chore: resolve comments

boikoa-gl · boikoa-gl · commit 18f5ecb7282f · 2026-01-16T15:04:53.000+01:00
diff --git a/src/main/java/com/google/firebase/fpnv/FirebasePnvToken.java b/src/main/java/com/google/firebase/fpnv/FirebasePnvToken.java
@@ -31,9 +31,9 @@ public class FirebasePnvToken {
   private final Map<String, Object> claims;
 
   /**
-   * Create an instance of {@link FirebasePnvToken} from {@link JWTClaimsSet} claims.
+   * Create an instance of {@link FirebasePnvToken} from a map of JWT claims.
    *
-   * @param claims Map claims.
+   * @param claims A map of JWT claims.
    */
   public FirebasePnvToken(Map<String, Object> claims) {
     checkArgument(claims != null && claims.containsKey("sub"),
@@ -91,6 +91,6 @@ public long getIssuedAt() {
    * Returns the entire map of claims.
    */
   public Map<String, Object> getClaims() {
-    return claims;
+    return ImmutableMap.copyOf(claims);
   }
 }
diff --git a/src/main/java/com/google/firebase/fpnv/internal/FirebasePnvTokenVerifier.java b/src/main/java/com/google/firebase/fpnv/internal/FirebasePnvTokenVerifier.java
@@ -77,19 +77,12 @@ public FirebasePnvToken verifyToken(String token) throws FirebasePnvException {
     checkArgument(!Strings.isNullOrEmpty(token), "FPNV token must not be null or empty");
 
     try {
-      // Parse the token first to inspect header
       SignedJWT signedJwt = SignedJWT.parse(token);
-
-      // Explicitly verify the header (alg & kid)
       verifyHeader(signedJwt.getHeader());
 
-      // Verify Signature and Structure
       JWTClaimsSet claims = jwtProcessor.process(signedJwt, null);
-
-      // Verify Claims (Issuer, Audience, Expiration)
       verifyClaims(claims);
 
-      // Construct Token Object
       return new FirebasePnvToken(claims.getClaims());
     } catch (ParseException e) {
       throw new FirebasePnvException(
@@ -122,7 +115,7 @@ public FirebasePnvToken verifyToken(String token) throws FirebasePnvException {
 
   private void verifyHeader(JWSHeader header) throws FirebasePnvException {
     // Check Algorithm (alg)
-    if (!JWSAlgorithm.ES256.equals(header.getAlgorithm())) {
+    if (!header.getAlgorithm().equals(JWSAlgorithm.ES256)) {
       throw new FirebasePnvException(
           FirebasePnvErrorCode.INVALID_ARGUMENT,
           "FPNV has incorrect 'algorithm'. Expected " + JWSAlgorithm.ES256.getName()
@@ -135,8 +128,8 @@ private void verifyHeader(JWSHeader header) throws FirebasePnvException {
           "FPNV has no 'kid' claim."
       );
     }
-    // Check Typ (typ)
-    if (Objects.isNull(header.getType()) || !HEADER_TYP.equals(header.getType().getType())) {
+    // Check Type (typ)
+    if (Objects.isNull(header.getType()) || !header.getType().toString().equals(HEADER_TYP)) {
       throw new FirebasePnvException(
           FirebasePnvErrorCode.INVALID_ARGUMENT,
           "FPNV has incorrect 'typ'. Expected " + HEADER_TYP

Original file line number	Diff line number	Diff line change
`@@ -31,9 +31,9 @@ public class FirebasePnvToken {`
`31`	`31`	`private final Map<String, Object> claims;`
`32`	`32`
`33`	`33`	`/**`
`34`		`- * Create an instance of {@link FirebasePnvToken} from {@link JWTClaimsSet} claims.`
	`34`	`+ * Create an instance of {@link FirebasePnvToken} from a map of JWT claims.`
`35`	`35`	`*`
`36`		`- * @param claims Map claims.`
	`36`	`+ * @param claims A map of JWT claims.`
`37`	`37`	`*/`
`38`	`38`	`public FirebasePnvToken(Map<String, Object> claims) {`
`39`	`39`	`checkArgument(claims != null && claims.containsKey("sub"),`
`@@ -91,6 +91,6 @@ public long getIssuedAt() {`
`91`	`91`	`* Returns the entire map of claims.`
`92`	`92`	`*/`
`93`	`93`	`public Map<String, Object> getClaims() {`
`94`		`- return claims;`
	`94`	`+ return ImmutableMap.copyOf(claims);`
`95`	`95`	`}`
`96`	`96`	`}`