Folks,
consider the following code:
KeyTab keytab = KeyTab.getUnboundInstance(new File("..."));
KerberosPrincipal principal = new KerberosPrincipal("foo$",
KerberosPrincipal.KRB_NT_PRINCIPAL);
KerberosKey[] keys = keytab.getKeys(principal);
Let's check the keytab for etype 18 only:
10 2022-08-04T11:55:55 foo$@AD001.SIEMENS.NET (aes256-cts-hmac-sha1-96)
10 2022-08-04T11:55:56 FOO$@AD001.SIEMENS.NET (aes256-cts-hmac-sha1-96)
11 2024-05-06T18:21:28 foo$@AD001.SIEMENS.NET (aes256-cts-hmac-sha1-96)
11 2024-05-06T18:21:29 FOO$@AD001.SIEMENS.NET (aes256-cts-hmac-sha1-96)
My expectation is that I get exactly *two* returned because according
RFC 4120 KerberosString is case-sensitive (I know that MS Kerberos
deviates from), but the method returns me *four* keys because
PrincipalName performs a case-insensitive match [1]. Comparing two equal
keys with KerberosKey#equals() gives me false because the principal is
compared case-senstively [2].
Is this considered as a bug?
Michael
I am on latest Java 8, but code looks identical for Java 22.
[1]
https://github.com/openjdk/jdk/blob/a8b3f194e811eed6b20bce71c752705c7cd50d24/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java#L616-L637
[2]
https://github.com/openjdk/jdk/blob/a8b3f194e811eed6b20bce71c752705c7cd50d24/src/java.security.jgss/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java#L259-L261
