private static boolean validateSignatures()

in auth-lib/src/main/java/com/spotify/sdk/android/auth/app/SpotifyNativeAuthUtil.java [205:228]

• 21 lines of code
• 7 McCabe index (conditional complexity)

    private static boolean validateSignatures(@NonNull Sha1HashUtil sha1HashUtil,
                                              @Nullable Signature[] apkSignatures) {
        if (apkSignatures == null || apkSignatures.length == 0) {
            return false;
        }

        for (Signature actualApkSignature : apkSignatures) {
            final String signatureString = actualApkSignature.toCharsString();
            final String sha1Signature = sha1HashUtil.sha1Hash(signatureString);
            boolean matchesSignature = false;
            for (String knownSpotifyHash : SPOTIFY_SIGNATURE_HASH) {
                if (knownSpotifyHash.equalsIgnoreCase(sha1Signature)) {
                    matchesSignature = true;
                    break;
                }
            }

            // Abort upon finding a non matching signature
            if (!matchesSignature) {
                return false;
            }
        }
        return true;
    }