fun verifyChecksumAndSignature()

in jvm/src/main/kotlin/com/jetbrains/infra/pgpVerifier/Sha256ChecksumSignatureVerifier.kt [39:65]

• 25 lines of code
• 2 McCabe index (conditional complexity)

    fun verifyChecksumAndSignature(
        file: Path,
        detachedSignatureFile: Path,
        checksumFile: Path,
        expectedFileName: String,
        untrustedPublicKeyRing: InputStream,
        trustedMasterKey: InputStream,
    ) {
        val expectedHash = getHashFromChecksumFile(
            detachedSignatureFile = detachedSignatureFile,
            checksumFile = checksumFile,
            expectedFileName = expectedFileName,
            untrustedPublicKeyRing = untrustedPublicKeyRing,
            trustedMasterKey = trustedMasterKey,
        )

        val actualByteHash = getFileDigest(file, MessageDigest.getInstance("SHA-256"))
        val actualHash = actualByteHash.toHexString()

        if (expectedHash != actualHash) {
            error(
                "Failed to verify SHA-256 checksum for $file\n\n" +
                        "The actual value is $actualHash,\n" +
                        "but $expectedHash was expected"
            )
        }
    }