public void handle()

in storm-client/src/jvm/org/apache/storm/security/auth/sasl/SimpleSaslServerCallbackHandler.java [112:199]

• 77 lines of code
• 19 McCabe index (conditional complexity)

    public void handle(Callback[] callbacks) throws UnsupportedCallbackException, IOException {
        NameCallback nc = null;
        PasswordCallback pc = null;
        AuthorizeCallback ac = null;
        RealmCallback rc = null;
        for (Callback callback : callbacks) {
            if (callback instanceof AuthorizeCallback) {
                ac = (AuthorizeCallback) callback;
            } else if (callback instanceof NameCallback) {
                nc = (NameCallback) callback;
            } else if (callback instanceof PasswordCallback) {
                pc = (PasswordCallback) callback;
            } else if (callback instanceof RealmCallback) {
                rc = (RealmCallback) callback;
            } else {
                throw new UnsupportedCallbackException(callback,
                                                       "Unrecognized SASL Callback");
            }
        }

        log("GOT", ac, nc, pc, rc);

        if (nc != null) {
            String userName = nc.getDefaultName();
            boolean passwordFound = false;
            for (PasswordProvider provider : providers) {
                Optional<char[]> password = provider.getPasswordFor(userName);
                if (password.isPresent()) {
                    pc.setPassword(password.get());
                    nc.setName(provider.userName(userName));
                    passwordFound = true;
                    break;
                }
            }
            if (!passwordFound) {
                LOG.warn("No password found for user: {}", userName);
                throw new IOException("NOT ALLOWED.");
            }
        }

        if (rc != null) {
            rc.setText(rc.getDefaultText());
        }

        if (ac != null) {
            boolean allowImpersonation = impersonationAllowed;
            String nid = ac.getAuthenticationID();
            if (nid != null) {
                Pair<String, Boolean> tmp = translateName(nid);
                nid = tmp.getFirst();
                allowImpersonation = allowImpersonation && tmp.getSecond();
            }

            String zid = ac.getAuthorizationID();
            if (zid != null) {
                Pair<String, Boolean> tmp = translateName(zid);
                zid = tmp.getFirst();
                allowImpersonation = allowImpersonation && tmp.getSecond();
            }
            LOG.debug("Successfully authenticated client: authenticationID = {} authorizationID = {}",
                     nid, zid);

            //if authorizationId is not set, set it to authenticationId.
            if (zid == null) {
                ac.setAuthorizedID(nid);
                zid = nid;
            } else {
                ac.setAuthorizedID(zid);
            }

            //When nid and zid are not equal, nid is attempting to impersonate zid, We
            //add the nid as the real user in reqContext's subject which will be used during authorization.
            if (!Objects.equals(nid, zid)) {
                LOG.info("Impersonation attempt  authenticationID = {} authorizationID = {}",
                         nid, zid);
                if (!allowImpersonation) {
                    throw new IllegalArgumentException(ac.getAuthenticationID() + " attempting to impersonate " + ac.getAuthorizationID()
                                                       + ".  This is not allowed.");
                }
                ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(nid));
            } else {
                ReqContext.context().setRealPrincipal(null);
            }

            ac.setAuthorized(true);
        }
        log("FINISHED", ac, nc, pc, rc);
    }