//export Java_io_v_v23_security_Blessings_nativeCreateUnion
func Java_io_v_v23_security_Blessings_nativeCreateUnion(jenv *C.JNIEnv, jBlessingsClass C.jclass, jBlessingsArr C.jobjectArray) C.jobject {
env := jutil.Env(uintptr(unsafe.Pointer(jenv)))
blessingsArr, err := GoBlessingsArray(env, jutil.Object(uintptr(unsafe.Pointer(jBlessingsArr))))
if err != nil {
jutil.JThrowV(env, err)
return nil
}
blessings, err := security.UnionOfBlessings(blessingsArr...)
if err != nil {
jutil.JThrowV(env, err)
return nil
}
jBlessings, err := JavaBlessings(env, blessings)
if err != nil {
jutil.JThrowV(env, err)
return nil
}
return C.jobject(unsafe.Pointer(jBlessings))
}
func keyForLock(ctx *context.T, lockName string) (security.Blessings, error) {
// We could simply return v23.GetPrincipal(ctx).BlessingStore().ForPeer(lock)
// however this would also include any blessings tagged for a peer pattern
// is matched by 'lock'. Therefore we iterate over all the blessings
// and pick the specific ones that are meant for 'lock'.
var ret security.Blessings
for _, b := range v23.GetPrincipal(ctx).BlessingStore().PeerBlessings() {
if isKeyValidForLock(ctx, b, lockName) {
if union, err := security.UnionOfBlessings(ret, b); err != nil {
vlog.Errorf("UnionOfBlessings(%v, %v) failed: %v, dropping latter blessing", ret, b, err)
} else {
ret = union
}
}
}
if ret.IsZero() {
return security.Blessings{}, fmt.Errorf("no available key for lock %v", lockName)
}
return ret, nil
}