Extended Android tests (#5298)

Added tests related to certificate pinning, mockwebserver and cleartext blocking on legacy Android.

Author: yschimke

android-test/build.gradle

@@ -1,6 +1,15 @@
 apply plugin: 'com.android.library'
 apply plugin: 'org.jetbrains.kotlin.android'
 
+repositories {
+  jcenter {
+    // Required for a dependency of Android lint.
+    content {
+      includeGroup 'org.jetbrains.trove4j'
+    }
+  }
+}
+
 android {
   compileOptions {
     sourceCompatibility JavaVersion.VERSION_1_8
@@ -23,6 +32,8 @@ dependencies {
   implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:${versions.kotlin}"
   implementation project(':okhttp')
   testImplementation 'junit:junit:4.12'
+  androidTestImplementation project(':mockwebserver')
+  androidTestImplementation project(':okhttp-tls')
   androidTestImplementation 'com.android.support.test:runner:1.0.2'
   androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.2'
 }

android-test/src/androidTest/java/okhttp/android/test/OkHttpTest.kt

@@ -18,21 +18,29 @@ package okhttp.android.test
 import android.os.Build
 import android.support.test.runner.AndroidJUnit4
 import okhttp3.Call
+import okhttp3.CertificatePinner
 import okhttp3.Connection
 import okhttp3.EventListener
 import okhttp3.OkHttpClient
 import okhttp3.Protocol
 import okhttp3.Request
 import okhttp3.TlsVersion
+import okhttp3.mockwebserver.MockResponse
+import okhttp3.mockwebserver.MockWebServer
+import okhttp3.tls.internal.TlsUtil.localhost
 import org.junit.After
 import org.junit.Assert.assertEquals
+import org.junit.Assert.assertTrue
 import org.junit.Assert.fail
-import org.junit.Assume
+import org.junit.Assume.assumeNoException
+import org.junit.Assume.assumeTrue
 import org.junit.Before
+import org.junit.Rule
 import org.junit.Test
 import org.junit.runner.RunWith
 import java.net.InetAddress
 import java.net.UnknownHostException
+import javax.net.ssl.SSLPeerUnverifiedException
 
 /**
  * Run with "./gradlew :android-test:connectedCheck" and make sure ANDROID_SDK_ROOT is set.
@@ -41,6 +49,11 @@ import java.net.UnknownHostException
 class OkHttpTest {
   private lateinit var client: OkHttpClient
 
+  @JvmField
+  @Rule
+  val server = MockWebServer()
+  private val handshakeCertificates = localhost()
+
   @Before
   fun createClient() {
     client = OkHttpClient.Builder()
@@ -91,13 +104,26 @@ class OkHttpTest {
         assertEquals(TlsVersion.TLS_1_2, response.handshake?.tlsVersion)
       }
       assertEquals(200, response.code)
-      assertEquals("com.android.org.conscrypt.Java8FileDescriptorSocket", socketClass)
+      assertTrue(socketClass?.startsWith("com.android.org.conscrypt.") == true)
+    }
+  }
+
+  @Test
+  fun testHttpRequestNotBlockedOnLegacyAndroid() {
+    assumeTrue(Build.VERSION.SDK_INT < 23)
+
+    val request = Request.Builder().url("http://squareup.com/robots.txt").build()
+
+    val response = client.newCall(request).execute()
+
+    response.use {
+      assertEquals(200, response.code)
     }
   }
 
   @Test
   fun testHttpRequestBlocked() {
-    Assume.assumeTrue(Build.VERSION.SDK_INT >= 23)
+    assumeTrue(Build.VERSION.SDK_INT >= 23)
 
     val request = Request.Builder().url("http://api.twitter.com/robots.txt").build()
 
@@ -108,11 +134,75 @@ class OkHttpTest {
     }
   }
 
+  @Test
+  fun testMockWebserverRequest() {
+    enableTls()
+
+    server.enqueue(MockResponse().setBody("abc"))
+
+    val request = Request.Builder().url(server.url("/")).build()
+
+    val response = client.newCall(request).execute()
+
+    response.use {
+      assertEquals(200, response.code)
+    }
+  }
+
+  @Test
+  fun testCertificatePinningFailure() {
+    enableTls()
+
+    val certificatePinner = CertificatePinner.Builder()
+        .add(server.hostName, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
+        .build()
+    client = client.newBuilder().certificatePinner(certificatePinner).build()
+
+    server.enqueue(MockResponse().setBody("abc"))
+
+    val request = Request.Builder().url(server.url("/")).build()
+
+    try {
+      client.newCall(request).execute()
+      fail()
+    } catch (_: SSLPeerUnverifiedException) {
+    }
+  }
+
+  @Test
+  fun testCertificatePinningSuccess() {
+    enableTls()
+
+    val certificatePinner = CertificatePinner.Builder()
+        .add(server.hostName,
+            CertificatePinner.pin(handshakeCertificates.trustManager.acceptedIssuers[0]))
+        .build()
+    client = client.newBuilder().certificatePinner(certificatePinner).build()
+
+    server.enqueue(MockResponse().setBody("abc"))
+
+    val request = Request.Builder().url(server.url("/")).build()
+
+    val response = client.newCall(request).execute()
+
+    response.use {
+      assertEquals(200, response.code)
+    }
+  }
+
+  private fun enableTls() {
+    client = client.newBuilder()
+        .sslSocketFactory(
+            handshakeCertificates.sslSocketFactory(), handshakeCertificates.trustManager)
+        .build()
+    server.useHttps(handshakeCertificates.sslSocketFactory(), false)
+  }
+
   private fun assumeNetwork() {
     try {
       InetAddress.getByName("www.google.com")
     } catch (uhe: UnknownHostException) {
-      Assume.assumeNoException(uhe)
+      assumeNoException(uhe)
     }
   }
 }

build.gradle

@@ -47,7 +47,7 @@ buildscript {
     classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:${versions.kotlin}"
     classpath "org.jetbrains.dokka:dokka-gradle-plugin:0.9.18"
     classpath 'com.diffplug.spotless:spotless-plugin-gradle:3.21.1'
-    classpath 'com.android.tools.build:gradle:3.4.1'
+    classpath 'com.android.tools.build:gradle:3.4.2'
   }
 
   repositories {
@@ -146,7 +146,7 @@ subprojects { project ->
     def alpnBootVersion = alpnBootVersion()
     if (alpnBootVersion != null) {
       dependencies {
-        testCompile "org.mortbay.jetty.alpn:alpn-boot:$alpnBootVersion"
+        testImplementation "org.mortbay.jetty.alpn:alpn-boot:$alpnBootVersion"
       }
       def alpnBootJar = configurations.testCompile.find { it.name.startsWith("alpn-boot-") }
       test {

settings.gradle

@@ -1,11 +1,13 @@
 rootProject.name = 'okhttp-parent'
 
 include ':mockwebserver'
-if (!properties.containsKey('android.injected.invoked.from.ide') && System.getenv(
-        'ANDROID_SDK_ROOT') != null) {
-  // Currently incompatible with Intellij
+
+if (properties.containsKey('android.injected.invoked.from.ide') ||
+        System.getenv('ANDROID_SDK_ROOT') != null) {
+  // Currently incompatible with Intellij, use with Android Studio and from CLI with explicit flag
   include ':android-test'
 }
+
 include ':okcurl'
 include ':okhttp'
 include ':okhttp-brotli'