bitfireAT · rfc2822 · Aug 29, 2023 · Aug 28, 2023 · Aug 28, 2023 · Aug 28, 2023
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -49,18 +49,11 @@ jobs:
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+    # - name: Autobuild
+    #   uses: github/codeql-action/autobuild@v2
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #   echo "Run, Build Application using script"
-    #   ./location_of_script_within_repo/buildscript.sh
+    - name: Build
+      run: ./gradlew --no-daemon cert4android:assemble
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -1,6 +1,6 @@
 // Top-level build file where you can add configuration options common to all sub-projects/modules.
 plugins {
-    id("com.android.library") version "8.1.0" apply false
+    id("com.android.library") version "8.1.1" apply false
     id("org.jetbrains.kotlin.android") version "1.9.0" apply false
     id("org.jetbrains.dokka") version "1.8.20" apply false
 }

diff --git a/gradle.properties b/gradle.properties
@@ -1,23 +1,11 @@
-# Project-wide Gradle settings.
-# IDE (e.g. Android Studio) users:
-# Gradle settings configured through the IDE *will override*
-# any settings specified in this file.
-# For more details on how to configure your build environment visit
-# http://www.gradle.org/docs/current/userguide/build_environment.html
-# Specifies the JVM arguments used for the daemon process.
-# The setting is particularly useful for tweaking memory settings.
-org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8
-# When configured, Gradle will run in incubating parallel mode.
-# This option should only be used with decoupled projects. More details, visit
-# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
-# org.gradle.parallel=true
-# AndroidX package structure to make it clearer which packages are bundled with the
-# Android operating system, and which are packaged with your app's APK
-# https://developer.android.com/topic/libraries/support-library/androidx-rn
+# [https://developer.android.com/build/optimize-your-build#optimize]
+org.gradle.daemon=true
+org.gradle.jvmargs=-Xmx4g -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8 -XX:+UseParallelGC -XX:MaxMetaspaceSize=512m
+org.gradle.parallel=true
+
+# configuration cache [https://developer.android.com/build/optimize-your-build#use-the-configuration-cache-experimental]
+org.gradle.unsafe.configuration-cache=true
+org.gradle.unsafe.configuration-cache-problems=warn
+
+# Android
 android.useAndroidX=true
-# Kotlin code style for this project: "official" or "obsolete":
-kotlin.code.style=official
-# Enables namespacing of each library's R class so that its R class includes only the
-# resources declared in the library itself and none from the library's dependencies,
-# thereby reducing the size of the R class for that library
-android.nonTransitiveRClass=true
diff --git a/lib/src/androidTest/java/at/bitfire/cert4android/CustomCertManagerTest.kt b/lib/src/androidTest/java/at/bitfire/cert4android/CustomCertManagerTest.kt
@@ -4,16 +4,9 @@
 
 package at.bitfire.cert4android
 
-import android.app.Service
-import android.content.Intent
-import android.os.IBinder
-import androidx.test.platform.app.InstrumentationRegistry.getInstrumentation
-import androidx.test.rule.ServiceTestRule
-import org.junit.After
-import org.junit.Assert.assertNotNull
+import androidx.test.platform.app.InstrumentationRegistry
 import org.junit.Assume.assumeNotNull
 import org.junit.Before
-import org.junit.Rule
 import org.junit.Test
 import java.io.IOException
 import java.net.URL
@@ -37,17 +30,11 @@ class CustomCertManagerTest {
         }
     }
 
+    val context by lazy { InstrumentationRegistry.getInstrumentation().targetContext }
+
     lateinit var certManager: CustomCertManager
     lateinit var paranoidCertManager: CustomCertManager
 
-    init {
-        CustomCertManager.SERVICE_TIMEOUT = 1000
-    }
-
-    @JvmField
-    @Rule
-    val serviceTestRule = ServiceTestRule()
-
     var siteCerts: List<X509Certificate>? = null
     init {
         try {
@@ -59,26 +46,9 @@ class CustomCertManagerTest {
 
 
     @Before
-    fun initCertManager() {
-        // prepare a bound and ready service for testing
-        // loop required because of https://code.google.com/p/android/issues/detail?id=180396
-        val binder = bindService(CustomCertService::class.java)
-        assertNotNull(binder)
-
-        val context = getInstrumentation().context
-        CustomCertManager.resetCertificates(context)
-
-        certManager = CustomCertManager(context, false)
-        assertNotNull(certManager)
-
-        paranoidCertManager = CustomCertManager(context, false, false)
-        assertNotNull(paranoidCertManager)
-    }
-
-    @After
-    fun closeCertManager() {
-        paranoidCertManager.close()
-        certManager.close()
+    fun createCertManager() {
+        certManager = CustomCertManager(context, true, null)
+        paranoidCertManager = CustomCertManager(context, false, null)
     }
 
 
@@ -99,51 +69,27 @@ class CustomCertManagerTest {
 
     @Test
     fun testAddCustomCertificate() {
-        addCustomCertificate()
+        addTrustedCertificate()
         paranoidCertManager.checkServerTrusted(siteCerts!!.toTypedArray(), "RSA")
     }
 
-    // fails randomly for unknown reason:
     @Test(expected = CertificateException::class)
     fun testRemoveCustomCertificate() {
-        addCustomCertificate()
-
-        // remove certificate and check again
-        // should now be rejected for the whole session, i.e. no timeout anymore
-        val intent = Intent(getInstrumentation().context, CustomCertService::class.java)
-        intent.action = CustomCertService.CMD_CERTIFICATION_DECISION
-        intent.putExtra(CustomCertService.EXTRA_CERTIFICATE, siteCerts!!.first().encoded)
-        intent.putExtra(CustomCertService.EXTRA_TRUSTED, false)
-        startService(intent, CustomCertService::class.java)
-        paranoidCertManager.checkServerTrusted(siteCerts!!.toTypedArray(), "RSA")
-    }
+        addTrustedCertificate()
 
-    private fun addCustomCertificate() {
-        // add certificate and check again
-        val intent = Intent(getInstrumentation().context, CustomCertService::class.java)
-        intent.action = CustomCertService.CMD_CERTIFICATION_DECISION
-        intent.putExtra(CustomCertService.EXTRA_CERTIFICATE, siteCerts!!.first().encoded)
-        intent.putExtra(CustomCertService.EXTRA_TRUSTED, true)
-        startService(intent, CustomCertService::class.java)
-    }
+        // remove certificate again
+        // should now be rejected for the whole session
+        addUntrustedCertificate()
 
+        paranoidCertManager.checkServerTrusted(siteCerts!!.toTypedArray(), "RSA")
+    }
 
-    private fun bindService(clazz: Class<out Service>): IBinder {
-        var binder = serviceTestRule.bindService(Intent(getInstrumentation().targetContext, clazz))
-        var it = 0
-        while (binder == null && it++ <100) {
-            binder = serviceTestRule.bindService(Intent(getInstrumentation().targetContext, clazz))
-            System.err.println("Waiting for ServiceTestRule.bindService")
-            Thread.sleep(50)
-        }
-        if (binder == null)
-            throw IllegalStateException("Couldn't bind to service")
-        return binder
+    private fun addTrustedCertificate() {
+        CustomCertStore.getInstance(context).setTrustedByUser(siteCerts!!.first())
     }
 
-    private fun startService(intent: Intent, clazz: Class<out Service>) {
-        serviceTestRule.startService(intent)
-        bindService(clazz)
+    private fun addUntrustedCertificate() {
+        CustomCertStore.getInstance(context).setUntrustedByUser(siteCerts!!.first())
     }
 
 }
diff --git a/lib/src/main/AndroidManifest.xml b/lib/src/main/AndroidManifest.xml
@@ -4,7 +4,6 @@
     <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
 
     <application>
-        <service android:name=".CustomCertService"/>
 
         <activity
             android:name=".TrustCertificateActivity"

diff --git a/lib/src/main/java/at/bitfire/cert4android/Cert4Android.kt b/lib/src/main/java/at/bitfire/cert4android/Cert4Android.kt
@@ -31,9 +31,4 @@ object Cert4Android {
         MaterialTheme(content = content)
     }
 
-
-    // notifications
-
-    const val NOTIFICATION_CERT_DECISION = 88809
-
 }
diff --git a/lib/src/main/java/at/bitfire/cert4android/CertUtils.kt b/lib/src/main/java/at/bitfire/cert4android/CertUtils.kt
@@ -8,7 +8,7 @@ import java.security.GeneralSecurityException
 import java.security.KeyStore
 import java.security.MessageDigest
 import java.security.cert.X509Certificate
-import java.util.*
+import java.util.Locale
 import java.util.logging.Level
 import javax.net.ssl.TrustManagerFactory
 import javax.net.ssl.X509TrustManager