fix: gate getLastARC to prevent uninitialized sdk exceptions

Author: ivol

android/src/main/java/io/approov/reactnative/ApproovService.java

@@ -203,6 +203,17 @@ public synchronized boolean getUseApproovStatusIfNoToken() {
     // The mutator instance used to control ApproovService behavior
     private static ApproovServiceMutator serviceMutator;
 
+    // Cached failure result from the last Approov token fetch that returned a
+    // failure status.
+    // Protected by failureCacheLock for thread-safe access. This avoids redundant
+    // ~1s SDK calls
+    // when the platform is in a sustained failure state (e.g. no network, MITM
+    // detected).
+    private static final Object failureCacheLock = new Object();
+    private static Approov.TokenFetchResult cachedFailureResult = null;
+    private static long cachedFailureTimeMs = 0;
+    private static final long FAILURE_CACHE_TTL_MS = 500; // 0.5 seconds
+
     static {
         ApproovDefaultMessageSigning signer = new ApproovDefaultMessageSigning();
         signer.setDefaultFactory(ApproovDefaultMessageSigning.generateDefaultSignatureParametersFactory());
@@ -234,13 +245,65 @@ public static ApproovServiceMutator getServiceMutator() {
     }
 
     /**
-     * Fetches an Approov token for the given URL.
+     * Returns a cached failure result if one exists and hasn't expired.
+     * Returns null if no cache exists or it has expired (caller should fetch from
+     * SDK).
+     */
+    private static Approov.TokenFetchResult getCachedFailure() {
+        synchronized (failureCacheLock) {
+            if (cachedFailureResult != null
+                    && (System.currentTimeMillis() - cachedFailureTimeMs) < FAILURE_CACHE_TTL_MS) {
+                return cachedFailureResult;
+            }
+            // Cache miss or expired — clear and allow a fresh SDK call
+            cachedFailureResult = null;
+            cachedFailureTimeMs = 0;
+            return null;
+        }
+    }
+
+    /**
+     * Caches a failure result. Only failure statuses are cached; success is never
+     * cached.
+     */
+    private static void cacheFailureIfNeeded(Approov.TokenFetchResult result) {
+        switch (result.getStatus()) {
+            case NO_NETWORK:
+            case POOR_NETWORK:
+            case MITM_DETECTED:
+            case NO_APPROOV_SERVICE:
+                synchronized (failureCacheLock) {
+                    cachedFailureResult = result;
+                    cachedFailureTimeMs = System.currentTimeMillis();
+                }
+                break;
+            default:
+                // Success and other statuses are never cached
+                break;
+        }
+    }
+
+    /**
+     * Performs a cached Approov token fetch. If a failure result is cached and
+     * within
+     * the TTL window, the cached failure is returned instantly. Otherwise a fresh
+     * SDK
+     * call is made and the result is cached if it is a failure.
      *
      * @param url is the URL giving the domain for the token fetch
      * @return the token fetch result
      */
-    public Approov.TokenFetchResult fetchApproovTokenAndWait(String url) {
-        return Approov.fetchApproovTokenAndWait(url);
+    public Approov.TokenFetchResult fetchApproovTokenCached(String url) {
+        Approov.TokenFetchResult cached = getCachedFailure();
+        if (cached != null) {
+            log(LOG_DEBUG, TAG, "Using cached failure: " + cached.getStatus().toString());
+            return cached;
+        }
+
+        // Normal execution
+        Approov.TokenFetchResult result = Approov.fetchApproovTokenAndWait(url);
+        cacheFailureIfNeeded(result);
+        return result;
     }
 
     /**
@@ -694,6 +757,10 @@ public void initialize(String config, String comment, Promise promise) {
                 initialConfig = config;
                 isInitialized = true;
                 clearEarliestNetworkRequestTime();
+                synchronized (failureCacheLock) {
+                    cachedFailureResult = null;
+                    cachedFailureTimeMs = 0;
+                }
                 if (isApproovEnabled()) {
                     log(LOG_INFO, TAG, "initialized on deviceID " + Approov.getDeviceID());
                     notifyPinChangeListeners();
@@ -768,6 +835,11 @@ public void isApproovEnabled(Promise promise) {
     @ReactMethod
     public void getLastARC(Promise promise) {
         log(LOG_INFO, TAG, "ApproovService: getLastARC");
+        if (!isInitialized || !isApproovEnabled()) {
+            promise.resolve("");
+            return;
+        }
+
         // Get the dynamic pins from Approov
         Map<String, List<String>> approovPins = Approov.getPins("public-key-sha256");
         if (approovPins == null || approovPins.isEmpty()) {
@@ -1318,14 +1390,6 @@ public void approovCallback(Approov.TokenFetchResult result) {
      */
     @ReactMethod
     public void precheck(Promise promise) {
-        if (!isInitialized) {
-            promise.reject("approov_error", "Approov is not initialized", getErrorUserInfo(false));
-            return;
-        }
-        if (!isApproovEnabled()) {
-            promise.reject("approov_error", "Approov is disabled", getErrorUserInfo(false));
-            return;
-        }
         try {
             Approov.fetchSecureString(new PrecheckHandler(promise), "precheck-dummy-key", null);
         } catch (IllegalStateException e) {
@@ -1413,14 +1477,6 @@ public void getDeviceID(Promise promise) {
      */
     @ReactMethod
     public void setDataHashInToken(String data, Promise promise) {
-        if (!isInitialized) {
-            promise.reject("approov_error", "Approov is not initialized", getErrorUserInfo(false));
-            return;
-        }
-        if (!isApproovEnabled()) {
-            promise.reject("approov_error", "Approov is disabled", getErrorUserInfo(false));
-            return;
-        }
         try {
             Approov.setDataHashInToken(data);
             log(LOG_DEBUG, TAG, "setDataHashInToken");
@@ -1449,14 +1505,6 @@ public void setDataHashInToken(String data, Promise promise) {
      */
     @ReactMethod
     public void fetchToken(String url, Promise promise) {
-        if (!isInitialized) {
-            promise.reject("approov_error", "Approov is not initialized", getErrorUserInfo(false));
-            return;
-        }
-        if (!isApproovEnabled()) {
-            promise.reject("approov_error", "Approov is disabled", getErrorUserInfo(false));
-            return;
-        }
         try {
             Approov.fetchApproovToken(new FetchTokenHandler(promise), url);
         } catch (IllegalStateException e) {
@@ -1556,14 +1604,6 @@ public void getMessageSignature(String message, Promise promise) {
      */
     @ReactMethod
     public void fetchSecureString(String key, String newDef, Promise promise) {
-        if (!isInitialized) {
-            promise.reject("approov_error", "Approov is not initialized", getErrorUserInfo(false));
-            return;
-        }
-        if (!isApproovEnabled()) {
-            promise.reject("approov_error", "Approov is disabled", getErrorUserInfo(false));
-            return;
-        }
         // determine the type of operation as the values themselves cannot be logged
         String type = "lookup";
         if (newDef != null)
@@ -1662,21 +1702,6 @@ else if ((result.getStatus() != Approov.TokenFetchStatus.SUCCESS) &&
      */
     @ReactMethod
     public void fetchCustomJWT(String payload, Promise promise) {
-        if (!isInitialized) {
-            promise.reject("approov_error", "Approov is not initialized", getErrorUserInfo(false));
-            return;
-        }
-        if (!isApproovEnabled()) {
-            promise.reject("approov_error", "Approov is disabled", getErrorUserInfo(false));
-            return;
-        }
-        try {
-            new org.json.JSONObject(payload);
-        } catch (org.json.JSONException e) {
-            promise.reject("fetchCustomJWT", "IllegalArgument: Malformed JSON payload", getErrorUserInfo(false));
-            return;
-        }
-
         try {
             Approov.fetchCustomJWT(new FetchCustomJWTHandler(promise), payload);
         } catch (IllegalStateException e) {
@@ -1989,6 +2014,52 @@ public void getMaxReswizzleAttempts(Promise promise) {
         promise.resolve(0);
     }
 
+    /**
+     * Exposes the native Approov logging facility to Javascript.
+     * 
+     * @param message the string message to log natively
+     * @param level   the integer log level (e.g., ApproovService.Log.INFO)
+     */
+    @ReactMethod
+    public void logMessage(String message, Integer level) {
+        int mappedLevel = (level != null) ? level : LOG_INFO;
+        log(mappedLevel, TAG, "JS: " + (message != null ? message : "null"));
+    }}}
+
+    promise.resolve(responseMap);}
+
+    }catch(
+
+    Exception e)
+    {
+                log(LOG_ERROR, TAG, "fetchWithApproov failed: " + e.getMessage());
+                promise.reject("network_error", e.getMessage(), e);
+            }
+    }).start();}
+
+    /**
+     * iOS-specific method to set the max reswizzle attempts.
+     * This is a no-op on Android since the OkHttp integration
+     * does not rely on method swizzling or +load races.
+     *
+     * @param attempts the maximum number of recovery attempts.
+     */
+    @ReactMethod
+    public void setMaxReswizzleAttempts(Integer attempts) {
+        log(LOG_DEBUG, TAG, "setMaxReswizzleAttempts: no-op on Android");
+    }
+
+    /**
+     * iOS-specific method to get the max reswizzle attempts.
+     * Always returns 0 on Android since swizzling is not used.
+     *
+     * @param promise promise to be fulfilled with 0
+     */
+    @ReactMethod
+    public void getMaxReswizzleAttempts(Promise promise) {
+        promise.resolve(0);
+    }
+
     /**
      * Exposes the native Approov logging facility to Javascript.
      *