private void verifyMac()

in src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jwt/SignatureValidator.java [142:155]

• 14 lines of code
• 4 McCabe index (conditional complexity)

    private void verifyMac(final SecretKey key, final String signingString, final String expected) {
        try {
            final Mac signature = jcaProvider == null ?
                    Mac.getInstance(key.getAlgorithm()) :
                    Mac.getInstance(key.getAlgorithm(), jcaProvider);
            signature.init(key);
            signature.update(signingString.getBytes(StandardCharsets.UTF_8));
            if (!Arrays.equals(signature.doFinal(), Base64.getUrlDecoder().decode(expected))) {
                invalidSignature();
            }
        } catch (final Exception e) {
            invalidSignature();
        }
    }