diff --git a/.maven/maven-publish.sh b/.maven/maven-publish.sh
index 96241c4..8ff385c 100755
--- a/.maven/maven-publish.sh
+++ b/.maven/maven-publish.sh
@@ -29,4 +29,4 @@ curl --request POST \
--verbose \
--header "Authorization: Bearer ${MAVEN_CREDENTIALS}" \
--form "bundle=@${BODY_ARTIFACT}" \
- "https://central.sonatype.com/api/v1/publisher/upload?publishingType=USER_MANAGED&name=service.httpsurlconn"
+ "https://central.sonatype.com/api/v1/publisher/upload?publishingType=AUTOMATIC&name=service.httpsurlconn"
diff --git a/approov-service/pom.xml b/approov-service/pom.xml
index 0f8933a..8e9d67b 100644
--- a/approov-service/pom.xml
+++ b/approov-service/pom.xml
@@ -40,7 +40,7 @@
io.approov
approov-android-sdk
- 3.5.1
+ 3.5.3
runtime
diff --git a/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovService.java b/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovService.java
index 1b36515..2983129 100644
--- a/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovService.java
+++ b/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovService.java
@@ -516,6 +516,74 @@ else if (approovResults.getStatus() != Approov.TokenFetchStatus.SUCCESS)
return approovResults.getToken();
}
+ /**
+ * Gets the last ARC (Attestation Response Code) code.
+ *
+ * Always resolves with a string (ARC or empty string).
+ * NOTE: You MUST only call this method upon succesfull attestation completion. Any networking
+ * errors returned from the service layer will not return a meaningful ARC code if the method is called!!!
+ * @return String ARC from last attestation request or empty string if network unavailable
+ */
+ public static String getLastARC() {
+ // Get the dynamic pins from Approov
+ Map> approovPins = Approov.getPins("public-key-sha256");
+ if (approovPins == null || approovPins.isEmpty()) {
+ Log.e(TAG, "ApproovService: no host pinning information available");
+ return "";
+ }
+ // The approovPins contains a map of hostnames to pin strings. Skip '*' and use another hostname if available.
+ String hostname = null;
+ for (String key : approovPins.keySet()) {
+ if (!"*".equals(key)) {
+ hostname = key;
+ break;
+ }
+ }
+ if (hostname != null) {
+ try {
+ Approov.TokenFetchResult result = Approov.fetchApproovTokenAndWait(hostname);
+ if (result.getToken() != null && !result.getToken().isEmpty()) {
+ String arc = result.getARC();
+ if (arc != null) {
+ return arc;
+ }
+ }
+ Log.i(TAG, "ApproovService: ARC code unavailable");
+ return "";
+ } catch (Exception e) {
+ Log.e(TAG, "ApproovService: error fetching ARC", e);
+ return "";
+ }
+ } else {
+ Log.i(TAG, "ApproovService: ARC code unavailable");
+ return "";
+ }
+ }
+
+ /**
+ * Sets an install attributes token to be sent to the server and associated with this particular
+ * app installation for future Approov token fetches. The token must be signed, within its
+ * expiry time and bound to the correct device ID for it to be accepted by the server.
+ * Calling this method ensures that the next call to fetch an Approov
+ * token will not use a cached version, so that this information can be transmitted to the server.
+ *
+ * @param attrs is the signed JWT holding the new install attributes
+ * @return void
+ * @throws ApproovException if the attrs parameter is invalid or the SDK is not initialized
+ */
+ public static void setInstallAttrsInToken(String attrs) throws ApproovException {
+ try {
+ Approov.setInstallAttrsInToken(attrs);
+ Log.d(TAG, "setInstallAttrsInToken");
+ } catch (IllegalArgumentException e) {
+ Log.e(TAG, "setInstallAttrsInToken failed with IllegalArgument: " + e.getMessage());
+ throw new ApproovException("setInstallAttrsInToken: " + e.getMessage());
+ } catch (IllegalStateException e) {
+ Log.e(TAG, "setInstallAttrsInToken failed with IllegalState: " + e.getMessage());
+ throw new ApproovException("setInstallAttrsInToken: " + e.getMessage());
+ }
+ }
+
/**
* Adds Approov to the given connection. The Approov token is added in a header and this
* also overrides the HostnameVerifier with something that pins the connections. If a