public IdentityServiceInitializationResult initializeIsis()

in service/src/main/java/org/apache/fineract/cn/provisioner/internal/service/applications/IdentityServiceInitializer.java [106:141]

• 26 lines of code
• 3 McCabe index (conditional complexity)

  public IdentityServiceInitializationResult initializeIsis(
          final @Nonnull String tenantIdentifier,
          final @Nonnull String applicationName,
          final @Nonnull String identityManagerUri) {
    try (final AutoCloseable ignored
                 = applicationCallContextProvider.getApplicationCallContext(tenantIdentifier, applicationName)) {
      final IdentityManager identityService = applicationCallContextProvider.getApplication(IdentityManager.class, identityManagerUri);
      // When running behind a gateway, calls to provisioner can be repeated multiple times.  This leads
      // to repeated regeneration of the password, when only one password is returned.  As a result the
      // real password gets replaced with a wrong one with a high probability.  Provisioning scripts then
      // fail when they try to log in to identity for further provisioning. For this reason, return a
      // constant password, and change it immediately in the provisioning script.
      final String nonRandomPassword = "ChangeThisPassword";
      this.logger.debug("Initial password for tenant super user '{}' is '{}'. This should be changed immediately.", tenantIdentifier, nonRandomPassword);

      final byte[] salt = Base64Utils.encode(("antony" + tenantIdentifier + this.systemProperties.getDomain()).getBytes());

      final String encodedPassword = Base64Utils.encodeToString(nonRandomPassword.getBytes());

      final byte[] hash = this.hashGenerator.hash(encodedPassword, salt, ProvisionerConstants.ITERATION_COUNT, ProvisionerConstants.HASH_LENGTH);
      final String encodedPasswordHash = Base64Utils.encodeToString(hash);

      final ApplicationSignatureSet signatureSet = identityService.initialize(encodedPasswordHash);
      logger.info("Isis initialization for org.apache.fineract.cn.provisioner.tenant '{}' succeeded with signature set '{}'.", tenantIdentifier, signatureSet);

      return new IdentityServiceInitializationResult(signatureSet, encodedPasswordHash);
    } catch (final InvalidTokenException e) {
      logger.warn("The given identity instance didn't recognize the system token as valid.", e);
      throw ServiceException
          .conflict("The given identity instance didn't recognize the system token as valid.  " +
              "Perhaps the system keys for the provisioner or for the identity manager are misconfigured?");
    } catch (final Exception e) {
      logger.error("An unexpected error occured while initializing identity.", e);
      throw new IllegalStateException(e);
    }
  }