public boolean verify()

in proxy/core/src/main/java/com/amazon/aws/pix/core/xml/XmlSigner.java [101:136]

• 31 lines of code
• 6 McCabe index (conditional complexity)

    public boolean verify(@NonNull InputStream xml) {
        try {
            Document document = getDocument(xml);
            Node signatureNode = getNodeByTagNameNS(document, XMLSignature.XMLNS, "Signature");
            if (signatureNode == null) {
                log.error("No Signature found!");
                return false;
            }

            XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance();

            DOMValidateContext validateContext = getValidateContext(signatureFactory, signatureNode);
            XMLSignature signature = signatureFactory.unmarshalXMLSignature(validateContext);

            boolean valid = signature.validate(validateContext);

            if (!valid) {
                StringBuilder error = new StringBuilder();
                error.append("Signature failed core validation!").append(System.lineSeparator());
                boolean validStatus = signature.getSignatureValue().validate(validateContext);
                error.append("signature validation status: ").append(validStatus).append(System.lineSeparator());
                if (!validStatus) {
                    Iterator<Reference> referenceIterator = signature.getSignedInfo().getReferences().iterator();
                    for (int i = 0; referenceIterator.hasNext(); i++) {
                        error.append("ref[").append(i).append("] validity status: ").append(referenceIterator.next().validate(validateContext)).append(System.lineSeparator());
                    }
                    log.error(error.toString());
                }
            }

            return valid;
        } catch (Exception e) {
            log.error("failed to verify signature", e);
            return false;
        }
    }