Check Android License during Hub unlock

[SailReal]

No description provided.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c555865f-d97d-4c2d-87f0-555afd37b3ed

📥 Commits

Reviewing files that changed from the base of the PR and between 64999c4 and bcdc5c3.

📒 Files selected for processing (1)

• data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java

🚧 Files skipped from review as they are similar to previous changes (1)

• data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java

---

Walkthrough

This PR refactors JWT license verification across the domain and data layers. A new AndroidLicenseVerifier utility extracts ECDSA512 validation logic, handling EC public-key decoding and JWT verification. DoLicenseCheck is updated to delegate signature verification to this utility in both execute() and isDesktopSupporterCertificate(), removing local key-parsing code. HubRepositoryImpl adds subscription state resolution that prefers validating the Hub-Android-License response header via the new verifier and falls back to the Hub-Subscription-State header if the license is absent or invalid.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to assess whether the description is related to the changeset.	Add a pull request description that explains the purpose of these changes, the Android license verification mechanism, and why it's necessary for Hub unlock functionality.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: implementing Android license verification during Hub unlock process, which aligns with the primary modification to HubRepositoryImpl and addition of AndroidLicenseVerifier.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/check-android-license-in-hub-unlock

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java`:
- Around line 101-112: In isAndroidLicenseValid (HubRepositoryImpl) remove the
redundant null/empty guard (androidLicense == null || androidLicense.isEmpty())
since callers already ensure a non-null/non-empty Hub-Android-License, and keep
the try/catch around AndroidLicenseVerifier.verify(...). Also fix the Timber
error call in the catch block to use the Throwable-first overload
(Timber.tag("HubRepositoryImpl").e(e, "Failed to validate Android license
retrieved from Hub")) so the exception is passed as the first argument; retain
the existing caught exception types (JWTVerificationException,
NoSuchAlgorithmException, InvalidKeySpecException, FatalBackendException).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 329253c7-4d5a-4a19-9953-0c955495d8f4

📥 Commits

Reviewing files that changed from the base of the PR and between 2079e38 and 64999c4.

📒 Files selected for processing (3)

• data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java
• domain/src/main/java/org/cryptomator/domain/usecases/AndroidLicenseVerifier.java
• domain/src/main/java/org/cryptomator/domain/usecases/DoLicenseCheck.java