I'm working on a Java code base that checks whether a Kerberos KeyTab file is valid, but it uses the internal class sun.security.krb5.internal.ktab.KeyTab for its isValid() method. Currently, it is doing the following:
File keytabFile = new File("/path/to/keytab");
KeyTab keytab = KeyTab.getInstance(keytabFile);
boolean keytabIsValid = keytab.isValid();
if (!keytabIsValid) {
throw new ApplicationSpecificException("Keytab is not valid");
}
Accessing this method is more of an annoyance in Java 9, so I'm looking for a way to avoid using this internal class, but browsing through the JDK source, I haven't seen anything that exposes the isValid() method or an equivalent in a non-internal class.
Are there options which don't rely on hacks like reflecting on private methods or accessing internal APIs?
1)
You can try using the native executable to validate the keytab file and proceed as per the output to determine validity, through java ProcessBuilder. e.g. for linux/*nix, you can run
klist -k –t your.keytab
2)
Since, you already mention desire to exclude accessing internal API's, I assume you are aware of the options. But just including here for information for this particular case:
javac --add-exports java.security.jgss/sun.security.krb5.internal.ktab=ALL-UNNAMED your-class.java
java --add-exports java.security.jgss/sun.security.krb5.internal.ktab=ALL-UNNAMED your-class
3)
You can also roll out your own validator. I think the source is not that complex.