void verifySignature()

in sdk1/src/main/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/DynamoDBSigner.java [91:123]

• 33 lines of code
• 7 McCabe index (conditional complexity)

  void verifySignature(
      Map<String, AttributeValue> itemAttributes,
      Map<String, Set<EncryptionFlags>> attributeFlags,
      byte[] associatedData,
      Key verificationKey,
      ByteBuffer signature)
      throws GeneralSecurityException {
    if (verificationKey instanceof DelegatedKey) {
      DelegatedKey dKey = (DelegatedKey) verificationKey;
      byte[] stringToSign = calculateStringToSign(itemAttributes, attributeFlags, associatedData);
      if (!dKey.verify(stringToSign, toByteArray(signature), dKey.getAlgorithm())) {
        throw new SignatureException("Bad signature");
      }
    } else if (verificationKey instanceof SecretKey) {
      byte[] calculatedSig =
          calculateSignature(
              itemAttributes, attributeFlags, associatedData, (SecretKey) verificationKey);
      if (!safeEquals(signature, calculatedSig)) {
        throw new SignatureException("Bad signature");
      }
    } else if (verificationKey instanceof PublicKey) {
      PublicKey integrityKey = (PublicKey) verificationKey;
      byte[] stringToSign = calculateStringToSign(itemAttributes, attributeFlags, associatedData);
      Signature sig = Signature.getInstance(getSigningAlgorithm());
      sig.initVerify(integrityKey);
      sig.update(stringToSign);
      if (!sig.verify(toByteArray(signature))) {
        throw new SignatureException("Bad signature");
      }
    } else {
      throw new IllegalArgumentException("No integrity key provided");
    }
  }