2

I'm working on a Java code base that checks whether a Kerberos KeyTab file is valid, but it uses the internal class sun.security.krb5.internal.ktab.KeyTab for its isValid() method. Currently, it is doing the following:

File keytabFile = new File("/path/to/keytab");
KeyTab keytab = KeyTab.getInstance(keytabFile);
boolean keytabIsValid = keytab.isValid();
if (!keytabIsValid) {
   throw new ApplicationSpecificException("Keytab is not valid");
}

Accessing this method is more of an annoyance in Java 9, so I'm looking for a way to avoid using this internal class, but browsing through the JDK source, I haven't seen anything that exposes the isValid() method or an equivalent in a non-internal class.

Are there options which don't rely on hacks like reflecting on private methods or accessing internal APIs?

T-Heron
  • 5,385
  • 7
  • 26
  • 52
haxney
  • 3,358
  • 4
  • 30
  • 31

1 Answers1

3

1)

You can try using the native executable to validate the keytab file and proceed as per the output to determine validity, through java ProcessBuilder. e.g. for linux/*nix, you can run

klist -k –t your.keytab

2)

Since, you already mention desire to exclude accessing internal API's, I assume you are aware of the options. But just including here for information for this particular case:

javac --add-exports java.security.jgss/sun.security.krb5.internal.ktab=ALL-UNNAMED your-class.java
java --add-exports java.security.jgss/sun.security.krb5.internal.ktab=ALL-UNNAMED your-class

3)

You can also roll out your own validator. I think the source is not that complex.

sujit
  • 2,258
  • 1
  • 15
  • 24
  • Thanks, I'm already doing option 2 (since I have to). It looks like option 3 might be the least bad out of these choices. I was hoping that there was some clever little class somewhere that would do what I needed, but alas. – haxney Apr 04 '18 at 23:41