Apply suggestions from review

data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt

@@ -83,22 +83,32 @@ class VaultConfig private constructor(builder: VaultConfigBuilder) {
 		fun decode(token: String): UnverifiedVaultConfig {
 			val unverifiedJwt = JWT.decode(token)
 			val vaultFormat = unverifiedJwt.getClaim(JSON_KEY_VAULTFORMAT).asInt()
-			val keyId = URI.create(unverifiedJwt.keyId)
+			val keyId = try {
+				URI.create(unverifiedJwt.keyId)
+			} catch (e: IllegalArgumentException) {
+				throw VaultConfigLoadException("Invalid 'keyId' in JWT: ${e.message}", e)
+			}
 			if (keyId.scheme.startsWith(CryptoConstants.HUB_SCHEME)) {
 				val hubClaim = unverifiedJwt.getHeaderClaim("hub").asMap()
-				val clientId = hubClaim["clientId"] as String
-				val authEndpoint = hubClaim["authEndpoint"] as String
-				val tokenEndpoint = hubClaim["tokenEndpoint"] as String
-				val authSuccessUrl = hubClaim["authSuccessUrl"] as String
-				val authErrorUrl = hubClaim["authErrorUrl"] as String
-				val apiBaseUrl = hubClaim["apiBaseUrl"] as String
-				val devicesResourceUrl = hubClaim["devicesResourceUrl"] as String
-				return UnverifiedHubVaultConfig(token, keyId, vaultFormat, clientId, authEndpoint, tokenEndpoint, authSuccessUrl, authErrorUrl, apiBaseUrl, devicesResourceUrl)
+				val clientId = hubClaim["clientId"] as? String ?: throw VaultConfigLoadException("Missing or invalid 'clientId' claim in JWT header")
+				val authEndpoint = parseUri(hubClaim, "authEndpoint")
+				val tokenEndpoint = parseUri(hubClaim, "tokenEndpoint")
+				val apiBaseUrl = parseUri(hubClaim, "apiBaseUrl")
+				return UnverifiedHubVaultConfig(token, keyId, vaultFormat, clientId, authEndpoint, tokenEndpoint, apiBaseUrl)
 			} else {
 				return UnverifiedVaultConfig(token, keyId, vaultFormat)
 			}
 		}
 
+		private fun parseUri(uriValue: Map<String, Any>, fieldName: String): URI {
+			val uriString = uriValue[fieldName] as? String ?: throw VaultConfigLoadException("Missing or invalid '$fieldName' claim in JWT header")
+			return try {
+				URI.create(uriString)
+			} catch (e: IllegalArgumentException) {
+				throw VaultConfigLoadException("Invalid '$fieldName' URI: ${e.message}", e)
+			}
+		}
+
 		@JvmStatic
 		@Throws(VaultKeyInvalidException::class, VaultVersionMismatchException::class, VaultConfigLoadException::class)
 		fun verify(rawKey: ByteArray, unverifiedVaultConfig: UnverifiedVaultConfig): VaultConfig {

data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java

@@ -85,7 +85,7 @@ public String getVaultKeyJwe(UnverifiedHubVaultConfig unverifiedHubVaultConfig,
 					throw new FatalBackendException("Failed with response code " + response.code());
 			}
 		} catch (IOException e) {
-			throw new RuntimeException(e);
+			throw new FatalBackendException(e);
 		}
 	}
 

domain/src/main/java/org/cryptomator/domain/UnverifiedHubVaultConfig.kt

@@ -7,12 +7,9 @@ class UnverifiedHubVaultConfig(
 	override val keyId: URI,
 	override val vaultFormat: Int,
 	val clientId: String,
-	val authEndpoint: String,
-	val tokenEndpoint: String,
-	val authSuccessUrl: String,
-	val authErrorUrl: String,
-	val apiBaseUrl: String?,
-	val devicesResourceUrl: String,
+	val authEndpoint: URI,
+	val tokenEndpoint: URI,
+	val apiBaseUrl: URI
 ) : UnverifiedVaultConfig(jwt, keyId, vaultFormat) {
 
 	fun vaultId(): String {

domain/src/main/java/org/cryptomator/domain/exception/vaultconfig/VaultConfigLoadException.java

@@ -1,7 +1,5 @@
 package org.cryptomator.domain.exception.vaultconfig;
 
-import com.auth0.jwt.exceptions.JWTVerificationException;
-
 import org.cryptomator.domain.exception.BackendException;
 
 public class VaultConfigLoadException extends BackendException {
@@ -10,7 +8,7 @@ public VaultConfigLoadException(String message) {
 		super(message);
 	}
 
-	public VaultConfigLoadException(String message, JWTVerificationException e) {
+	public VaultConfigLoadException(String message, Throwable e) {
 		super(message, e);
 	}
 

presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt

@@ -180,7 +180,7 @@ class UnlockVaultPresenter @Inject constructor(
 	}
 
 	private fun buildHubAuthIntent(unverifiedVaultConfig: UnverifiedHubVaultConfig): Intent? {
-		val serviceConfig = AuthorizationServiceConfiguration(Uri.parse(unverifiedVaultConfig.authEndpoint), Uri.parse(unverifiedVaultConfig.tokenEndpoint))
+		val serviceConfig = AuthorizationServiceConfiguration(Uri.parse(unverifiedVaultConfig.authEndpoint.toString()), Uri.parse(unverifiedVaultConfig.tokenEndpoint.toString()))
 		val authRequestBuilder = AuthorizationRequest.Builder(
 			serviceConfig,
 			unverifiedVaultConfig.clientId,
@@ -545,12 +545,8 @@ class UnlockVaultPresenter @Inject constructor(
 	}
 
 	fun onGoToHubProfileClicked(unverifiedVaultConfig: UnverifiedHubVaultConfig) {
-		val userProfileUri = unverifiedVaultConfig.apiBaseUrl.let { baseUrl ->
-			val trimmedPath = baseUrl.toString().removeSuffix("/").substringBeforeLast("/")
-			Uri.parse("$trimmedPath/app/profile")
-		}
 		val intent = Intent(Intent.ACTION_VIEW)
-		intent.data = userProfileUri
+		intent.data =  Uri.parse(unverifiedVaultConfig.apiBaseUrl.resolve("../app/profile").toString())
 		requestActivityResult(ActivityResultCallbacks.onGoToHubProfileFinished(), intent)
 	}
 

presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt

@@ -34,10 +34,10 @@ class CreateHubDeviceDialog : BaseProgressErrorDialog<CreateHubDeviceDialog.Call
 		dialog?.let {
 			createDeviceButton = dialog.getButton(android.app.Dialog.BUTTON_POSITIVE)
 			createDeviceButton?.setOnClickListener {
-				showProgress(ProgressModel(ProgressStateModel.CREATING_HUB_DEVICE))
 				val vaultModel = requireArguments().getSerializable(VAULT_ARG) as VaultModel
 				val unverifiedVaultConfig = requireArguments().getSerializable(VAULT_CONFIG_ARG) as UnverifiedHubVaultConfig
 				if (valid(binding.etDeviceName.text.toString(), binding.etSetupCode.text.toString())) {
+					showProgress(ProgressModel(ProgressStateModel.CREATING_HUB_DEVICE))
 					callback?.onCreateHubDeviceClicked(vaultModel, unverifiedVaultConfig, binding.etDeviceName.text.toString(), binding.etSetupCode.text.toString())
 					onWaitForResponse(binding.etDeviceName)
 				}

presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubUserSetupRequiredDialog.kt

@@ -40,7 +40,6 @@ class HubUserSetupRequiredDialog : BaseDialog<HubUserSetupRequiredDialog.Callbac
 	}
 
 	public override fun setupView() {
-		super.onStart()
 		val dialog = dialog as AlertDialog?
 		dialog?.let {
 			goToProfileButton = dialog.getButton(android.app.Dialog.BUTTON_POSITIVE)