More review comments addressed

pmathew92 · pmathew92 · commit b5cda3476bb6 · 2025-11-23T19:51:28.000+05:30
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
@@ -68,6 +68,7 @@ class CryptoUtil {
 
     private static final int GCM_TAG_LENGTH = 16;
     private static final int MIN_DATA_LENGTH = 1;
+    private static final int FORMAT_HEADER_LENGTH = 2;
 
     private final String OLD_KEY_ALIAS;
     private final String OLD_KEY_IV_ALIAS;
@@ -469,7 +470,7 @@ public byte[] decrypt(byte[] encryptedInput) throws CryptoException, Incompatibl
      * @return true if new format, false if legacy format
      */
     @VisibleForTesting
-    boolean isNewFormat(byte[] encryptedInput) {
+    private boolean isNewFormat(byte[] encryptedInput) {
 
         // Boundary check
         if (encryptedInput == null || encryptedInput.length < 2) {
@@ -493,7 +494,7 @@ boolean isNewFormat(byte[] encryptedInput) {
 
         // Verify minimum total length
         // Need: marker(1) + length(1) + IV(12-16) + GCM tag(16) + data(1+)
-        int minLength = 2 + ivLength + GCM_TAG_LENGTH + MIN_DATA_LENGTH;
+        int minLength = FORMAT_HEADER_LENGTH + ivLength + GCM_TAG_LENGTH + MIN_DATA_LENGTH;
         return encryptedInput.length >= minLength;
     }
 
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt b/auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt
@@ -969,9 +969,9 @@ public class SecureCredentialsManager @VisibleForTesting(otherwise = VisibleForT
             //Check if existing api credentials are present and valid
 
             encryptedEncodedJson?.let { encryptedEncoded ->
-                val decoded = Base64.decode(encryptedEncoded, Base64.DEFAULT)
+                val encrypted = Base64.decode(encryptedEncoded, Base64.DEFAULT)
                 val json: String = try {
-                    String(crypto.decrypt(decoded))
+                    String(crypto.decrypt(encrypted))
                 } catch (e: IncompatibleDeviceException) {
                     callback.onFailure(
                         CredentialsManagerException(
