@W-21933885: [MSDK Android] App Attestation Implementation (Increase Test Code Coverage For AppAttestationClient)

Author: JohnsonEricAtSalesforce

libs/SalesforceSDK/src/com/salesforce/androidsdk/auth/AppAttestationClient.kt

@@ -54,6 +54,9 @@ import java.util.Base64
  * @param deviceId The device id, usually provided by the Salesforce SDK Manager
  * @param googleCloudProjectId The Google Cloud Project ID used with Google Play
  * Integrity API
+ * @param integrityManager The Google Play App Integrity API Integrity Manager.
+ * This parameter is intended for testing purposes only. Defaults to a new
+ * instance
  * @param remoteAccessConsumerKey The Salesforce Connected App (CA) or External
  * Client App (ECA)remote access consumer key, usually provided by the boot
  * config
@@ -65,13 +68,11 @@ class AppAttestationClient(
     val apiHostName: String,
     val deviceId: String,
     val googleCloudProjectId: Long,
+    val integrityManager: StandardIntegrityManager = createStandard(context),
     val remoteAccessConsumerKey: String,
-    val restClient: RestClient
+    val restClient: RestClient,
 ) {
 
-    /** The Google Play Integrity Manager and Token Provider */
-    private val integrityManager = createStandard(context)
-
 
     /** The Google Play Integrity API Token Provider */
     @VisibleForTesting
@@ -92,13 +93,9 @@ class AppAttestationClient(
      * prior to requesting the Integrity Token via
      * [createSalesforceOAuthAuthorizationAppAttestation] reduces the latency of
      * the request.
-     * @param integrityManager The Google Play Integrity API integrity manager.
-     * This parameter is intended for testing purposes only
      */
     @VisibleForTesting
-    internal fun prepareIntegrityTokenProvider(
-        integrityManager: StandardIntegrityManager = this.integrityManager
-    ) = integrityManager.prepareIntegrityToken(
+    internal fun prepareIntegrityTokenProvider() = integrityManager.prepareIntegrityToken(
         PrepareIntegrityTokenRequest.builder()
             .setCloudProjectNumber(googleCloudProjectId)
             .build()
@@ -133,19 +130,17 @@ class AppAttestationClient(
      * fetched using the "Challenge" as the Request Hash. The resulting token is
      * encoded into a value usable as the "attestation" parameter in the
      * Salesforce OAuth authorization request.
-     * @param integrityManager The Google Play Integrity API integrity manager.
-     * This parameter is intended for testing purposes only
      * @param integrityTokenProvider The Google Play App Integrity API Integrity
      * Token Provider.  This parameter is intended for testing purposes only
      * @return The "attestation" value usable in Salesforce OAuth authorization
      * and token refresh requests or null if the value cannot be created
      */
     suspend fun createSalesforceOAuthAuthorizationAppAttestation(
-        integrityManager: StandardIntegrityManager = this.integrityManager,
+        // TODO: Coverage needed. ECJ20260416
         integrityTokenProvider: StandardIntegrityTokenProvider? = this.integrityTokenProvider,
     ): String? {
         // Guard to ensure the Google Play Integrity API Integrity Provider was asynchronously resolved or do so synchronously now
-        val integrityTokenProviderResolved = integrityTokenProvider ?: prepareIntegrityTokenProvider(integrityManager).result
+        val integrityTokenProviderResolved = integrityTokenProvider ?: prepareIntegrityTokenProvider().result
 
         // Fetch the Salesforce Mobile App Attestation Challenge.
         val salesforceAppAttestationChallenge = fetchSalesforceMobileAppAttestationChallenge()
@@ -179,9 +174,9 @@ class AppAttestationClient(
             ).toBase64String()
         }.getOrElse { e ->
             // If the Google Play Integrity API failed due to the Integrity Token Provider being expired, re-prepare it once for an inline retry.
+            // TODO: Coverage needed. ECJ20260416
             if ((e as? IntegrityServiceException)?.errorCode == INTEGRITY_TOKEN_PROVIDER_INVALID) {
                 createSalesforceOAuthAuthorizationAppAttestation(
-                    integrityManager = integrityManager,
                     integrityTokenProvider = null
                 )
             } else {
@@ -195,6 +190,7 @@ class AppAttestationClient(
      * [createSalesforceOAuthAuthorizationAppAttestation]
      */
     @JvmName("createSalesforceOAuthAuthorizationAppAttestationBlocking")
+    // TODO: Coverage needed. ECJ20260416
     fun createSalesforceOAuthAuthorizationAppAttestationBlocking() = runBlocking { createSalesforceOAuthAuthorizationAppAttestation() }
 
     /**

libs/test/SalesforceSDKTest/src/com/salesforce/androidsdk/auth/AppAttestationClientTest.kt

@@ -34,6 +34,7 @@ import com.google.android.play.core.integrity.StandardIntegrityManager
 import com.google.android.play.core.integrity.StandardIntegrityManager.StandardIntegrityToken
 import com.google.android.play.core.integrity.StandardIntegrityManager.StandardIntegrityTokenProvider
 import com.google.android.play.core.integrity.model.StandardIntegrityErrorCode.INTEGRITY_TOKEN_PROVIDER_INVALID
+import com.google.android.play.core.integrity.model.StandardIntegrityErrorCode.INTERNAL_ERROR
 import com.salesforce.androidsdk.rest.RestClient
 import com.salesforce.androidsdk.rest.RestResponse
 import io.mockk.coEvery
@@ -45,6 +46,7 @@ import kotlinx.coroutines.ExperimentalCoroutinesApi
 import kotlinx.coroutines.tasks.await
 import kotlinx.coroutines.test.advanceUntilIdle
 import kotlinx.coroutines.test.runTest
+import kotlinx.serialization.json.Json
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertNull
 import org.junit.Test
@@ -68,19 +70,16 @@ class AppAttestationClientTest {
         val integrityManager = mockk<StandardIntegrityManager>(relaxed = true)
         every { integrityManager.prepareIntegrityToken(any()) } returns integrityTokenProviderTask
 
-        val appAttestationClient = AppAttestationClient(
+        AppAttestationClient(
             apiHostName = "login.example.com",
             context = context,
             deviceId = deviceId,
             googleCloudProjectId = googleCloudProjectId,
+            integrityManager = integrityManager,
             remoteAccessConsumerKey = remoteAccessConsumerKey,
             restClient = restClient
         )
 
-        appAttestationClient.prepareIntegrityTokenProvider(
-            integrityManager = integrityManager
-        )
-
         verify(exactly = 1) {
             integrityManager.prepareIntegrityToken(match {
                 it.toString().contains("cloudProjectNumber=654321")
@@ -175,6 +174,9 @@ class AppAttestationClientTest {
             restClient = restClient
         )
 
+        // TODO: Consider refactoring this statement once it proves coverage for AppAttestationClient#145 ECJ20260416
+//        appAttestationClient.createSalesforceOAuthAuthorizationAppAttestation() // TODO: This won't run without mocks. ECJ20260416
+
         val result = appAttestationClient.createSalesforceOAuthAuthorizationAppAttestation(
             integrityTokenProvider = integrityTokenProvider
         )
@@ -229,12 +231,12 @@ class AppAttestationClientTest {
             context = context,
             deviceId = deviceId,
             googleCloudProjectId = googleCloudProjectId,
+            integrityManager = integrityManager,
             remoteAccessConsumerKey = remoteAccessConsumerKey,
-            restClient = restClient
+            restClient = restClient,
         )
 
         val result = appAttestationClient.createSalesforceOAuthAuthorizationAppAttestation(
-            integrityManager = integrityManager,
             integrityTokenProvider = throwingIntegrityTokenProvider
         )
 
@@ -243,6 +245,65 @@ class AppAttestationClientTest {
         assertEquals("eyJhdHRlc3RhdGlvbklkIjoiMTIzNDU2IiwiYXR0ZXN0YXRpb25EYXRhIjoiWDE5VVJWTlVYMGxPVkVWSFVrbFVXVjlVVDB0RlRsOWYifQ==", result)
     }
 
+    @OptIn(ExperimentalCoroutinesApi::class)
+    @Test
+    fun appAttestationClient_createSalesforceOAuthAuthorizationAppAttestationThrowingForUnknownIntegrityServiceException_returnsSuccessfully() = runTest {
+
+        val context = mockk<Context>(relaxed = true)
+        val deviceId = "123456"
+        val googleCloudProjectId = 654321L
+        val remoteAccessConsumerKey = "13579"
+        val restResponse = mockk<RestResponse>(relaxed = true)
+        every { restResponse.asString() } returns "__TEST_CHALLENGE_VALUE__"
+        every { restResponse.isSuccess } returns true
+        val restClient = mockk<RestClient>(relaxed = true)
+        every { restClient.sendSync(any()) } returns restResponse
+
+        val integrityToken = mockk<StandardIntegrityToken>(relaxed = true)
+        every { integrityToken.token() } returns "__TEST_INTEGRITY_TOKEN__"
+        val throwingIntegrityTokenTask = mockk<Task<StandardIntegrityToken>>(relaxed = true)
+        every { throwingIntegrityTokenTask.addOnFailureListener(any()) } returns throwingIntegrityTokenTask
+        every { throwingIntegrityTokenTask.getResult() } returns integrityToken
+        mockkStatic("kotlinx.coroutines.tasks.TasksKt")
+        val integrityServiceException = mockk<IntegrityServiceException>(relaxed = true)
+        every { integrityServiceException.errorCode } returns INTERNAL_ERROR
+        coEvery { throwingIntegrityTokenTask.await() } throws integrityServiceException
+        val throwingIntegrityTokenProvider = mockk<StandardIntegrityTokenProvider>(relaxed = true)
+        every { throwingIntegrityTokenProvider.request(any()) } returns throwingIntegrityTokenTask
+
+        val successfulIntegrityTokenTask = mockk<Task<StandardIntegrityToken>>(relaxed = true)
+        every { successfulIntegrityTokenTask.addOnFailureListener(any()) } returns successfulIntegrityTokenTask
+        every { successfulIntegrityTokenTask.getResult() } returns integrityToken
+        coEvery { successfulIntegrityTokenTask.await() } returns integrityToken
+        val successfulIntegrityTokenProvider = mockk<StandardIntegrityTokenProvider>(relaxed = true)
+        every { successfulIntegrityTokenProvider.request(any()) } returns successfulIntegrityTokenTask
+
+        val integrityTokenProviderTask = mockk<Task<StandardIntegrityTokenProvider>>(relaxed = true)
+        every { integrityTokenProviderTask.addOnSuccessListener(any()) } returns integrityTokenProviderTask
+        every { integrityTokenProviderTask.addOnFailureListener(any()) } returns integrityTokenProviderTask
+        coEvery { integrityTokenProviderTask.result } returns successfulIntegrityTokenProvider
+        val integrityManager = mockk<StandardIntegrityManager>(relaxed = true)
+        every { integrityManager.prepareIntegrityToken(any()) } returns integrityTokenProviderTask
+
+        val appAttestationClient = AppAttestationClient(
+            apiHostName = "login.example.com",
+            context = context,
+            deviceId = deviceId,
+            googleCloudProjectId = googleCloudProjectId,
+            integrityManager = integrityManager,
+            remoteAccessConsumerKey = remoteAccessConsumerKey,
+            restClient = restClient,
+        )
+
+        val result = appAttestationClient.createSalesforceOAuthAuthorizationAppAttestation(
+            integrityTokenProvider = throwingIntegrityTokenProvider
+        )
+
+        advanceUntilIdle()
+
+        assertNull(result)
+    }
+
     @OptIn(ExperimentalCoroutinesApi::class)
     @Test
     fun appAttestationClient_createSalesforceOAuthAuthorizationAppAttestationThrowingUnknownException_returnsNull() = runTest {
@@ -286,12 +347,12 @@ class AppAttestationClientTest {
             context = context,
             deviceId = deviceId,
             googleCloudProjectId = googleCloudProjectId,
+            integrityManager = integrityManager,
             remoteAccessConsumerKey = remoteAccessConsumerKey,
-            restClient = restClient
+            restClient = restClient,
         )
 
         val result = appAttestationClient.createSalesforceOAuthAuthorizationAppAttestation(
-            integrityManager = integrityManager,
             integrityTokenProvider = throwingIntegrityTokenProvider
         )
 
@@ -337,17 +398,77 @@ class AppAttestationClientTest {
             context = context,
             deviceId = deviceId,
             googleCloudProjectId = googleCloudProjectId,
+            integrityManager = integrityManager,
             remoteAccessConsumerKey = remoteAccessConsumerKey,
-            restClient = restClient
+            restClient = restClient,
         )
 
         val result = appAttestationClient.createSalesforceOAuthAuthorizationAppAttestation(
-            integrityManager = integrityManager,
             integrityTokenProvider = null
         )
 
         advanceUntilIdle()
 
         assertEquals("eyJhdHRlc3RhdGlvbklkIjoiMTIzNDU2IiwiYXR0ZXN0YXRpb25EYXRhIjoiWDE5VVJWTlVYMGxPVkVWSFVrbFVXVjlVVDB0RlRsOWYifQ==", result)
     }
+
+    @OptIn(ExperimentalCoroutinesApi::class)
+    @Test
+    fun appAttestationClient_createSalesforceOAuthAuthorizationAppAttestationBlocking_returnsSuccessfully() = runTest {
+
+        val context = mockk<Context>(relaxed = true)
+        val deviceId = "123456"
+        val googleCloudProjectId = 654321L
+        val remoteAccessConsumerKey = "13579"
+        val restResponse = mockk<RestResponse>(relaxed = true)
+        every { restResponse.asString() } returns "__TEST_CHALLENGE_VALUE__"
+        every { restResponse.isSuccess } returns true
+        val restClient = mockk<RestClient>(relaxed = true)
+        every { restClient.sendSync(any()) } returns restResponse
+
+        val integrityToken = mockk<StandardIntegrityToken>(relaxed = true)
+        every { integrityToken.token() } returns "__TEST_INTEGRITY_TOKEN__"
+        val integrityTokenTask = mockk<Task<StandardIntegrityToken>>(relaxed = true)
+        every { integrityTokenTask.addOnFailureListener(any()) } returns integrityTokenTask
+        every { integrityTokenTask.getResult() } returns integrityToken
+        mockkStatic("kotlinx.coroutines.tasks.TasksKt")
+        coEvery { integrityTokenTask.await() } returns integrityToken
+        val integrityTokenProvider = mockk<StandardIntegrityTokenProvider>(relaxed = true)
+        every { integrityTokenProvider.request(any()) } returns integrityTokenTask
+
+        val integrityTokenProviderTask = mockk<Task<StandardIntegrityTokenProvider>>(relaxed = true)
+        every { integrityTokenProviderTask.addOnSuccessListener(any()) } returns integrityTokenProviderTask
+        every { integrityTokenProviderTask.addOnFailureListener(any()) } returns integrityTokenProviderTask
+        coEvery { integrityTokenProviderTask.result } returns integrityTokenProvider
+        val integrityManager = mockk<StandardIntegrityManager>(relaxed = true)
+        every { integrityManager.prepareIntegrityToken(any()) } returns integrityTokenProviderTask
+
+        val appAttestationClient = AppAttestationClient(
+            apiHostName = "login.example.com",
+            context = context,
+            deviceId = deviceId,
+            googleCloudProjectId = googleCloudProjectId,
+            integrityManager = integrityManager,
+            remoteAccessConsumerKey = remoteAccessConsumerKey,
+            restClient = restClient
+        )
+
+        val result = appAttestationClient.createSalesforceOAuthAuthorizationAppAttestationBlocking()
+
+        advanceUntilIdle()
+
+        assertEquals("eyJhdHRlc3RhdGlvbklkIjoiMTIzNDU2IiwiYXR0ZXN0YXRpb25EYXRhIjoiWDE5VVJWTlVYMGxPVkVWSFVrbFVXVjlVVDB0RlRsOWYifQ==", result)
+    }
+
+    @Test
+    fun oAuthAuthorizationAttestationData_encode_returnsSuccessfully() {
+
+        val result = Json.decodeFromString(
+            OAuthAuthorizationAttestation.serializer(),
+            "{ \"attestationId\": \"123456\", \"attestationData\": \"W19VVlJTVVhNbExPVkVWSFVrbFVXVjlVVDB0RlRsOWYifQ==\" }"
+        )
+
+        assertEquals("123456", result.attestationId)
+        assertEquals("W19VVlJTVVhNbExPVkVWSFVrbFVXVjlVVDB0RlRsOWYifQ==", result.attestationData)
+    }
 }