@W-21933885: [MSDK Android] App Attestation Implementation (Extract Challenge API Hostname)

Author: JohnsonEricAtSalesforce

libs/SalesforceSDK/src/com/salesforce/androidsdk/app/SalesforceSDKManager.kt

@@ -64,6 +64,7 @@ import androidx.compose.runtime.Composable
 import androidx.core.content.ContextCompat.RECEIVER_EXPORTED
 import androidx.core.content.ContextCompat.RECEIVER_NOT_EXPORTED
 import androidx.core.content.ContextCompat.registerReceiver
+import androidx.core.net.toUri
 import androidx.lifecycle.DefaultLifecycleObserver
 import androidx.lifecycle.LifecycleOwner
 import androidx.lifecycle.ProcessLifecycleOwner
@@ -241,13 +242,20 @@ open class SalesforceSDKManager protected constructor(
         set(value) {
             field = value
 
+            val loginHost = loginServerManager.selectedLoginServer.url.toUri().host
+            if (loginHost == null) {
+                w(javaClass.name, "Cannot initialize Salesforce App Attestation Client since the selected login server URL doesn't have a host. Authentication may malfunction.")
+                return
+            }
+
             appAttestationClient = field?.let { appAttestationGoogleCloudProjectId ->
                 AppAttestationClient(
-                    appContext,
-                    deviceId,
-                    appAttestationGoogleCloudProjectId,
-                    getBootConfig(getInstance().appContext).remoteAccessConsumerKey,
-                    clientManager.peekUnauthenticatedRestClient()
+                    context = appContext,
+                    apiHostName = loginHost,
+                    deviceId = deviceId,
+                    googleCloudProjectId = appAttestationGoogleCloudProjectId,
+                    remoteAccessConsumerKey = getBootConfig(getInstance().appContext).remoteAccessConsumerKey,
+                    restClient = clientManager.peekUnauthenticatedRestClient()
                 )
             }
         }

libs/SalesforceSDK/src/com/salesforce/androidsdk/auth/AppAttestationClient.kt

@@ -28,7 +28,6 @@ package com.salesforce.androidsdk.auth
 
 import android.content.Context
 import androidx.annotation.VisibleForTesting
-import com.google.android.gms.tasks.Task
 import com.google.android.play.core.integrity.IntegrityManagerFactory.createStandard
 import com.google.android.play.core.integrity.IntegrityServiceException
 import com.google.android.play.core.integrity.StandardIntegrityManager
@@ -51,9 +50,10 @@ import java.util.Base64
  * App attestation features supporting the Salesforce App Attestation External
  * Client App (ECA) Plugin, the Salesforce Challenge API, Google Play Integrity
  * API and integration of app attestation with Salesforce Authentication.
+ * @param apiHostName The Salesforce App Attestation Challenge API host
+ * @param deviceId The device id, usually provided by the Salesforce SDK Manager
  * @param googleCloudProjectId The Google Cloud Project ID used with Google Play
  * Integrity API
- * @param deviceId The device id, usually provided by the Salesforce SDK Manager
  * @param remoteAccessConsumerKey The Salesforce Connected App (CA) or External
  * Client App (ECA)remote access consumer key, usually provided by the boot
  * config
@@ -62,6 +62,7 @@ import java.util.Base64
  */
 class AppAttestationClient(
     context: Context,
+    val apiHostName: String,
     val deviceId: String,
     val googleCloudProjectId: Long,
     val remoteAccessConsumerKey: String,
@@ -87,26 +88,25 @@ class AppAttestationClient(
     }
 
     /**
-     * (Re-)prepares the Google Play Integrity token provider.
+     * (Re-)prepares the Google Play Integrity token provider. Calling this
+     * prior to requesting the Integrity Token via
+     * [createSalesforceOAuthAuthorizationAppAttestation] reduces the latency of
+     * the request.
      * @param integrityManager The Google Play Integrity API integrity manager.
      * This parameter is intended for testing purposes only
      */
     @VisibleForTesting
     internal fun prepareIntegrityTokenProvider(
         integrityManager: StandardIntegrityManager = this.integrityManager
-    ): Task<StandardIntegrityTokenProvider> {
-
-        // Prepare the Google Play Integrity token.  Calling this prior to requesting the Integrity Token reduces the latency of the request.
-        return integrityManager.prepareIntegrityToken(
-            PrepareIntegrityTokenRequest.builder()
-                .setCloudProjectNumber(googleCloudProjectId)
-                .build()
-        ).addOnSuccessListener(
-            ::onPrepareIntegrityTokenProviderSuccess
-        ).addOnFailureListener(
-            ::onPrepareIntegrityTokenProviderFailure
-        )
-    }
+    ) = integrityManager.prepareIntegrityToken(
+        PrepareIntegrityTokenRequest.builder()
+            .setCloudProjectNumber(googleCloudProjectId)
+            .build()
+    ).addOnSuccessListener(
+        ::onPrepareIntegrityTokenProviderSuccess
+    ).addOnFailureListener(
+        ::onPrepareIntegrityTokenProviderFailure
+    )
 
     /**
      * A success callback used by [prepareIntegrityTokenProvider].
@@ -202,7 +202,7 @@ class AppAttestationClient(
     internal fun fetchSalesforceMobileAppAttestationChallenge(): String {
         // Create the Salesforce App Attestation Challenge API client and fetch a new challenge.
         val appAttestationChallengeApiClient = AppAttestationChallengeApiClient(
-            apiHostName = "msdkappattestationtestorg.test1.my.pc-rnd.salesforce.com", // TODO: Replace with template placeholder. ECJ20260311
+            apiHostName = apiHostName,
             restClient = restClient
         )
         val salesforceAppAttestationChallenge = appAttestationChallengeApiClient.fetchChallenge(

libs/SalesforceSDK/src/com/salesforce/androidsdk/rest/AppAttestationChallengeApiClient.kt

@@ -35,7 +35,7 @@ import com.salesforce.androidsdk.rest.RestRequest.RestMethod.GET
  * See https://docs.google.com/document/d/1MGw0-dO4Q-CJLNuqYBSYKAbEUy484lpLLX20ZIvwU6Y/edit?tab=t.0
  * TODO: Replace with final documentation when available. ECJ20260311
  *
- * @param apiHostName The Salesforce `sfap_api` hostname
+ * @param apiHostName The Salesforce App Attestation Challenge API host
  * @param restClient The REST client to use
  */
 @Suppress("unused")

libs/test/SalesforceSDKTest/src/com/salesforce/androidsdk/auth/AppAttestationClientTest.kt

@@ -66,6 +66,7 @@ class AppAttestationClientTest {
         every { integrityManager.prepareIntegrityToken(any()) } returns integrityTokenProviderTask
 
         val appAttestationClient = AppAttestationClient(
+            apiHostName = "login.example.com",
             context = context,
             deviceId = deviceId,
             googleCloudProjectId = googleCloudProjectId,
@@ -98,6 +99,7 @@ class AppAttestationClientTest {
         val integrityTokenProvider = mockk<StandardIntegrityTokenProvider>(relaxed = true)
 
         val appAttestationClient = AppAttestationClient(
+            apiHostName = "login.example.com",
             context = context,
             deviceId = deviceId,
             googleCloudProjectId = googleCloudProjectId,
@@ -122,6 +124,7 @@ class AppAttestationClientTest {
         val restClient = mockk<RestClient>(relaxed = true)
 
         val appAttestationClient = AppAttestationClient(
+            apiHostName = "login.example.com",
             context = context,
             deviceId = deviceId,
             googleCloudProjectId = googleCloudProjectId,
@@ -161,6 +164,7 @@ class AppAttestationClientTest {
         every { integrityTokenProvider.request(any()) } returns integrityTokenTask
 
         val appAttestationClient = AppAttestationClient(
+            apiHostName = "login.example.com",
             context = context,
             deviceId = deviceId,
             googleCloudProjectId = googleCloudProjectId,
@@ -209,6 +213,7 @@ class AppAttestationClientTest {
         every { integrityManager.prepareIntegrityToken(any()) } returns integrityTokenProviderTask
 
         val appAttestationClient = AppAttestationClient(
+            apiHostName = "login.example.com",
             context = context,
             deviceId = deviceId,
             googleCloudProjectId = googleCloudProjectId,