approov · charlesoj6205 · Apr 16, 2026 · Apr 20, 2026 · Apr 20, 2026 · Apr 20, 2026
diff --git a/approov-service/build.gradle b/approov-service/build.gradle
@@ -15,8 +15,8 @@ android {
     compileSdkVersion 30
 
     defaultConfig {
-        minSdkVersion 21
-        targetSdkVersion 28
+        minSdkVersion 23
+        targetSdkVersion 34
     }
 
     buildTypes {
@@ -34,5 +34,8 @@ android {
 dependencies {
     implementation 'com.squareup.okhttp3:okhttp:4.12.0'
     implementation 'io.approov:approov-android-sdk:3.5.1'
+
+    // Bouncycastle for ASN.1 parsing
+    implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
 }
 
diff --git a/...v-service/src/main/java/io/approov/service/httpsurlconn/ApproovDefaultMessageSigning.java b/...v-service/src/main/java/io/approov/service/httpsurlconn/ApproovDefaultMessageSigning.java
diff --git a/...ov-service/src/main/java/io/approov/service/httpsurlconn/ApproovFetchStatusException.java b/...ov-service/src/main/java/io/approov/service/httpsurlconn/ApproovFetchStatusException.java
@@ -0,0 +1,48 @@
+//
+// MIT License
+//
+// Copyright (c) 2016-present, Approov Ltd.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files
+// (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge,
+// publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
+// subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
+// ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH
+// THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+package io.approov.service.httpsurlconn;
+
+import com.criticalblue.approovsdk.Approov;
+
+/**
+ * Exception raised when an Approov token fetch returns a status other than success.
+ */
+public class ApproovFetchStatusException extends ApproovException {
+
+    private final Approov.TokenFetchStatus tokenFetchStatus;
+
+    /**
+     * Constructs a token fetch status exception with the provided status.
+     *
+     * @param status status returned by the Approov SDK, may be {@code null} if unavailable
+     * @param message information describing the exception cause
+     */
+    public ApproovFetchStatusException(Approov.TokenFetchStatus status, String message) {
+        super(message);
+        this.tokenFetchStatus = status;
+    }
+
+    /**
+     * Retrieves the token fetch status associated with this exception.
+     *
+     * @return the status returned by the Approov SDK, or {@code null} if not provided
+     */
+    public Approov.TokenFetchStatus getTokenFetchStatus() {
+        return tokenFetchStatus;
+    }
+}
diff --git a/...v-service/src/main/java/io/approov/service/httpsurlconn/ApproovInterceptorExtensions.java b/...v-service/src/main/java/io/approov/service/httpsurlconn/ApproovInterceptorExtensions.java
@@ -0,0 +1,59 @@
+//
+// MIT License
+// 
+// Copyright (c) 2016-present, Approov Ltd.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files
+// (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge,
+// publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
+// subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
+// ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH
+// THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+package io.approov.service.httpsurlconn;
+
+import java.net.URL;
+import java.net.HttpURLConnection;
+
+import javax.net.ssl.HttpsURLConnection;
+
+/**
+ * ApproovInterceptorExtensions provides an interface for handling callbacks during
+ * the processing of network requests by Approov. It allows further modifications
+ * to requests after Approov has applied its changes.
+ *
+ * @deprecated Replace implementations of this interface with ApproovServiceMutator
+ * while changing the name of the ApproovInterceptorExtensions.processedRequest
+ * method to ApproovServiceMutator.handleInterceptorProcessedRequest.
+ */
+@Deprecated
+public interface ApproovInterceptorExtensions extends ApproovServiceMutator{
+
+    /**
+     * Replace the default implementation of ApproovServiceMutator.handleInterceptorProcessedRequest
+     * to call the now deprecated ApproovInterceptorExtensions.processedRequest method. 
+     *
+     * @param request the processed request
+     * @param changes the mutations applied to the request by Approov
+     * @return the final request to use to complete the Approov interceptor step.
+     * @throws ApproovException if there is an error during processing
+     */
+    default HttpsURLConnection handleInterceptorProcessedRequest(HttpsURLConnection request, ApproovRequestMutations changes) throws ApproovException {
+        // call the deprecated method to maintain backwards compatibility
+        return processedRequest(request, changes);
+    }
+
+    /**
+     * @deprecated Use ApproovServiceMutator.handleInterceptorProcessedRequest instead.
+     */
+    @Deprecated
+    default HttpsURLConnection processedRequest(HttpsURLConnection request, ApproovRequestMutations changes) throws ApproovException {
+        // No further changes to the request are required
+        return request;
+    }
+}
diff --git a/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovNetworkException.java b/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovNetworkException.java
@@ -17,9 +17,13 @@
 
 package io.approov.service.httpsurlconn;
 
+import com.criticalblue.approovsdk.Approov;
+
 // ApproovNetworkException indicates an exception caused by networking conditions which is likely to be
 // temporary so a user initiated retry should be performed
+
 public class ApproovNetworkException extends ApproovException {
+    private final Approov.TokenFetchStatus tokenFetchStatus;
 
     /**
      * Constructs an Approov networking exception.
@@ -28,5 +32,15 @@ public class ApproovNetworkException extends ApproovException {
      */
     public ApproovNetworkException(String message) {
         super(message);
+        this.tokenFetchStatus = null;
+    }
+
+    public ApproovNetworkException(Approov.TokenFetchStatus status, String message) {
+        super(message);
+        this.tokenFetchStatus = status;
+    }
+
+    public Approov.TokenFetchStatus getTokenFetchStatus() {
+        return tokenFetchStatus;
     }
 }
diff --git a/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovRequestMutations.java b/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovRequestMutations.java
@@ -0,0 +1,116 @@
+//
+// MIT License
+// 
+// Copyright (c) 2016-present, Approov Ltd.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files
+// (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge,
+// publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
+// subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
+// ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH
+// THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+package io.approov.service.httpsurlconn;
+
+import java.util.List;
+
+/**
+ * ApproovRequestMutations stores information about changes made to a network request
+ * during Approov processing, such as token headers, substituted headers, and query parameters.
+ */
+public class ApproovRequestMutations {
+    private String tokenHeaderKey;
+    private List<String> substitutionHeaderKeys;
+    private String originalURL;
+    private List<String> substitutionQueryParamKeys;
+    private String traceIDHeaderKey;
+
+
+    /**
+     * Gets the header key used for the Approov token.
+     *
+     * @return the Approov token header key
+     */
+    public String getTokenHeaderKey() {
+        return tokenHeaderKey;
+    }
+
+    /**
+     * Sets the header key used for the Approov token.
+     *
+     * @param tokenHeaderKey the Approov token header key
+     */
+    public void setTokenHeaderKey(String tokenHeaderKey) {
+        this.tokenHeaderKey = tokenHeaderKey;
+    }
+
+    /**
+     * Gets the list of headers that were substituted with secure strings.
+     *
+     * @return the list of substituted header keys
+     */
+    public List<String> getSubstitutionHeaderKeys() {
+        return substitutionHeaderKeys;
+    }
+
+    /**
+     * Sets the list of headers that were substituted with secure strings.
+     *
+     * @param substitutionHeaderKeys the list of substituted header keys
+     */
+    public void setSubstitutionHeaderKeys(List<String> substitutionHeaderKeys) {
+        this.substitutionHeaderKeys = substitutionHeaderKeys;
+    }
+
+    /**
+     * Gets the original URL before any query parameter substitutions.
+     *
+     * @return the original URL
+     */
+    public String getOriginalURL() {
+        return originalURL;
+    }
+
+    /**
+     * Gets the list of query parameter keys that were substituted with secure strings.
+     *
+     * @return the list of substituted query parameter keys
+     */
+    public List<String> getSubstitutionQueryParamKeys() {
+        return substitutionQueryParamKeys;
+    }
+
+    /**
+     * Sets the results of query parameter substitutions, including the original URL and the keys of substituted parameters.
+     *
+     * @param originalURL the original URL before substitutions
+     * @param substitutionQueryParamKeys the list of substituted query parameter keys
+     */
+    public void setSubstitutionQueryParamResults(String originalURL, List<String> substitutionQueryParamKeys) {
+        this.originalURL = originalURL;
+        this.substitutionQueryParamKeys = substitutionQueryParamKeys;
+    }
+
+    /**
+     * Gets the header key used for the optional Approov TraceID debug header.
+     *
+     * @return the Approov TraceID header key. Null if the TraceID header was not used.
+     */
+    public String getTraceIDHeaderKey() {
+        return traceIDHeaderKey;
+    }
+
+    /**
+     * Sets the header key used for the optional Approov TraceID debug header.
+     *
+     * @param traceIDHeaderKey the Approov TraceID header key
+     */
+    public void setTraceIDHeaderKey(String traceIDHeaderKey) {
+        this.traceIDHeaderKey = traceIDHeaderKey;
+    }
+}