throw new PACDecodingException("Malformed Kerberos Ticket");
                }
                try {
                    this.ticket = new KerberosTicket(derTicket.getBaseObject().getEncoded(), this.apOptions, keys);
                } catch (IOException e) {
                    throw new PACDecodingException("Malformed Kerberos Ticket", e);
                }
                break;
            case 4:

import jcifs.pac.PACDecodingException;

/**
 * Represents a Kerberos ticket.
 */
public class KerberosTicket {

    private String serverPrincipalName;
    private String serverRealm;
    private KerberosEncData encData;

    /**
     * Constructs a KerberosTicket from token bytes.
     *
     * @param token the ticket token bytes
     * @param apOptions AP options flags

        // Act + Assert
        // The KerberosTicket constructor will throw because the empty sequence is not a valid ticket
        assertThrows(PACDecodingException.class, () -> new KerberosApRequest(seq, new KerberosKey[0]));

        // Verify apOptions is set correctly in a minimal sequence without ticket
        KerberosApRequest req = new KerberosApRequest(buildMinimalApReqSeq(ap), null);
        assertEquals(ap, req.getApOptions());

            // When
            KerberosTicket ticket = new KerberosTicket(validToken, (byte) 0, keys);

            // Then
            assertNotNull(ticket);
            assertEquals(SERVER_REALM, ticket.getServerRealm());
            assertEquals(SERVER_PRINCIPAL_NAME, ticket.getServerPrincipalName());
            assertNotNull(ticket.getEncData());

            new KerberosRelevantAuthData(malformedToken, keys);
        }, "A PACDecodingException should be thrown for a malformed token.");

        assertEquals("Malformed kerberos ticket", exception.getMessage(), "The exception message should indicate a malformed ticket.");
    }

    /**
     * Test constructor with an empty token.
     * Empty token causes readObject() to return null, which leads to NullPointerException.
     */

            if (derToken.getTagClass() != BERTags.APPLICATION) {
                throw new PACDecodingException("Malformed kerberos ticket");
            }
            stream.close();
        } catch (IOException e) {
            throw new PACDecodingException("Malformed kerberos ticket", e);
        }

        ASN1Sequence sequence;
        try {
            sequence = ASN1Util.as(ASN1Sequence.class, derToken.getBaseObject());

			<artifactId>tika-parser-html-module</artifactId>
			<version>${tika.version}</version>
		</dependency>
		<dependency>
			<groupId>org.apache.tika</groupId>
			<artifactId>tika-parser-image-module</artifactId>
			<version>${tika.version}</version>
		</dependency>
		<dependency>
			<groupId>org.apache.tika</groupId>
			<artifactId>tika-parser-mail-module</artifactId>

        for (KerberosTicket ticket : subject.getPrivateCredentials(KerberosTicket.class)) {
            MIEName client = new MIEName(mech, ticket.getClient().getName());
            MIEName server = new MIEName(mech, ticket.getServer().getName());
            if (src.equals(client) && targ.equals(server)) {
                return ticket.getSessionKey();
            }
        }
        return null;

 *
 * This class represents login credentials obtained through SPNEGO (Security Provider
 * Negotiation Protocol) authentication. It contains the username extracted from the
 * SPNEGO authentication process, typically from a Kerberos ticket.
 */
public class SpnegoCredential implements LoginCredential, FessCredential {

    /** The username extracted from SPNEGO authentication. */
    private final String username;

    /**

  <!--  an OLE2 (application/x-tika-msoffice) container. -->
  <!--  The are logically subclasses of (application/x-tika-ooxml),
        but their containers are literally subclasses
        of (application/x-tika-msoffice) -->
  <mime-type type="application/x-tika-ooxml-protected">
    <sub-class-of type="application/x-tika-msoffice"/>
    <_comment>Password Protected OOXML File</_comment>