United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7144530 KeyTab.getInstance(String) no longer handles keyTabNames with "file:" prefix
JDK-7144530 : KeyTab.getInstance(String) no longer handles keyTabNames with "file:" prefix

Details
Type:
Bug
Submit Date:
2012-02-10
Status:
Closed
Updated Date:
2012-09-06
Project Name:
JDK
Resolved Date:
2012-09-06
Component:
security-libs
OS:
windows_7
Sub-Component:
java.security
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:

Related Reports
Backport:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.7.0_02"
Java(TM) SE Runtime Environment (build 1.7.0_02-b13)
Java HotSpot(TM) 64-Bit Server VM (build 22.0-b10, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]

A DESCRIPTION OF THE PROBLEM :
Under JDK6, sun.security.krb5.internal.ktab.KeyTab.getInstance() used to remove prefixes like "file:" from the keyTabName.

Using JDK7 this is no longer the case. Passing a File URI like "file:/..." now results in an empty KeyTab. What happens, is a FileNotFoundException is thrown when reading from the FileInputStream in the constructor. The exception is caught in the constructor and the "isMissing" flag is set to true.

However, when the default_keytab_name property is resolved in getDefaultTabName(), prefixes like "file:" *are* removed (by calling the parse method).

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Construct a dummy keytab file using ktab.exe.
ktab.exe -a host/user@DOMAIN password -k dummy.keytab

2. Construct a KeyTab using a File URI.
KeyTab keyTab = KeyTab.getInstance("file:/C:/workspace/dummy.keytab");

3. Retrieve the entries from the KeyTab.
keyTab.getEntries()

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
keyTab.getEntries() should contain the entries of the keytab.
ACTUAL -
keyTab.getEntries() is always empty, i.e. keyTab.getEntries().length is always zero.

However, when using with the absolute path to the same file, i.e. KeyTab.getInstance("C:/workspace/dummy.keytab"), it will correctly read its entries.

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import static org.junit.Assert.assertTrue;

import org.junit.Test;

import sun.security.krb5.internal.ktab.KeyTab;

public class KeyTabPrefixBug {

	private static final String PATH_TO_KEY_TAB = "C:/workspace/dummy.keytab";

	@Test
	public void withUriPrefix() throws Exception {
		KeyTab keyTab = KeyTab.getInstance("file:/" + PATH_TO_KEY_TAB);
		assertTrue(keyTab.getEntries().length > 0); // fails
	}

	@Test
	public void withoutUriPrefix() throws Exception {
		KeyTab keyTab = KeyTab.getInstance(PATH_TO_KEY_TAB);
		assertTrue(keyTab.getEntries().length > 0); // succeeds
	}
}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Always use file paths (never URIs) when using the Kerberos API.

                                    

Comments
EVALUATION

Should fix. But users are not recommended to use sun-internal methods directly.
                                     
2012-02-14
EVALUATION

http://hg.openjdk.java.net/jdk8/tl/jdk/rev/0243e7c0b0fb
                                     
2012-02-21



Hardware and Software, Engineered to Work Together