private boolean checkTrustHeader()

in src/main/java/org/apache/sling/discovery/base/connectors/ping/TopologyRequestValidator.java [360:386]

• 27 lines of code
• 10 McCabe index (conditional complexity)

    private boolean checkTrustHeader(String bodyHash, String signature) {
        try {
            if (bodyHash == null || signature == null ) {
                return false;
            }
            String[] parts = signature.split("/", 2);
            if (parts.length < 2) {
                return false;
            }
            int keyNo = Integer.parseInt(parts[0]);
            return MessageDigest.isEqual(
                hmac(keyNo, bodyHash).getBytes("UTF-8"),
                parts[1].getBytes("UTF-8"));
        } catch (IllegalArgumentException e) {
            return false;
        } catch (InvalidKeyException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (IllegalStateException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }