bool kms_mrk_match_for

bool kms_mrk_match_for_decrypt()

in aws-encryption-sdk-cpp/source/cpputils.cpp [301:323]

10 lines of code
9 McCabe index (conditional complexity)


bool kms_mrk_match_for_decrypt(const Aws::String &key_id_1, const Aws::String &key_id_2) {
    //= compliance/framework/aws-kms/aws-kms-mrk-match-for-decrypt.txt#2.5
    //# If both identifiers are identical, this function MUST return "true".
    if (key_id_1 == key_id_2) return true;
    //= compliance/framework/aws-kms/aws-kms-mrk-match-for-decrypt.txt#2.5
    //# Otherwise if either input is not identified as a multi-Region key
    //# (aws-kms-key-arn.md#identifying-an-aws-kms-multi-region-key), then
    //# this function MUST return "false".
    if (!is_kms_mrk_identifier(key_id_1) || !is_kms_mrk_identifier(key_id_2)) return false;

    //= compliance/framework/aws-kms/aws-kms-mrk-match-for-decrypt.txt#2.5
    //# Otherwise if both inputs are
    //# identified as a multi-Region keys (aws-kms-key-arn.md#identifying-an-
    //# aws-kms-multi-region-key), this function MUST return the result of
    //# comparing the "partition", "service", "accountId", "resourceType",
    //# and "resource" parts of both ARN inputs.
    Aws::Utils::ARN key_arn_1(key_id_1);
    Aws::Utils::ARN key_arn_2(key_id_2);
    if (!key_arn_1 || !key_arn_2) return false;
    return (
        key_arn_1.GetPartition() == key_arn_2.GetPartition() && key_arn_1.GetService() == key_arn_2.GetService() &&
        key_arn_1.GetAccountId() == key_arn_2.GetAccountId() && key_arn_1.GetResource() == key_arn_2.GetResource());
}