Simplify JwtFormat.validateHeader in Java.

PiperOrigin-RevId: 390994865

1 files changed, 9 insertions, 16 deletions

diff --git a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java
index 62d8fa4c7..e9b6e7b75 100644
--- a/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java
+++ b/java_src/src/main/java/com/google/crypto/tink/jwt/JwtFormat.java
@@ -115,23 +115,16 @@ final class JwtFormat {
   static void validateHeader(String expectedAlgorithm, JsonObject parsedHeader)
       throws InvalidAlgorithmParameterException, JwtInvalidException {
     validateAlgorithm(expectedAlgorithm);
-    if (!parsedHeader.has(JwtNames.HEADER_ALGORITHM)) {
-      throw new JwtInvalidException("missing algorithm in header");
-    }
-    for (String name : parsedHeader.keySet()) {
-      if (name.equals(JwtNames.HEADER_ALGORITHM)) {
-        String algorithm = getStringHeader(parsedHeader, JwtNames.HEADER_ALGORITHM);
-        if (!algorithm.equals(expectedAlgorithm)) {
-          throw new InvalidAlgorithmParameterException(
-              String.format(
-                  "invalid algorithm; expected %s, got %s", expectedAlgorithm, algorithm));
-        }
-      } else if (name.equals(JwtNames.HEADER_CRITICAL)) {
-        throw new JwtInvalidException(
-            "all tokens with crit headers are rejected");
-      }
-      // Ignore all other headers
+    String algorithm = getStringHeader(parsedHeader, JwtNames.HEADER_ALGORITHM);
+    if (!algorithm.equals(expectedAlgorithm)) {
+      throw new InvalidAlgorithmParameterException(
+          String.format(
+              "invalid algorithm; expected %s, got %s", expectedAlgorithm, algorithm));
+    }
+    if (parsedHeader.has(JwtNames.HEADER_CRITICAL)) {
+      throw new JwtInvalidException("all tokens with crit headers are rejected");
     }
+    // Ignore all other headers
   }
 
   static Optional<String> getTypeHeader(JsonObject header) throws JwtInvalidException {