val response = httpClient.newCall(request).execute() if (!response.isSuccessful) throw LicenseException("Server error ($response.code)")

classpath = configurations["runtimeClasspath"] mainClass.set("com.apeaksoft.toolkit.license.LicenseVerifierMain") // tiny wrapper class

/** Helper: verify server‑side HMAC signature */ private fun verifySignature(data: String, signature: String): Boolean val secret = "s3cr3t_server_key".toByteArray(Charsets.UTF_8) // not really hard‑coded in production val mac = javax.crypto.Mac.getInstance("HmacSHA256") mac.init(javax.crypto.spec.SecretKeySpec(secret, "HmacSHA256")) val expected = Base64.getEncoder().encodeToString(mac.doFinal(data.toByteArray())) return expected == signature