From 3cc513a8efe795b31b59f48dc94ed2600459e73c Mon Sep 17 00:00:00 2001
From: Arman Ghotb <armang@google.com>
Date: Tue, 13 Jan 2026 09:58:50 -0800
Subject: [PATCH] Add @Immutable annotations to VerificationResult and its
 subclasses.

This change marks the VerificationResult sealed interface and all its concrete data classes as immutable. Suppressions are added for types like PublicKey and Exception, which are effectively immutable for the purposes of this class but not formally annotated as such.

PiperOrigin-RevId: 855770774
---
 src/main/kotlin/Verifier.kt | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/src/main/kotlin/Verifier.kt b/src/main/kotlin/Verifier.kt
index b7a81ba..0225579 100644
--- a/src/main/kotlin/Verifier.kt
+++ b/src/main/kotlin/Verifier.kt
@@ -23,6 +23,7 @@ import com.android.keyattestation.verifier.provider.ProvisioningMethod
 import com.android.keyattestation.verifier.provider.RevocationChecker
 import com.google.common.collect.ImmutableList
 import com.google.common.util.concurrent.ListenableFuture
+import com.google.errorprone.annotations.Immutable
 import com.google.errorprone.annotations.ThreadSafe
 import com.google.protobuf.ByteString
 import com.google.protobuf.kotlin.toByteString
@@ -42,8 +43,13 @@ import kotlinx.coroutines.guava.future
 import kotlinx.coroutines.runBlocking
 
 /** The result of verifying an Android Key Attestation certificate chain. */
+@Immutable
 sealed interface VerificationResult {
+  @Immutable
   data class Success(
+    @SuppressWarnings(
+      "Immutable"
+    ) // PublicKey implementations are immutable but not marked as such.
     val publicKey: PublicKey,
     val challenge: ByteString,
     val securityLevel: SecurityLevel,
@@ -52,18 +58,31 @@ sealed interface VerificationResult {
     val attestedDeviceIds: DeviceIdentity,
   ) : VerificationResult
 
-  data object ChallengeMismatch : VerificationResult
+  @Immutable data object ChallengeMismatch : VerificationResult
 
-  data class PathValidationFailure(val cause: CertPathValidatorException) : VerificationResult
+  @Immutable
+  data class PathValidationFailure(
+    @SuppressWarnings("Immutable") // Exceptions are not deeply immutable.
+    val cause: CertPathValidatorException
+  ) : VerificationResult
 
-  data class ChainParsingFailure(val cause: Exception) : VerificationResult
+  @Immutable
+  data class ChainParsingFailure(
+    @SuppressWarnings("Immutable") // Exceptions are not deeply immutable.
+    val cause: Exception
+  ) : VerificationResult
 
-  data class ExtensionParsingFailure(val cause: ExtensionParsingException) : VerificationResult
+  @Immutable
+  data class ExtensionParsingFailure(
+    @SuppressWarnings("Immutable") // Exceptions are not deeply immutable.
+    val cause: ExtensionParsingException
+  ) : VerificationResult
 
+  @Immutable
   data class ExtensionConstraintViolation(val cause: String, val reason: KeyAttestationReason) :
     VerificationResult
 
-  data object SoftwareAttestationUnsupported : VerificationResult
+  @Immutable data object SoftwareAttestationUnsupported : VerificationResult
 }
 
 /**