private def signerForActiveSecret()

in play/play-v29/RotatingSecretComponents.scala [78:102]

• 13 lines of code
• 2 McCabe index (conditional complexity)

    private def signerForActiveSecret() = signerCache.get(snapshotProvider.snapshot().secrets.active)
    
    override def signToken(token: String): String = signerForActiveSecret().signToken(token)
    override def generateToken: String = signerForActiveSecret().generateToken
    override def generateSignedToken: String = signerForActiveSecret().generateSignedToken
    override def constantTimeEquals(a: String, b: String): Boolean = signerForActiveSecret().constantTimeEquals(a, b)

    /**
     * This method verifies tokens which may have been signed with a previous secret that we still consider valid
     * for now. It tries all applicable secrets to see if any of them can verify the token.
     */
    override def extractSignedToken(token: String): Option[String] =
      snapshotProvider.snapshot().decodeOpt(secret => signerCache.get(secret).extractSignedToken(token))

    /**
     * It's important that this method doesn't just delegate to an underlying `DefaultCSRFTokenSigner`, because this
     * method uses the `extractSignedToken()` method, and we need to use the tolerant version of that method that's
     * only available in _this_ class.
     */
    override def compareSignedTokens(tokenA: String, tokenB: String): Boolean = {
      for {
        rawA <- extractSignedToken(tokenA)
        rawB <- extractSignedToken(tokenB)
      } yield MessageDigest.isEqual(rawA.getBytes("utf-8"), rawB.getBytes("utf-8"))
    }.getOrElse(false)