildInteger();
                    break;

                case 1:
                    data = next.ReadChildOctetString();
                    break;

                default:
                    throw new InvalidDataException();
                }
            }

            if (type == 0 || data == null)
            {
                throw new InvalidDataException();
            }

            if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT)
            {
                DERValue[] values = DERParser.ParseData(data, 0);
                if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
                {
                    throw new InvalidDataException();
                }

                return(Parse(values[0].Children[0]));
            }
            else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY)
            {
                if (KerberosAuthorizationDataRestrictionEntry.Parse(data,
                                                                    out KerberosAuthorizationDataRestrictionEntry entry))
                {
                    return(entry);
                }
            }
            else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION)
            {
                if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data,
                                                                         out KerberosAuthorizationDataEncryptionNegotiation entry))
                {
                    return(entry);
                }
            }
            else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC)
            {
                if (KerberosAuthorizationDataPAC.Parse(data,
                                                       out KerberosAuthorizationDataPAC entry))
                {
                    return(entry);
                }
            }

            return(new KerberosAuthorizationData(type, data));
        }
        internal static IEnumerable <KerberosAuthorizationData> Parse(DERValue value)
        {
            if (!value.CheckSequence())
            {
                throw new InvalidDataException();
            }
            KerberosAuthorizationDataType type = 0;

            byte[] data = null;
            foreach (var next in value.Children)
            {
                if (next.Type != DERTagType.ContextSpecific)
                {
                    throw new InvalidDataException();
                }
                switch (next.Tag)
                {
                case 0:
                    type = (KerberosAuthorizationDataType)next.ReadChildInteger();
                    break;

                case 1:
                    data = next.ReadChildOctetString();
                    break;

                default:
                    throw new InvalidDataException();
                }
            }

            if (type == 0 || data == null)
            {
                throw new InvalidDataException();
            }

            List <KerberosAuthorizationData> ret = new List <KerberosAuthorizationData>();

            if (type == KerberosAuthorizationDataType.AD_IF_RELEVANT)
            {
                DERValue[] values = DERParser.ParseData(data, 0);
                if (values.Length != 1 || !values[0].CheckSequence() || !values[0].HasChildren())
                {
                    throw new InvalidDataException();
                }

                ret.AddRange(values[0].Children.SelectMany(c => Parse(c)));
            }
            else if (type == KerberosAuthorizationDataType.KERB_AD_RESTRICTION_ENTRY)
            {
                if (KerberosAuthorizationDataRestrictionEntry.Parse(data,
                                                                    out KerberosAuthorizationDataRestrictionEntry entry))
                {
                    ret.Add(entry);
                }
            }
            else if (type == KerberosAuthorizationDataType.AD_ETYPE_NEGOTIATION)
            {
                if (KerberosAuthorizationDataEncryptionNegotiation.Parse(data,
                                                                         out KerberosAuthorizationDataEncryptionNegotiation entry))
                {
                    ret.Add(entry);
                }
            }
            else if (type == KerberosAuthorizationDataType.AD_WIN2K_PAC)
            {
                if (KerberosAuthorizationDataPAC.Parse(data,
                                                       out KerberosAuthorizationDataPAC entry))
                {
                    ret.Add(entry);
                }
            }
            else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_AP_OPTIONS)
            {
                if (KerberosAuthorizationDataApOptions.Parse(data,
                                                             out KerberosAuthorizationDataApOptions entry))
                {
                    ret.Add(entry);
                }
            }
            else if (type == KerberosAuthorizationDataType.AD_AUTH_DATA_TARGET_NAME)
            {
                if (KerberosAuthorizationDataTargetName.Parse(data,
                                                              out KerberosAuthorizationDataTargetName entry))
                {
                    ret.Add(entry);
                }
            }
            else if (type == KerberosAuthorizationDataType.KERB_LOCAL)
            {
                if (KerberosAuthorizationDataKerbLocal.Parse(data,
                                                             out KerberosAuthorizationDataKerbLocal entry))
                {
                    ret.Add(entry);
                }
            }

            if (ret.Count == 0)
            {
                ret.Add(new KerberosAuthorizationData(type, data));
            }
            return(ret);
        }