private void checkContents()

in src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java [167:229]

• 59 lines of code
• 13 McCabe index (conditional complexity)

  private void checkContents(final IdToken idToken, boolean isEmulatorMode)
      throws FirebaseAuthException {
    final Header header = idToken.getHeader();
    final Payload payload = idToken.getPayload();

    final long currentTimeMillis = idTokenVerifier.getClock().currentTimeMillis();
    String errorMessage = null;
    AuthErrorCode errorCode = invalidTokenErrorCode;

    if (!isEmulatorMode && header.getKeyId() == null) {
      errorMessage = getErrorForTokenWithoutKid(header, payload);
    } else if (!isEmulatorMode && !RS256.equals(header.getAlgorithm())) {
      errorMessage = String.format(
          "Firebase %s has incorrect algorithm. Expected \"%s\" but got \"%s\".",
          shortName,
          RS256,
          header.getAlgorithm());
    } else if (!idToken.verifyAudience(idTokenVerifier.getAudience())) {
      errorMessage = String.format(
          "Firebase %s has incorrect \"aud\" (audience) claim. Expected \"%s\" but got \"%s\". %s",
          shortName,
          joinWithComma(idTokenVerifier.getAudience()),
          joinWithComma(payload.getAudienceAsList()),
          getProjectIdMatchMessage());
    } else if (!idToken.verifyIssuer(idTokenVerifier.getIssuers())) {
      errorMessage = String.format(
          "Firebase %s has incorrect \"iss\" (issuer) claim. Expected \"%s\" but got \"%s\". %s",
          shortName,
          joinWithComma(idTokenVerifier.getIssuers()),
          payload.getIssuer(),
          getProjectIdMatchMessage());
    } else if (payload.getSubject() == null) {
      errorMessage = String.format(
          "Firebase %s has no \"sub\" (subject) claim.",
          shortName);
    } else if (payload.getSubject().isEmpty()) {
      errorMessage = String.format(
          "Firebase %s has an empty string \"sub\" (subject) claim.",
          shortName);
    } else if (payload.getSubject().length() > 128) {
      errorMessage = String.format(
          "Firebase %s has \"sub\" (subject) claim longer than 128 characters.",
          shortName);
    } else if (!idToken.verifyExpirationTime(
        currentTimeMillis, idTokenVerifier.getAcceptableTimeSkewSeconds())) {
      errorMessage = String.format(
          "Firebase %s has expired. Get a fresh %s and try again.",
          shortName,
          shortName);
      // Also set the expired error code.
      errorCode = expiredTokenErrorCode;
    } else if (!idToken.verifyIssuedAtTime(
        currentTimeMillis, idTokenVerifier.getAcceptableTimeSkewSeconds())) {
      errorMessage = String.format(
          "Firebase %s is not yet valid.",
          shortName);
    }

    if (errorMessage != null) {
      String detailedError = String.format("%s %s", errorMessage, getVerifyTokenMessage());
      throw newException(detailedError, errorCode);
    }
  }