private boolean tokenLogin()

in kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java [253:346]

• 80 lines of code
• 16 McCabe index (conditional complexity)

    private boolean tokenLogin() throws LoginException {
        if (tokenStr == null) {
            tokenStr = TokenCache.readToken(tokenCacheName);
            if (tokenStr == null) {
                throw new LoginException("No valid token was found in token cache: " + tokenCacheName);
            }
        }

        krbToken = new KrbToken();

        // Sign the token.
        if (signKeyFile != null) {
            try {
                TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider("JWT").createTokenDecoder();
                try {
                    authToken = tokenDecoder.decodeFromString(tokenStr);
                } catch (IOException e) {
                    LOG.error("Token decode failed. " + e.toString());
                }
                TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider("JWT").createTokenEncoder();

                if (tokenEncoder instanceof JwtTokenEncoder) {
                    PrivateKey signKey = null;
                    try (InputStream is = Files.newInputStream(signKeyFile.toPath())) {
                        signKey = PrivateKeyReader.loadPrivateKey(is);
                    } catch (IOException e) {
                        LOG.error("Failed to load private key from file: "
                                + signKeyFile.getName());
                    } catch (Exception e) {
                        LOG.error(e.toString());
                    }

                    ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
                }

                krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
            } catch (KrbException e) {
                throw new RuntimeException("Failed to encode AuthToken", e);
            }
        } else {
            // Otherwise just write out the token (which could be already signed)
            krbToken.setTokenValue(tokenStr.getBytes());

            if (authToken == null) {
                try {
                    JWT jwt = JWTParser.parse(tokenStr);
                    authToken = new JwtAuthToken(jwt.getJWTClaimsSet());
                } catch (ParseException e) {
                    // Invalid JWT encoding
                    throw new RuntimeException("Failed to parse JWT token string", e);
                }
            }
        }

        krbToken.setInnerToken(authToken);
        krbToken.setTokenType();
        krbToken.setTokenFormat(TokenFormat.JWT);

        KrbClient krbClient = null;
        try {
            File confFile = new File(System.getProperty("java.security.krb5.conf"));
            KrbConfig krbConfig = new KrbConfig();
            krbConfig.addKrb5Config(confFile);
            krbClient = new KrbClient(krbConfig);
            krbClient.init();
        } catch (KrbException | IOException e) {
            LOG.error("KrbClient init failed. " + e.toString());
            throw new RuntimeException("KrbClient init failed", e);
        }

        KrbTokenClient tokenClient = new KrbTokenClient(krbClient);
        try {
            tgtTicket = tokenClient.requestTgt(krbToken,
                armorCache.getAbsolutePath());
        } catch (KrbException e) {
            throwWith("Failed to do login with token: " + tokenStr, e);
            return false;
        }

        // Write the TGT out to the credential cache if it is specified in the configuration
        if (cCache != null) {
            try {
                cCache = makeTgtCache();
            } catch (IOException e) {
                LOG.error("Failed to make tgtCache. " + e.toString());
            }
            try {
                krbClient.storeTicket(tgtTicket, cCache);
            } catch (KrbException e) {
                LOG.error("Failed to store tgtTicket to " + cCache.getName());
            }
        }
        return true;
    }