public static function verifySignature()

in src/SignedSourceBase.hack [88:108]

• 17 lines of code
• 3 McCabe index (conditional complexity)

  public static function verifySignature(string $file_data): bool {
    $signatures =
      Regex\every_match($file_data, static::getPattern())
      |> Vec\filter($$, $m ==> $m['token_name'] === static::getTokenName())
      |> Keyset\map($$, $m ==> $m['signature']);

    if (C\is_empty($signatures)) {
      throw new \Exception('Can not verify the signature of an unsigned file.');
    } else if (C\count($signatures) > 1) {
      throw new \Exception('File has multiple different signatures.');
    }

    $signature = C\onlyx($signatures);

    $expected_signature = $file_data
      |> Str\replace($$, 'SignedSource<<'.$signature.'>>', static::TOKEN)
      |> static::preprocess($$)
      |> \md5($$);

    return $signature === $expected_signature;
  }