public static AwsKmsCmkArnInfo parseInfoFromKeyArn()

in src/main/java/com/amazonaws/encryptionsdk/internal/AwsKmsCmkArnInfo.java [20:76]

• 28 lines of code
• 11 McCabe index (conditional complexity)

  public static AwsKmsCmkArnInfo parseInfoFromKeyArn(final String keyArn) {
    /* Precondition: keyArn must be a string. */
    if (keyArn == null || keyArn.isEmpty()) return null;

    final String[] parts = AwsKmsArnParts.splitArn(keyArn);

    // = compliance/framework/aws-kms/aws-kms-key-arn.txt#2.5
    // # MUST start with string "arn"
    if (!arnLiteral.equals(parts[AwsKmsArnParts.ArnLiteral.index()])) {
      return null;
    }

    // = compliance/framework/aws-kms/aws-kms-key-arn.txt#2.5
    // # The service MUST be the string "kms"
    if (!kmsServiceName.equals(parts[AwsKmsArnParts.Service.index()])) {
      return null;
    }

    // = compliance/framework/aws-kms/aws-kms-key-arn.txt#2.5
    // # The partition MUST be a non-empty
    //
    // = compliance/framework/aws-kms/aws-kms-key-arn.txt#2.5
    // # The region MUST be a non-empty string
    //
    // = compliance/framework/aws-kms/aws-kms-key-arn.txt#2.5
    // # The account MUST be a non-empty string
    //
    final boolean emptyParts = Arrays.stream(parts).anyMatch(String::isEmpty);
    if (emptyParts || AwsKmsArnParts.values().length != parts.length) return null;

    // = compliance/framework/aws-kms/aws-kms-key-arn.txt#2.5
    // # The resource section MUST be non-empty and MUST be split by a
    // # single "/" any additional "/" are included in the resource id
    String[] resourceParts =
        AwsKmsArnParts.Resource.splitResourceParts(parts[AwsKmsArnParts.ResourceParts.index()]);

    // = compliance/framework/aws-kms/aws-kms-key-arn.txt#2.5
    // # The resource id MUST be a non-empty string
    if (Arrays.stream(resourceParts).anyMatch(String::isEmpty)
        || AwsKmsArnParts.Resource.values().length > resourceParts.length) {
      return null;
    }

    // = compliance/framework/aws-kms/aws-kms-key-arn.txt#2.5
    // # The resource type MUST be either "alias" or "key"
    if (!("key".equals(resourceParts[AwsKmsArnParts.Resource.ResourceType.index()])
        || "alias".equals(resourceParts[AwsKmsArnParts.Resource.ResourceType.index()]))) {
      return null;
    }

    return new AwsKmsCmkArnInfo(
        parts[AwsKmsArnParts.Partition.index()],
        parts[AwsKmsArnParts.Region.index()],
        parts[AwsKmsArnParts.Account.index()],
        resourceParts[AwsKmsArnParts.Resource.ResourceType.index()],
        resourceParts[AwsKmsArnParts.Resource.Resource.index()]);
  }