public ValidationResult verify()

in src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java [66:89]

• 24 lines of code
• 4 McCabe index (conditional complexity)

    public ValidationResult verify(Path artifact, Path signature) {
        try (InputStream fileStream = Files.newInputStream(artifact);
                InputStream signatureStream = Files.newInputStream(signature)) {
            InputStream sigInputStream = PGPUtil.getDecoderStream(signatureStream);
            PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(sigInputStream, new BcKeyFingerprintCalculator());
            PGPSignatureList sigList = (PGPSignatureList) pgpObjectFactory.nextObject();
            PGPSignature pgpSignature = sigList.get(0);
            PGPPublicKey key = keyRingCollection.getPublicKey(pgpSignature.getKeyID());
            if (key == null) {
                throw new IllegalStateException(String
                        .format("Signature %s was not generated with any of the known keys.", signature.getFileName()));
            }
            pgpSignature.init(new BcPGPContentVerifierBuilderProvider(), key);
            byte[] buff = new byte[1024];
            int read;
            while ((read = fileStream.read(buff)) != -1) {
                pgpSignature.update(buff, 0, read);
            }
            return new ValidationResult(pgpSignature.verify(), key);
        } catch (PGPException | IOException e) {
            throw new IllegalStateException(String.format("Unable to verify signature %s.", signature.getFileName()),
                    e);
        }
    }