Feature/merge remove binary target#9
Open
ivolz wants to merge 75 commits into
Open
Conversation
added 12 commits
April 3, 2026 09:40
…for service-layers; add testing dependency on mini-sdk and unit/integrations tests
… action rejection
There was a problem hiding this comment.
Pull request overview
Ports the service-layer mutator pattern and HTTP message signing support to the Volley integration, updates initialization semantics, and adds a mini-SDK based test harness with refreshed GitHub Actions workflows for CI validation.
Changes:
- Introduces
ApproovServiceMutatorhooks across request processing, secure-string substitution, and direct-fetch helpers, plus new status-based exception types. - Adds HTTP message signing for Volley via
ApproovDefaultMessageSigningand supporting Structured Field Values / signature utilities. - Integrates mini-SDK + Robolectric/Mockito test coverage and updates CI workflows/build configuration.
Reviewed changes
Copilot reviewed 62 out of 62 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| USAGE.md | Adds integration/customization guidance, including mutators and message signing usage. |
| settings.gradle | Adds mini-SDK/testing modules as sibling-project includes. |
| REFERENCE.md | Adds public API reference for new mutator/signing APIs and initialization semantics. |
| README.md | Links to changelog/usage/reference and documents included third-party sources. |
| CHANGELOG.md | Introduces 3.5.4 changelog entries describing new features/behavior changes. |
| approov-service/src/test/java/org/apache/http/StatusLine.java | Test stub for Apache HTTP types used by tests. |
| approov-service/src/test/java/org/apache/http/ProtocolVersion.java | Test stub for Apache HTTP protocol version. |
| approov-service/src/test/java/org/apache/http/message/BasicStatusLine.java | Test stub for Apache HTTP status line implementation. |
| approov-service/src/test/java/org/apache/http/message/BasicHttpResponse.java | Test stub for Apache HTTP response implementation. |
| approov-service/src/test/java/org/apache/http/message/BasicHeader.java | Test stub for Apache HTTP header implementation. |
| approov-service/src/test/java/org/apache/http/HttpResponse.java | Test stub for Apache HTTP response interface. |
| approov-service/src/test/java/org/apache/http/HttpEntity.java | Test stub for Apache HTTP entity interface. |
| approov-service/src/test/java/org/apache/http/Header.java | Test stub for Apache HTTP header interface. |
| approov-service/src/test/java/org/apache/http/entity/BasicHttpEntity.java | Test stub for Apache HTTP entity implementation. |
| approov-service/src/test/java/io/approov/util/sig/TestComponentProvider.java | Test component provider implementation for signature-base tests. |
| approov-service/src/test/java/io/approov/util/sig/SignatureParametersTest.java | Unit tests for signature-parameter serialization. |
| approov-service/src/test/java/io/approov/util/sig/SignatureBaseBuilderTest.java | Unit tests for signature base construction. |
| approov-service/src/test/java/io/approov/service/volley/ApproovTestSupport.java | Test utilities for resetting static state and building fixtures. |
| approov-service/src/test/java/io/approov/service/volley/ApproovServiceMiniSdkTest.java | Robolectric + mini-SDK contract tests exercising real request flow. |
| approov-service/src/test/java/io/approov/service/volley/ApproovServiceContractTest.java | Unit-level contract tests for ApproovService APIs and behaviors. |
| approov-service/src/test/java/io/approov/service/volley/ApproovHurlStackContractTest.java | Contract tests for header mutation / mutator interactions in stack. |
| approov-service/src/test/java/io/approov/service/volley/ApproovDefaultMessageSigningContractTest.java | Contract tests for signing behavior and header replacement. |
| approov-service/src/test/java/android/util/Base64.java | Test-only shim for android.util.Base64 on JVM. |
| approov-service/src/main/java/io/approov/util/sig/SignatureParameters.java | Adds signature-parameter carrier/serialization logic. |
| approov-service/src/main/java/io/approov/util/sig/SignatureBaseBuilder.java | Adds signature-base construction logic. |
| approov-service/src/main/java/io/approov/util/sig/LICENSE | Adds MIT license for adapted signature utilities. |
| approov-service/src/main/java/io/approov/util/sig/ComponentProvider.java | Adds component-provider interface for signature inputs. |
| approov-service/src/main/java/io/approov/util/http/sfv/Utils.java | Adds structured-field helper utilities. |
| approov-service/src/main/java/io/approov/util/http/sfv/Type.java | Adds SFV type interface. |
| approov-service/src/main/java/io/approov/util/http/sfv/TokenItem.java | Adds SFV token item. |
| approov-service/src/main/java/io/approov/util/http/sfv/StringItem.java | Adds SFV string item. |
| approov-service/src/main/java/io/approov/util/http/sfv/ParseException.java | Adds SFV parse exception with diagnostics. |
| approov-service/src/main/java/io/approov/util/http/sfv/Parameters.java | Adds SFV parameters container implementation. |
| approov-service/src/main/java/io/approov/util/http/sfv/Parameterizable.java | Adds SFV parameterizable contract. |
| approov-service/src/main/java/io/approov/util/http/sfv/package-info.java | Adds SFV package docs and minimal example. |
| approov-service/src/main/java/io/approov/util/http/sfv/OuterList.java | Adds SFV outer list type. |
| approov-service/src/main/java/io/approov/util/http/sfv/NumberItem.java | Adds SFV number item contract. |
| approov-service/src/main/java/io/approov/util/http/sfv/ListElement.java | Adds SFV list-element marker. |
| approov-service/src/main/java/io/approov/util/http/sfv/LICENSE | Adds Apache 2.0 license for adapted SFV utilities. |
| approov-service/src/main/java/io/approov/util/http/sfv/Item.java | Adds SFV item interface and type conversion helpers. |
| approov-service/src/main/java/io/approov/util/http/sfv/IntegerItem.java | Adds SFV integer item. |
| approov-service/src/main/java/io/approov/util/http/sfv/InnerList.java | Adds SFV inner list type. |
| approov-service/src/main/java/io/approov/util/http/sfv/DisplayStringItem.java | Adds SFV display-string item. |
| approov-service/src/main/java/io/approov/util/http/sfv/Dictionary.java | Adds SFV dictionary type. |
| approov-service/src/main/java/io/approov/util/http/sfv/DecimalItem.java | Adds SFV decimal item. |
| approov-service/src/main/java/io/approov/util/http/sfv/DateItem.java | Adds SFV date item. |
| approov-service/src/main/java/io/approov/util/http/sfv/ByteSequenceItem.java | Adds SFV byte-sequence item (binary). |
| approov-service/src/main/java/io/approov/util/http/sfv/BooleanItem.java | Adds SFV boolean item. |
| approov-service/src/main/java/io/approov/service/volley/ApproovServiceMutator.java | Introduces mutator interface + default behaviors for statuses/substitutions. |
| approov-service/src/main/java/io/approov/service/volley/ApproovService.java | Refactors init/state, adds TraceID header support, mutator pipeline, and new helpers. |
| approov-service/src/main/java/io/approov/service/volley/ApproovRequestMutations.java | Adds mutation-tracking carrier for composed mutators (e.g., signing). |
| approov-service/src/main/java/io/approov/service/volley/ApproovNetworkException.java | Deprecates network exception in favor of fetch-status exception (compat kept). |
| approov-service/src/main/java/io/approov/service/volley/ApproovFetchStatusException.java | Adds typed exception carrying SDK fetch status. |
| approov-service/src/main/java/io/approov/service/volley/ApproovException.java | Improves exception wrapping/constructors for underlying causes. |
| approov-service/src/main/java/io/approov/service/volley/ApproovDefaultMessageSigning.java | Adds Volley message signing mutator (digest + signature headers). |
| approov-service/pom.xml | Adds BouncyCastle runtime dependency for message signing publishing. |
| approov-service/build.gradle | Adds test configuration, mini-SDK test deps, and signing-related dependencies. |
| .vscode/settings.json | Adds local VS Code Java build config setting. |
| .github/workflows/build_only.yml | Removes old “build only” workflow. |
| .github/workflows/build_and_test.yml | Adds new build+test workflow with mini-SDK checkout and worker probing/redeploy. |
| .github/workflows/build_and_publish.yml | Updates publish workflow to run tests and use repo subdirectory checkout. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
added 4 commits
April 13, 2026 14:08
…o support empty-config bypass
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 62 out of 62 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 62 out of 62 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The test helpers duplicated the testing reply URL resolution including hardcoded workers.dev fallbacks, exposing the endpoints in this public repository and contradicting their removal from the CI workflow. The URLs are now obtained from the mini-sdk test controller, which already resolves the same environment variables privately. Live request tests also probe the worker once per class and convert connectivity failures into skipped assumptions so an unreachable worker no longer fails the suite. Requires core-service-layers-testing to provide AttesterProxyController.getTestingReplyURL[Unprotected]().
… stubs The android.util.Base64 stand-in ignored its flags and used the strict JDK decoder, so any future use of DEFAULT, URL_SAFE or NO_PADDING in library code would compile but silently misbehave in tests, and under Robolectric the stub can shadow the real framework class. Implement the flag semantics (wrapping, padding, alphabet, lenient decode) and the missing byte[] overloads, and explain in both places why the stubs exist and how they must be treated.
Install (ES256) signing failures skip signing and let the request proceed while account (HS256) failures abort the request; spell out the reasoning so the asymmetry is not mistaken for an oversight.
The workflow triggered on every push and on pull_request events, so any branch with an open PR built twice per push. Restrict the push trigger to main while keeping pull_request coverage for all PR branches.
The vendored structured-fields port replaced java.util.function types elsewhere because the library minSdk predates them, but Parameters still declared overrides using BiFunction/BiConsumer/Function and the API 24 Map methods. These overrides either threw UnsupportedOperationException or merely delegated, so the inherited Map default methods behave identically on devices that provide them; remove the overrides so the class no longer references API 24 types and no longer trips NewApi lint.
The .vscode/settings.json file carries a personal editor preference that does not belong in the repository.
The shadow jar is already on the compile classpath through its implementation declaration.
A remnant of the previous URL-typed parameter in substituteQueryParamInURLString.
ApproovRequestMutations exposed getAddedHeaderKeys but nothing ever populated it. The signing mutator now records the Signature, Signature-Input, Content-Digest and debug Signature-Base-Digest headers it adds so downstream hooks can see the full set of mutations.
Apache-2.0 section 4(b) asks for prominent notice of changes to redistributed files. State the upstream project, the license pointer and the modifications made during vendoring in the package documentation, and note the RFC 9651 additions the package description omitted.
The test asserts that repeated same-config initializations are each forwarded to the platform SDK, not that duplicates are ignored at the service layer.
Resolve the reply URLs from the environment first and look the mini-sdk accessors up reflectively, skipping the suite with a clear assumption message when neither source is available. This keeps the test suite compiling and green against mini-sdk revisions that predate the accessors, such as CI runs before the companion change merges.
Preserve original placeholder when getSecureString() returns null or empty, instead of injecting null into headers, query params, or URLs. Applies to header substitution, query param substitution, and URL query substitution per TESTING_REQUIREMENTS §2 Missing Artifacts Fallback.
…lish - Enable BuildConfig generation (AGP 8 default off) - Add APPROOV_SERVICE_VERSION BuildConfig field from -PapproovServiceVersion - setUserProperty now reports 'approov-service-volley/X.Y.Z' (or 'dev') - Add CHANGELOG-vs-tag validation step in publish workflow - Pass -PapproovServiceVersion to assembleRelease in CI - Bump setup-java to v5 Mirrors the pattern established in approov-service-retrofit PR #23.
The setUserProperty call now includes BuildConfig.APPROOV_SERVICE_VERSION; update the two verify() assertions to match.
Contributor
Author
|
All requested changes from the reviewer and inline Copilot comments have been addressed, verified by local tests, and resolved. |
…build_and_test workflow comments
…ped error propagation M1 — account (HS256) signing now mirrors install (ES256) and the other service layers: - catches ApproovException from getAccountMessageSignature and proceeds unsigned when the SDK cannot provide an account signature (e.g. no mksid yet); - skips signing when the account signature is empty. M2 — genuine signing failures now surface as ApproovException (a Volley AuthFailureError/VolleyError) instead of unchecked exceptions escaping ApproovHurlStack.executeRequest: - unsupported algorithm and ASN.1/DER decode failures throw ApproovException directly; - a trailing catch converts unchecked failures from shared signing code (required body digest unavailable, missing signature-base component, serialization) into ApproovException. ApproovException is checked, so the silent-fallback and explicit-throw paths are unaffected. Tests: add accountSigningSkipsGracefullyWhenAccountSignatureUnavailable, accountSigningSkipsGracefullyWhenAccountSignatureEmpty, and requiredBodyDigestFailureSurfacesAsApproovException. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #10.
Related: approov/core-project-approov#428 — Standardize Volley Service Layer & Implement Message Signing / Mutators