Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7144530

KeyTab.getInstance(String) no longer handles keyTabNames with "file:" prefix

XMLWordPrintable

    • b142
    • 7
    • b28
    • x86
    • windows_7
    • Verified

        FULL PRODUCT VERSION :
        java version "1.7.0_02"
        Java(TM) SE Runtime Environment (build 1.7.0_02-b13)
        Java HotSpot(TM) 64-Bit Server VM (build 22.0-b10, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Microsoft Windows [Version 6.1.7600]

        A DESCRIPTION OF THE PROBLEM :
        Under JDK6, sun.security.krb5.internal.ktab.KeyTab.getInstance() used to remove prefixes like "file:" from the keyTabName.

        Using JDK7 this is no longer the case. Passing a File URI like "file:/..." now results in an empty KeyTab. What happens, is a FileNotFoundException is thrown when reading from the FileInputStream in the constructor. The exception is caught in the constructor and the "isMissing" flag is set to true.

        However, when the default_keytab_name property is resolved in getDefaultTabName(), prefixes like "file:" *are* removed (by calling the parse method).

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        1. Construct a dummy keytab file using ktab.exe.
        ktab.exe -a host/user@DOMAIN password -k dummy.keytab

        2. Construct a KeyTab using a File URI.
        KeyTab keyTab = KeyTab.getInstance("file:/C:/workspace/dummy.keytab");

        3. Retrieve the entries from the KeyTab.
        keyTab.getEntries()

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        keyTab.getEntries() should contain the entries of the keytab.
        ACTUAL -
        keyTab.getEntries() is always empty, i.e. keyTab.getEntries().length is always zero.

        However, when using with the absolute path to the same file, i.e. KeyTab.getInstance("C:/workspace/dummy.keytab"), it will correctly read its entries.

        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
        import static org.junit.Assert.assertTrue;

        import org.junit.Test;

        import sun.security.krb5.internal.ktab.KeyTab;

        public class KeyTabPrefixBug {

        private static final String PATH_TO_KEY_TAB = "C:/workspace/dummy.keytab";

        @Test
        public void withUriPrefix() throws Exception {
        KeyTab keyTab = KeyTab.getInstance("file:/" + PATH_TO_KEY_TAB);
        assertTrue(keyTab.getEntries().length > 0); // fails
        }

        @Test
        public void withoutUriPrefix() throws Exception {
        KeyTab keyTab = KeyTab.getInstance(PATH_TO_KEY_TAB);
        assertTrue(keyTab.getEntries().length > 0); // succeeds
        }
        }
        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        Always use file paths (never URIs) when using the Kerberos API.

              weijun Weijun Wang
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: