export function mrkAwareAwsKmsKeyIdCompare()

in modules/kms-keyring/src/arn_parsing.ts [221:251]

• 17 lines of code
• 9 McCabe index (conditional complexity)

export function mrkAwareAwsKmsKeyIdCompare(
  keyId1: string,
  keyId2: string
): boolean {
  //= compliance/framework/aws-kms/aws-kms-mrk-match-for-decrypt.txt#2.5
  //# If both identifiers are identical, this function MUST return "true".
  if (keyId1 === keyId2) return true

  //= compliance/framework/aws-kms/aws-kms-mrk-match-for-decrypt.txt#2.5
  //# Otherwise if either input is not identified as a multi-Region key
  //# (aws-kms-key-arn.md#identifying-an-aws-kms-multi-region-key), then
  //# this function MUST return "false".
  const arn1 = parseAwsKmsKeyArn(keyId1)
  const arn2 = parseAwsKmsKeyArn(keyId2)
  if (!arn1 || !arn2) return false
  if (!isMultiRegionAwsKmsArn(arn1) || !isMultiRegionAwsKmsArn(arn2))
    return false

  //= compliance/framework/aws-kms/aws-kms-mrk-match-for-decrypt.txt#2.5
  //# Otherwise if both inputs are
  //# identified as a multi-Region keys (aws-kms-key-arn.md#identifying-an-
  //# aws-kms-multi-region-key), this function MUST return the result of
  //# comparing the "partition", "service", "accountId", "resourceType",
  //# and "resource" parts of both ARN inputs.
  return (
    arn1.Partition === arn2.Partition &&
    arn1.AccountId === arn2.AccountId &&
    arn1.ResourceType === arn2.ResourceType &&
    arn1.ResourceId === arn2.ResourceId
  )
}