private List getKeyPairs()

in traffic_router/core/src/main/java/org/apache/traffic_control/traffic_router/core/dns/SignatureManager.java [325:387]

• 54 lines of code
• 32 McCabe index (conditional complexity)

	private List<DnsSecKeyPair> getKeyPairs(final Name name, final boolean wantKsk, final boolean wantSigningKey, final long maxTTL) throws IOException, NoSuchAlgorithmException {
		final List<DnsSecKeyPair> keyPairs = keyMap.get(name.toString().toLowerCase());
		DnsSecKeyPair signingKey = null;

		if (keyPairs == null) {
			return null;
		}

		final List<DnsSecKeyPair> keys = new ArrayList<DnsSecKeyPair>();

		for (final DnsSecKeyPair kpw : keyPairs) {
			final Name kn = kpw.getDNSKEYRecord().getName();
			final boolean isKsk = kpw.isKeySigningKey();

			if (kn.equals(name)) {
				if ((isKsk && !wantKsk) || (!isKsk && wantKsk)) {
					LOGGER.debug("Skipping key: wantKsk = " + wantKsk + "; key: " + kpw.toString());
					continue;
				} else if (!wantSigningKey && (isExpiredKeyAllowed() || kpw.isKeyCached(maxTTL))) {
					LOGGER.debug("key selected: " + kpw.toString());
					keys.add(kpw);
				} else if (wantSigningKey) {
					if (!kpw.isUsable()) { // effective date in the future
						LOGGER.debug("Skipping unusable signing key: " + kpw.toString());
						continue;
					} else if (!isExpiredKeyAllowed() && kpw.isExpired()) {
						LOGGER.warn("Unable to use expired signing key: " + kpw.toString());
						continue;
					}

					// Locate the key with the earliest valid effective date accounting for expiration
					if ((isKsk && wantKsk) || (!isKsk && !wantKsk)) {
						if (signingKey == null) {
							signingKey = kpw;
						} else if (signingKey.isExpired() && !kpw.isExpired()) {
							signingKey = kpw;
						} else if (signingKey.isExpired() && kpw.isNewer(signingKey)) {
							signingKey = kpw; // if we have an expired key, try to find the most recent
						} else if (!signingKey.isExpired() && !kpw.isExpired() && kpw.isOlder(signingKey)) {
							signingKey = kpw; // otherwise use the oldest valid/non-expired key
						}
					}
				}
			} else {
				LOGGER.warn("Invalid key for " + name + "; it is intended for " + kpw.toString());
			}
		}

		if (wantSigningKey && signingKey != null) {
			if (signingKey.isExpired()) {
				LOGGER.warn("Using expired signing key: " + signingKey.toString());
			} else {
				LOGGER.debug("Signing key selected: " + signingKey.toString());
			}

			keys.clear(); // in case we have something in here for some reason (shouldn't happen)
			keys.add(signingKey);
		} else if (wantSigningKey && signingKey == null) {
			LOGGER.fatal("Unable to find signing key for " + name);
		}

		return keys;
	}