Deep Link Testing & AASA Validator

[aritchie]

This pull request adds deep link validation tools for both iOS (AASA) and Android (assetlinks.json) to the device and simulator tools tabs. It introduces a new IDeepLinkValidationService for validating domain association files, updates the UI to allow users to validate these files directly from the app, and displays detailed validation results with user-friendly feedback.

Key changes include:

Core Service Implementation:

• Added a new interface IDeepLinkValidationService and corresponding result record types (AasaValidationResult, AssetLinksValidationResult, etc.) to define methods for validating Apple App Site Association (AASA) and Android assetlinks.json files. (src/MauiSherpa.Core/Interfaces.cs)
• Implemented DeepLinkValidationService with logic to fetch, parse, and validate AASA and assetlinks.json files, handling both modern and legacy formats, and providing structured results. (src/MauiSherpa.Core/Services/DeepLinkValidationService.cs)
• Registered DeepLinkValidationService as a singleton in the DI container for MacOS. (src/MauiSherpa.MacOS/MacOSMauiProgram.cs)

UI Integration – Device Tools Tab:

• Injected IDeepLinkValidationService and added a new button to validate assetlinks.json from the device tools tab, showing a styled result section with summary, entry details, and raw JSON. (src/MauiSherpa/Components/DeviceToolsTab.razor) [1] [2] [3] [4] [5]

UI Integration – Simulator Tools Tab:

• Injected IDeepLinkValidationService and added a new deep links section to the simulator tools tab, allowing users to launch deep links and validate AASA files with detailed feedback and raw JSON display. (src/MauiSherpa/Components/SimToolsTab.razor) [1] [2] [3] [4] [5]Initial commit

[Copilot]

Pull request overview

Adds in-app deep link validation utilities for iOS (AASA) and Android (assetlinks.json), surfaced in the simulator and device tools UI, backed by a new Core validation service.

Changes:

• Introduced IDeepLinkValidationService plus result record types for AASA and assetlinks validation.
• Implemented DeepLinkValidationService to fetch and parse AASA (including signed CMS/PKCS7) and assetlinks.json.
• Updated SimToolsTab and DeviceToolsTab UI to launch deep links and display validation results (including raw JSON).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
src/MauiSherpa/Components/SimToolsTab.razor	Adds a Deep Links section for launching URLs and validating AASA with detailed result rendering.
src/MauiSherpa/Components/DeviceToolsTab.razor	Adds assetlinks.json validation UI and result rendering for device tools.
src/MauiSherpa.MacOS/MacOSMauiProgram.cs	Registers the new deep link validation service in the macOS head DI container.
src/MauiSherpa.Core/Services/DeepLinkValidationService.cs	New service that downloads and validates AASA and assetlinks association files.
src/MauiSherpa.Core/Interfaces.cs	Adds IDeepLinkValidationService and related result record types.

[Copilot]

These validation styles (.validation-result, .validation-status, .validation-raw, .deep-link-warning, etc.) are duplicated between DeviceToolsTab and SimToolsTab. Consider moving them into a shared stylesheet (e.g., a common component CSS block or wwwroot CSS) to avoid future drift and reduce maintenance overhead.

[Copilot]

ExtractDomain, IsNonWebScheme, and FormatJson are duplicated in both DeviceToolsTab and SimToolsTab. Consider factoring these into a shared helper (e.g., a small static utility in the UI project) so fixes/behavior changes (scheme handling, formatting options, etc.) only need to be made once.

[Copilot]

domain is interpolated directly into the URL string. If a caller passes unexpected input (e.g., containing @ userinfo or /), the request can be sent to an unintended host (e.g., https://example.com@evil.com/... resolves to evil.com). Validate that domain is a hostname (e.g., via Uri.CheckHostName and rejecting characters like @, /, :), or build the URI via UriBuilder to avoid URL-injection edge cases.

Suggested change

	public async Task<AasaValidationResult> ValidateAppleAppSiteAssociationAsync(string domain)
	{
	try
	{
	var url = $"https://{domain}/.well-known/apple-app-site-association";
	var response = await Http.GetAsync(url).ConfigureAwait(false);
	static bool IsValidHostName(string domain)
	{
	if (string.IsNullOrWhiteSpace(domain))
	return false;
	if (domain.IndexOfAny(['@', '/', '\\', ':', '?', '#']) >= 0)
	return false;
	return Uri.CheckHostName(domain) != UriHostNameType.Unknown;
	}
	public async Task<AasaValidationResult> ValidateAppleAppSiteAssociationAsync(string domain)
	{
	try
	{
	if (!IsValidHostName(domain))
	{
	return new AasaValidationResult(
	false,
	false,
	null,
	Array.Empty<AasaAppEntry>(),
	"Invalid domain name",
	false);
	}
	var requestUri = new UriBuilder("https", domain)
	{
	Path = ".well-known/apple-app-site-association"
	}.Uri;
	var response = await Http.GetAsync(requestUri).ConfigureAwait(false);

[Copilot]

This new service adds non-trivial parsing/validation logic (AASA modern/legacy formats, signed-vs-raw content, assetlinks relation filtering) but there are no accompanying unit tests under tests/MauiSherpa.Core.Tests/Services. Adding tests for success, missing/invalid JSON, non-2xx responses, and signed AASA decoding would help prevent regressions. Consider also making the HTTP dependency injectable (instead of a static HttpClient) to enable deterministic tests.

Suggested change

	static readonly HttpClient Http = new()
	{
	Timeout = TimeSpan.FromSeconds(10)
	};
	public async Task<AasaValidationResult> ValidateAppleAppSiteAssociationAsync(string domain)
	{
	try
	{
	var url = $"https://{domain}/.well-known/apple-app-site-association";
	var response = await Http.GetAsync(url).ConfigureAwait(false);
	readonly HttpClient http;
	static HttpClient CreateDefaultHttpClient()
	{
	return new HttpClient
	{
	Timeout = TimeSpan.FromSeconds(10)
	};
	}
	public DeepLinkValidationService()
	: this(CreateDefaultHttpClient())
	{
	}
	public DeepLinkValidationService(HttpClient httpClient)
	{
	http = httpClient ?? throw new ArgumentNullException(nameof(httpClient));
	}
	public async Task<AasaValidationResult> ValidateAppleAppSiteAssociationAsync(string domain)
	{
	try
	{
	var url = $"https://{domain}/.well-known/apple-app-site-association";
	var response = await http.GetAsync(url).ConfigureAwait(false);

[Copilot]

IDeepLinkValidationService is injected here, but the main MAUI app host (src/MauiSherpa/MauiProgram.cs) does not register it in the DI container. This will throw at runtime when this component is rendered on Mac Catalyst/Windows. Register IDeepLinkValidationService (and its implementation) in the shared host (and any other heads that use these components), or guard the UI behind a feature check so it isn’t constructed when the service is unavailable.

[Copilot]

IDeepLinkValidationService is injected here, but it isn’t registered in the main app DI container (src/MauiSherpa/MauiProgram.cs). Rendering this component will fail on Mac Catalyst/Windows unless the service is added to the shared registrations (and any other relevant heads).

Suggested change

@inject IDeepLinkValidationService DeepLinkValidator

[Copilot]

The toast/error messaging says users must enter an https:// URL, but ExtractDomain currently accepts both http and https. Either restrict this to https only, or update the messaging/warning text so it matches the accepted input.

[Copilot]

The UI messaging indicates assetlinks.json validation requires an https:// URL, but ExtractDomain accepts both http and https. Consider either enforcing https here, or adjusting the user-facing message to match the actual accepted schemes.

Suggested change

	(uri.Scheme == "https" || uri.Scheme == "http"))
	uri.Scheme == Uri.UriSchemeHttps)