Avoid PrincipalName with realm == null

Valerie (Yu-Ching) Peng valerie.peng at oracle.com
Sat Jun 9 00:23:20 UTC 2012 

Max,

Yes, I think the current model that you described sounds error prone. I 
don't know the history of the current design.
But I do also prefer the described changes that you have.
I'd expect the refactoring would make the code clearer and more robust.

Valerie

On 06/06/12 17:55, Weijun Wang wrote:
> Hi Valerie
>
> The krb5 PrincipalName class has a realm field and the class says
>
>    If null, means the default realm
>
> Ideally this means if the realm of a name is null then this field can 
> be null. Otherwise, it must be filled when created.
>
> In fact, inside our codes, the field is often filled (using 
> setRealm()) after it's created. This leads to several strange coding 
> styles that make the codes confusing and error-prone.
>
> 1. a lot of setRealm() calls that's far from the creation of the 
> principal name only when the field needs to be used
> 2. a lot of if (realm == null) checks
> 3. a lot of "unresolved" names that never has a realm but is 
> definitely not in the default realm (just because the realm field is 
> not used inside JDK)
>
> I am planning to fix this to make the PrincipalName immutable and 
> always with a non-null non-empty realm. I also plan to make Realm 
> immutable and remove the ServiceName class (it's quite useless).
>
> A brief look into the code and protocol suggests this is quite 
> feasible. In every krb5 message and serialized data (I mean ccache and 
> keytab) defined, there is always a realm beside name. This is also 
> true for most Java methods. And I don't think a name with an 
> "unresolved" realm should exists at all. If we have to deal with 
> something like this, I'd rather invent a new class for it.
>
> The code change will be mostly refactoring, removing a lot of realm 
> arguments/fields and merging it into name. One behavior change is that 
> there will be no name with "unresolved" realm anymore, but I think 
> this should never be true in a real production environment. In fact, 
> the public API KerberosPrincipal has
>
>      *  @throws IllegalArgumentException if name is improperly
>      * formatted, if name is null, or if name does not contain
>      * the realm to use and the default realm is not specified
>      * in either a Kerberos configuration file or via the
>      * java.security.krb5.realm system property.
>
> What's your suggestion? I've been haunted by this several times, 
> mostly because a setRealm() is not called.
>
> Thanks
> Max

More information about the security-dev mailing list