JDK-7158329 : NPE in sun.security.krb5.Credentials.acquireDefaultCreds()
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6u31,7
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic,windows_xp
  • CPU: x86
  • Submitted: 2012-04-02
  • Updated: 2013-11-26
  • Resolved: 2012-09-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 JDK 8
6u60Fixed 7u40Fixed 8 b36Fixed
Related Reports
Duplicate :  
Description
FULL PRODUCT VERSION :
java version "1.6.0_26"
Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
Java HotSpot(TM) Client VM (build 20.1-b02, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
Trying to invoke login with Krb5LoginModule, debug=false, doNotPrompt=true, useTicketCache=true, storeKey=false.

When an empty file krb5cc_<username> in <userhome> exists, this throws a NullPointerException in sun.security.krb5.Credentials.acquireDefaultCreds().

The cause is the following code:

        if (cache == null) {
            cache = CredentialsCache.getInstance();
        }
        if (cache != null) {
            if (DEBUG) {
                System.out.println(">>> KrbCreds found the default ticket " +
                                   "granting ticket in credential cache.");
            }
            sun.security.krb5.internal.ccache.Credentials temp =
                cache.getDefaultCreds();
            if (EType.isSupported(temp.getEType())) {
                result = temp.setKrbCreds();
            } else {
                if (DEBUG) {
                    System.out.println(
                        ">>> unsupported key type found the default TGT: " +
                        temp.getEType());
                }
            }
        }

where cache.getDefaultCreds() can and will return null in case the ticket cache is empty, so the EType.isSupported(...) fails.


REPRODUCIBILITY :
This bug can be reproduced always.

Comments
EVALUATION http://hg.openjdk.java.net/jdk8/tl/jdk/rev/1ffe2565ec06
2012-04-10