From 4b685ffd7d477c09c34768f02d384810068cd2e2 Mon Sep 17 00:00:00 2001
From: ivo liondov <ivoliondov@Sanctuary.local>
Date: Fri, 26 Dec 2025 14:25:39 +0000
Subject: [PATCH 1/3] Add getLastARC method to return arc code from SDK; add
 setInstallAttrsInToken method from SDK

---
 .../service/httpsurlconn/ApproovService.java  | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovService.java b/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovService.java
index 1b36515..2983129 100644
--- a/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovService.java
+++ b/approov-service/src/main/java/io/approov/service/httpsurlconn/ApproovService.java
@@ -516,6 +516,74 @@ else if (approovResults.getStatus() != Approov.TokenFetchStatus.SUCCESS)
         return approovResults.getToken();
     }
 
+    /**
+     * Gets the last ARC (Attestation Response Code) code.
+     *
+     * Always resolves with a string (ARC or empty string).
+     * NOTE: You MUST only call this method upon succesfull attestation completion. Any networking
+     * errors returned from the service layer will not return a meaningful ARC code if the method is called!!!
+     * @return String ARC from last attestation request or empty string if network unavailable
+     */
+    public static String getLastARC() {
+        // Get the dynamic pins from Approov
+        Map<String, List<String>> approovPins = Approov.getPins("public-key-sha256");
+        if (approovPins == null || approovPins.isEmpty()) {
+            Log.e(TAG, "ApproovService: no host pinning information available");
+            return "";
+        }
+        // The approovPins contains a map of hostnames to pin strings. Skip '*' and use another hostname if available.
+        String hostname = null;
+        for (String key : approovPins.keySet()) {
+            if (!"*".equals(key)) {
+                hostname = key;
+                break;
+            }
+        }
+        if (hostname != null) {
+            try {
+                Approov.TokenFetchResult result = Approov.fetchApproovTokenAndWait(hostname);
+                if (result.getToken() != null && !result.getToken().isEmpty()) {
+                    String arc = result.getARC();
+                    if (arc != null) {
+                        return arc;
+                    }
+                }
+                Log.i(TAG, "ApproovService: ARC code unavailable");
+                return "";
+            } catch (Exception e) {
+                Log.e(TAG, "ApproovService: error fetching ARC", e);
+                return "";
+            }
+        } else {
+            Log.i(TAG, "ApproovService: ARC code unavailable");
+            return "";
+        }
+    }
+
+    /**
+     * Sets an install attributes token to be sent to the server and associated with this particular
+     * app installation for future Approov token fetches. The token must be signed, within its
+     * expiry time and bound to the correct device ID for it to be accepted by the server.
+     * Calling this method ensures that the next call to fetch an Approov
+     * token will not use a cached version, so that this information can be transmitted to the server.
+     *
+     * @param attrs is the signed JWT holding the new install attributes
+     * @return void
+     * @throws ApproovException if the attrs parameter is invalid or the SDK is not initialized
+     */
+    public static void setInstallAttrsInToken(String attrs) throws ApproovException {
+        try {
+            Approov.setInstallAttrsInToken(attrs);
+            Log.d(TAG, "setInstallAttrsInToken");
+        } catch (IllegalArgumentException e) {
+            Log.e(TAG, "setInstallAttrsInToken failed with IllegalArgument: " + e.getMessage());
+            throw new ApproovException("setInstallAttrsInToken: " + e.getMessage());
+        } catch (IllegalStateException e) {
+            Log.e(TAG, "setInstallAttrsInToken failed with IllegalState: " + e.getMessage());
+            throw new ApproovException("setInstallAttrsInToken: " + e.getMessage());
+        }
+    }
+
     /**
      * Adds Approov to the given connection. The Approov token is added in a header and this
      * also overrides the HostnameVerifier with something that pins the connections. If a

From e26d554200cb4a4ad56f5d81670822f63f010c3d Mon Sep 17 00:00:00 2001
From: ivo liondov <ivoliondov@Sanctuary.local>
Date: Fri, 26 Dec 2025 14:26:41 +0000
Subject: [PATCH 2/3] Use latest platform SDK 3.5.5

---
 approov-service/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/approov-service/pom.xml b/approov-service/pom.xml
index 0f8933a..8e9d67b 100644
--- a/approov-service/pom.xml
+++ b/approov-service/pom.xml
@@ -40,7 +40,7 @@
     <dependency>
         <groupId>io.approov</groupId>
         <artifactId>approov-android-sdk</artifactId>
-        <version>3.5.1</version>
+        <version>3.5.3</version>
         <scope>runtime</scope>
     </dependency>
 </dependencies>

From c09cf2188962a6b1659185ebad11b1ce879c9cd1 Mon Sep 17 00:00:00 2001
From: ivo liondov <ivoliondov@Sanctuary.local>
Date: Fri, 26 Dec 2025 14:27:32 +0000
Subject: [PATCH 3/3] Automatically publish artifacts to maven

---
 .maven/maven-publish.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.maven/maven-publish.sh b/.maven/maven-publish.sh
index 96241c4..8ff385c 100755
--- a/.maven/maven-publish.sh
+++ b/.maven/maven-publish.sh
@@ -29,4 +29,4 @@ curl --request POST \
   --verbose \
   --header "Authorization: Bearer ${MAVEN_CREDENTIALS}" \
   --form "bundle=@${BODY_ARTIFACT}" \
-  "https://central.sonatype.com/api/v1/publisher/upload?publishingType=USER_MANAGED&name=service.httpsurlconn"
+  "https://central.sonatype.com/api/v1/publisher/upload?publishingType=AUTOMATIC&name=service.httpsurlconn"