JDK-8029175 : NPE in Credentials.acquireTGTFromCache()
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.security
  • Affected Version: 7u25
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: linux
  • Submitted: 2013-11-24
  • Updated: 2013-11-26
  • Resolved: 2013-11-26
Related Reports
Duplicate :  
JDK-7158329 - NPE in sun.security.krb5.Credentials.acquireDefaultCreds()
Description
FULL PRODUCT VERSION :
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)


ADDITIONAL OS VERSION INFORMATION :
Linux itstl1080 3.0.51-0.7.9-default #1 SMP Thu Nov 29 22:12:17 UTC 2012 (f3be9d0) x86_64 x86_64 x86_64 GNU/Linux


EXTRA RELEVANT SYSTEM CONFIGURATION :
I used MIT Kerberos 5 to generate the credentials cache

A DESCRIPTION OF THE PROBLEM :
I got NPE when reading MIT Kerberos cached credetial file that I produced as described below.
Exception stack trace:

java.lang.NullPointerException
        at sun.security.krb5.Credentials.acquireTGTFromCache(Credentials.java:339)

The shortest reproducable scenario is when I run sun.security.krb5.Credentials.acquireTGTFromCache() directly, but when using JAAS login with com.sun.security.auth.module.Krb5LoginModule to login using the same cached credentials Java will produce the same NPE (encapsulated in LoginException).

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
  To reproduce, please create a cached credentials that doesn't contain TGT (using MIT Kerberos command line programs) in the following way:

$ kinit -S host/servername.com
Password for username@DOMAIN.COM:
$ klist -5
Ticket cache: FILE:/tmp/krb5cc_UID
Default principal: username@DOMAIN.COM

Valid starting     Expires            Service principal
11/24/13 19:03:26  11/25/13 05:03:26  host/servername.com@DOMAIN.COM
        renew until 12/24/13 19:03:26


Now, this code will reproduce the NPE:
sun.security.krb5.Credentials.acquireTGTFromCache(null, "/tmp/krb5cc_UID");



EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I would expect that Credentials.acquireTGTFromCache() return "null" because there is no TGT in the cached credentials.
ACTUAL -
Credentials.acquireTGTFromCache()  throws this exception:

java.lang.NullPointerException
        at sun.security.krb5.Credentials.acquireTGTFromCache(Credentials.java:339)

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.NullPointerException
        at sun.security.krb5.Credentials.acquireTGTFromCache(Credentials.java:339)

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import sun.security.krb5.Credentials;

public class CredentialsNPE
{
public static void main(String[] args) throws Exception
{
Credentials.acquireTGTFromCache(null, "/tmp/krb5cc_UID");
}
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
We're catching the NPE and assume that when it happens this indicated the the cached credentials lacks of TGT.
Comments
webbug. Duplicate of JDK-7158329
26-11-2013