Please review the code changes at
http://cr.openjdk.java.net/~weijun/8014310/webrev.00/
The reason is that since we set allow_weak_crypto to false, if the user
only had DES keys or only has DES-related etypes enabled, there will be
no working etype at all. Soon or later, an NPE is thrown.
This fix includes:
1. Instead of returning null in Config::defaultEtype(configName), a
KrbException is thrown.
2. Removes useless if-null-then-KrbException checks.
3. Not related to the bug: remove sort-by-etype in
KeyTab::readServiceKeys(princ). It was meant to make sure a preferred
etype appears before another one. In fact, the order of etypes returned
by EType::getDefaults(configName,keys) are determined by the order of
Config::defaultEtype(configName) instead of keys. Therefore it's
actually useless. The sort-by-kvno is preserved. This does not matter
when the key is used to decrypt an EncryptedData structure (which knows
what kvno should be used). Sometime we still have to pick one with no
hint at all, say, creating the encrypted timestamp in preauth AS-REQ. A
key with higher kvno is normally more likely to be the current one.
Thanks
Max
