public static boolean verifyCert()

in java/remoteprovisioning/CryptoUtil.java [472:516]

• 43 lines of code
• 7 McCabe index (conditional complexity)

  public static boolean verifyCert(
      CBORObject verifyingCertCbor, CBORObject certToVerifyCbor, OneKey expectedKey)
      throws CborException, CryptoException {
    Sign1Message certToVerify = new Sign1Message();
    Sign1Message verifyingCert = new Sign1Message();
    OneKey verifyingKey;
    try {
      certToVerify =
          (Sign1Message)
              Message.DecodeFromBytes(certToVerifyCbor.EncodeToBytes(), MessageTag.Sign1);
      verifyingCert =
          (Sign1Message)
              Message.DecodeFromBytes(verifyingCertCbor.EncodeToBytes(), MessageTag.Sign1);
      verifyingKey = new OneKey(CBORObject.DecodeFromBytes(verifyingCert.GetContent()));
    } catch (CoseException e) {
      throw new CborException(
          "Failed to decode certificates or their content", e, CborException.DESERIALIZATION_ERROR);
    }

    try {
      if (!certToVerify.validate(verifyingKey)) {
        return false;
      }
    } catch (CoseException e) {
      throw new CryptoException(
          "Failed to validate certificate chain", e, CryptoException.VERIFICATION_FAILURE);
    }

    try {
      if (expectedKey != null) {
        OneKey verifiedKey = new OneKey(CBORObject.DecodeFromBytes(certToVerify.GetContent()));
        if (!Arrays.equals(
            verifiedKey.get(KeyKeys.OKP_X).GetByteString(),
            expectedKey.get(KeyKeys.OKP_X).GetByteString())) {
          throw new CryptoException(
              "Key in certificate does not match the expected key",
              CryptoException.VERIFICATION_FAILURE);
        }
      }
    } catch (CoseException e) {
      throw new CborException(
          "Failed to decode certificates or their content", e, CborException.DESERIALIZATION_ERROR);
    }
    return true;
  }