in DynamoDbEncryption/runtimes/java/src/main/sdkv1/com/amazonaws/services/dynamodbv2/datamodeling/encryption/DynamoDBSigner.java [92:142]
void verifySignature(
Map<String, AttributeValue> itemAttributes,
Map<String, Set<EncryptionFlags>> attributeActionsOnEncrypt,
byte[] associatedData,
Key verificationKey,
ByteBuffer signature
) throws GeneralSecurityException {
// System.out.println("verifySignature");
// System.out.println(itemAttributes);
// System.out.println(attributeActionsOnEncrypt);
// System.out.println("==========");
if (verificationKey instanceof DelegatedKey) {
DelegatedKey dKey = (DelegatedKey) verificationKey;
byte[] stringToSign = calculateStringToSign(
itemAttributes,
attributeActionsOnEncrypt,
associatedData
);
if (
!dKey.verify(stringToSign, toByteArray(signature), dKey.getAlgorithm())
) {
throw new SignatureException("Bad signature");
}
} else if (verificationKey instanceof SecretKey) {
byte[] calculatedSig = calculateSignature(
itemAttributes,
attributeActionsOnEncrypt,
associatedData,
(SecretKey) verificationKey
);
if (!safeEquals(signature, calculatedSig)) {
throw new SignatureException("Bad signature");
}
} else if (verificationKey instanceof PublicKey) {
PublicKey integrityKey = (PublicKey) verificationKey;
byte[] stringToSign = calculateStringToSign(
itemAttributes,
attributeActionsOnEncrypt,
associatedData
);
Signature sig = Signature.getInstance(getSigningAlgorithm());
sig.initVerify(integrityKey);
sig.update(stringToSign);
if (!sig.verify(toByteArray(signature))) {
throw new SignatureException("Bad signature");
}
} else {
throw new IllegalArgumentException("No integrity key provided");
}
}