public final void conveySecurity()

in taverna-server-webapp/src/main/java/org/apache/taverna/server/master/worker/SecurityContextDelegate.java [290:376]

• 74 lines of code
• 11 McCabe index (conditional complexity)

	public final void conveySecurity() throws GeneralSecurityException,
			IOException, ImplementationException {
		RemoteSecurityContext rc = run.run.getSecurityContext();

		List<Trust> trusted = new ArrayList<>(this.trusted);
		this.trusted.clear();
		List<Credential> credentials = new ArrayList<>(this.credentials);
		this.credentials.clear();

		try {
			installLocalPasswordCredential(credentials, trusted);
		} catch (Exception e) {
			log.warn("failed to construct local credential: "
					+ "interaction service will fail", e);
		}

		char[] password = null;
		try {
			password = generateNewPassword();

			log.info("constructing merged keystore");
			Truststore truststore = new Truststore(password);
			Keystore keystore = new Keystore(password);
			Map<URI, String> uriToAliasMap = new HashMap<>();
			int trustedCount = 0, keyCount = 0;

			synchronized (lock) {
				try {
					for (Trust t : trusted) {
						if (t == null || t.loadedCertificates == null)
							continue;
						for (Certificate cert : t.loadedCertificates)
							if (cert != null) {
								truststore.addCertificate(cert);
								trustedCount++;
							}
					}

					this.uriToAliasMap = uriToAliasMap;
					this.keystore = keystore;
					for (Credential c : credentials) {
						addCredentialToKeystore(c);
						keyCount++;
					}
				} finally {
					this.uriToAliasMap = null;
					this.keystore = null;
					credentials.clear();
					trusted.clear();
					flushToDB();
				}
			}

			byte[] trustbytes = null, keybytes = null;
			try {
				trustbytes = truststore.serialize();
				keybytes = keystore.serialize();

				// Now we've built the security information, ship it off...

				log.info("transfering merged truststore with " + trustedCount
						+ " entries");
				rc.setTruststore(trustbytes);

				log.info("transfering merged keystore with " + keyCount
						+ " entries");
				rc.setKeystore(keybytes);
			} finally {
				if (trustbytes != null)
					fill(trustbytes, (byte) 0);
				if (keybytes != null)
					fill(keybytes, (byte) 0);
			}
			rc.setPassword(password);

			log.info("transferring serviceURL->alias map with "
					+ uriToAliasMap.size() + " entries");
			rc.setUriToAliasMap(uriToAliasMap);
		} finally {
			if (password != null)
				fill(password, ' ');
		}

		synchronized (lock) {
			conveyExtraSecuritySettings(rc);
		}
	}