Implement message signing for Flutter

.gitignore

@@ -3,3 +3,10 @@
 .gradle
 .dart_tool
 pubspec.lock
+.idea
+android/local.properties
+android/build/
+AGENTS.md
+build/
+# Exclude .json test files used for testing only. 
+test/third_party/structured_field_tests/ 

README.md

@@ -3,3 +3,15 @@
 A wrapper for the iOS [Approov SDK](https://github.com/approov/approov-ios-sdk) and Android [Approov SDK](https://github.com/approov/approov-android-sdk) to enable easy integration when using [`Flutter`](https://flutter.dev) for making the API calls that you wish to protect with Approov. In order to use this you will need a trial or paid [Approov](https://www.approov.io) account.
 
 See the [Quickstart](https://github.com/approov/quickstart-flutter-httpclient) for usage instructions.
+
+## Structured Field Compliance Tests
+
+The HTTP message signing implementation relies on Structured Field values, so we vendor the official [httpwg/structured-field-tests](https://github.com/httpwg/structured-field-tests) fixtures for full test coverage.
+
+Clone the [httpwg/structured-field-tests](https://github.com/httpwg/structured-field-tests), copy the `.json`, `README.md`, `LICENSE.md`, and `serialisation-tests/` assets into `test/third_party/structured_field_tests`, and then run the following to execute the conformance suite:
+
+```
+flutter test test/structured_fields_conformance_test.dart
+```
+
+The harness focuses on serialization/canonicalization (parsing is not implemented in this package). All JSON fixtures (including `can_fail` advisories and the serialisation edge cases) are exercised; multi-value field inputs are normalised using the HTTP list concatenation rules so they can be compared against the single-value serializer APIs in this package.

android/build.gradle

@@ -4,18 +4,17 @@ version '1.0'
 buildscript {
     repositories {
         google()
-        jcenter()
+        mavenCentral()
     }
 
     dependencies {
-        classpath 'com.android.tools.build:gradle:3.5.0'
+        classpath 'com.android.tools.build:gradle:8.5.0'
     }
 }
 
 rootProject.allprojects {
     repositories {
         google()
-        jcenter()
         mavenCentral()
     }
 }
@@ -25,18 +24,18 @@ apply plugin: 'com.android.library'
 android {
     namespace 'com.criticalblue.approov_service_flutter_httpclient'
 
-    compileSdkVersion 29
+    compileSdk 34
 
     defaultConfig {
-        minSdkVersion 19
+        minSdk 21
     }
-    lintOptions {
+    lint {
         disable 'InvalidPackage'
     }
 
     compileOptions {
-        sourceCompatibility JavaVersion.VERSION_1_8
-        targetCompatibility JavaVersion.VERSION_1_8
+        sourceCompatibility JavaVersion.VERSION_11
+        targetCompatibility JavaVersion.VERSION_11
     }
 }
 

android/gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,6 @@
+#Thu Oct 16 13:35:42 BST 2025
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.2-all.zip

android/src/main/java/com/criticalblue/approov_service_flutter_httpclient/ApproovHttpClientPlugin.java

@@ -341,6 +341,27 @@ public void onMethodCall(@NonNull MethodCall call, @NonNull Result result) {
       } catch(Exception e) {
         result.error("Approov.getMessageSignature", e.getLocalizedMessage(), null);
       }
+    } else if (call.method.equals("getAccountMessageSignature")) {
+      try {
+        String messageSignature = Approov.getAccountMessageSignature((String) call.argument("message"));
+        result.success(messageSignature);
+      } catch (NoSuchMethodError e) {
+        try {
+          String messageSignature = Approov.getMessageSignature((String) call.argument("message"));
+          result.success(messageSignature);
+        } catch(Exception inner) {
+          result.error("Approov.getAccountMessageSignature", inner.getLocalizedMessage(), null);
+        }
+      } catch(Exception e) {
+        result.error("Approov.getAccountMessageSignature", e.getLocalizedMessage(), null);
+      }
+    } else if (call.method.equals("getInstallMessageSignature")) {
+      try {
+        String messageSignature = Approov.getInstallMessageSignature((String) call.argument("message"));
+        result.success(messageSignature);
+      } catch(Exception e) {
+        result.error("Approov.getInstallMessageSignature", e.getLocalizedMessage(), null);
+      }
     } else if (call.method.equals("setUserProperty")) {
       try {
         Approov.setUserProperty(call.argument("property"));

devtools_options.yaml

@@ -0,0 +1,3 @@
+description: This file stores settings for Dart & Flutter DevTools.
+documentation: https://docs.flutter.dev/tools/devtools/extensions#configure-extension-enablement-states
+extensions:

ios/Classes/ApproovHttpClientPlugin.m

@@ -471,8 +471,37 @@ - (void)handleMethodCall:(FlutterMethodCall *)call result:(FlutterResult)result
     } else if ([@"setDevKey" isEqualToString:call.method]) {
         [Approov setDevKey:call.arguments[@"devKey"]];
         result(nil);
-    } else if ([@"getMessageSignature" isEqualToString:call.method]) {
+  } else if ([@"getMessageSignature" isEqualToString:call.method]) {
+    @try {
+      result([Approov getMessageSignature:call.arguments[@"message"]]);
+    }
+    @catch (NSException *exception) {
+      result([FlutterError errorWithCode:@"Approov.getMessageSignature"
+                                 message:exception.reason
+                                 details:nil]);
+    }
+  } else if ([@"getAccountMessageSignature" isEqualToString:call.method]) {
+    @try {
+      if ([Approov respondsToSelector:@selector(getAccountMessageSignature:)]) {
+        result([Approov getAccountMessageSignature:call.arguments[@"message"]]);
+      } else {
         result([Approov getMessageSignature:call.arguments[@"message"]]);
+      }
+    }
+    @catch (NSException *exception) {
+      result([FlutterError errorWithCode:@"Approov.getAccountMessageSignature"
+                                 message:exception.reason
+                                 details:nil]);
+    }
+  } else if ([@"getInstallMessageSignature" isEqualToString:call.method]) {
+    @try {
+      result([Approov getInstallMessageSignature:call.arguments[@"message"]]);
+    }
+    @catch (NSException *exception) {
+            result([FlutterError errorWithCode:@"Approov.getInstallMessageSignature"
+                                       message:exception.reason
+                                       details:nil]);
+        }
     } else if ([@"setUserProperty" isEqualToString:call.method]) {
         [Approov setUserProperty:call.arguments[@"property"]];
         result(nil);