Remove conscrypt (#77)

* Remove conscrypt dependency

* Initialize conscrypt in OkHttpTest

Author: sunkup

lib/build.gradle.kts

@@ -100,7 +100,6 @@ dependencies {
     implementation(libs.androidx.appcompat)
     implementation(libs.androidx.lifecycle.livedata)
     implementation(libs.androidx.lifecycle.viewmodel)
-    implementation(libs.conscrypt)
 
     // Jetpack Compose
     implementation(libs.androidx.activityCompose)
@@ -113,6 +112,7 @@ dependencies {
     androidTestImplementation(libs.androidx.test.core)
     androidTestImplementation(libs.androidx.test.runner)
     androidTestImplementation(libs.androidx.test.rules)
+    androidTestImplementation(libs.conscrypt)
     androidTestImplementation(libs.okhttp3.mockwebserver)
     androidTestImplementation(libs.mockk.android)
 

…ire/cert4android/ConscryptIntegration.kt …ire/cert4android/ConscryptIntegration.ktlib/src/main/java/at/bitfire/cert4android/ConscryptIntegration.kt renamed to lib/src/androidTest/java/at/bitfire/cert4android/ConscryptIntegration.kt lib/src/main/java/at/bitfire/cert4android/ConscryptIntegration.kt renamed to lib/src/androidTest/java/at/bitfire/cert4android/ConscryptIntegration.kt

@@ -0,0 +1,44 @@
+package at.bitfire.cert4android
+
+import okhttp3.internal.tls.BasicCertificateChainCleaner
+import okhttp3.internal.tls.BasicTrustRootIndex
+import org.junit.Before
+import org.junit.Test
+
+class ConscryptIntegrationTest {
+
+    @Before
+    fun setUp() {
+        // initialize Conscrypt
+        ConscryptIntegration.initialize()
+    }
+
+
+    /**
+     * Test for https://github.com/google/conscrypt/issues/1268.
+     *
+     * See also https://github.com/bitfireAT/cert4android/pull/48.
+     */
+    @Test
+    fun test_X509Certificate_toString() {
+        val testCert = TestCertificates.crashCert()
+
+        // Crashes with Conscrypt 2.5.3
+        // Uncomment with Conscrypt >2.5.3
+//        System.err.println(testCert.toString())
+    }
+
+    @Test
+    fun testBasicCertificateChainCleaner() {
+        val cleaner = BasicCertificateChainCleaner(BasicTrustRootIndex())
+
+        // See https://github.com/bitfireAT/cert4android/issues/72
+        // CRASHES with Conscrypt 2.5.3:
+//         cleaner.clean(listOf(TestCertificates.crashCert()), "doesn't matter")
+
+        // This is relevant, because okhttp creates such a BasicCertificateChainManager
+        // when using a custom X509TrustManager. However when the trust manager extends
+        // X509ExtendedTrustManager, AndroidCertificateChainManager is used on Android.
+    }
+
+}

lib/src/androidTest/java/at/bitfire/cert4android/ConscryptIntegrationTest.kt

@@ -5,21 +5,22 @@ import okhttp3.Cache
 import okhttp3.CacheControl
 import okhttp3.OkHttpClient
 import okhttp3.Request
-import okhttp3.internal.tls.BasicCertificateChainCleaner
-import okhttp3.internal.tls.BasicTrustRootIndex
 import okhttp3.internal.tls.OkHostnameVerifier
 import org.junit.Assert.assertEquals
+import org.junit.Before
 import org.junit.Test
 import javax.net.ssl.SSLContext
 
 class OkhttpTest {
 
-    private val context by lazy { InstrumentationRegistry.getInstrumentation().targetContext }
-
-    init {
+    @Before
+    fun setUp() {
+        // initialize Conscrypt
         ConscryptIntegration.initialize()
     }
 
+    private val context by lazy { InstrumentationRegistry.getInstrumentation().targetContext }
+
     @Test
     fun testAccessICloudComWithCache() {
         // See https://github.com/bitfireAT/davx5/issues/713 and
@@ -42,20 +43,6 @@ class OkhttpTest {
         }
     }
 
-    @Test
-    fun testBasicCertificateChainCleaner() {
-        val cleaner = BasicCertificateChainCleaner(BasicTrustRootIndex())
-
-        // See https://github.com/bitfireAT/cert4android/issues/72
-        // CRASHES with Conscrypt 2.5.3:
-        // cleaner.clean(listOf(TestCertificates.crashCert()), "doesn't matter")
-
-        // This is relevant, because okhttp creates such a BasicCertificateChainManager
-        // when using a custom X509TrustManager. However when the trust manager extends
-        // X509ExtendedTrustManager, AndroidCertificateChainManager is used on Android.
-    }
-
-
     fun buildClient(useCache: Boolean): OkHttpClient {
         val builder = OkHttpClient.Builder()
 

lib/src/androidTest/java/at/bitfire/cert4android/ConscryptTest.kt

@@ -16,8 +16,6 @@ import javax.net.ssl.X509TrustManager
 /**
  * TrustManager to handle custom certificates.
  *
- * Initializes Conscrypt when it is first loaded.
- *
  * @param trustSystemCerts whether system certificates will be trusted
  * @param appInForeground  - `true`: if needed, directly launches [TrustCertificateActivity] and shows notification (if possible)
  *                         - `false`: if needed, shows notification (if possible)
@@ -84,14 +82,4 @@ class CustomCertManager @JvmOverloads constructor(
 
     }
 
-
-    companion object {
-
-        init {
-            // On first load of this class, initialize Conscrypt.
-            ConscryptIntegration.initialize()
-        }
-
-    }
-
 }

lib/src/androidTest/java/at/bitfire/cert4android/OkhttpTest.kt

@@ -11,7 +11,6 @@ import kotlinx.coroutines.TimeoutCancellationException
 import kotlinx.coroutines.flow.StateFlow
 import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.withTimeout
-import org.conscrypt.Conscrypt
 import java.io.File
 import java.io.FileInputStream
 import java.io.FileOutputStream
@@ -20,6 +19,8 @@ import java.security.cert.CertificateException
 import java.security.cert.X509Certificate
 import java.util.logging.Level
 import java.util.logging.Logger
+import javax.net.ssl.TrustManagerFactory
+import javax.net.ssl.X509TrustManager
 
 class CustomCertStore internal constructor(
     private val context: Context,
@@ -51,7 +52,15 @@ class CustomCertStore internal constructor(
         get() = Logger.getLogger(javaClass.name)
 
     /** system default TrustStore */
-    private val systemKeyStore by lazy { Conscrypt.getDefaultX509TrustManager() }
+    private val systemKeyStore by lazy {
+        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).run {
+            init(null as KeyStore?) // null means "use system default trust store"
+            trustManagers
+                .filterIsInstance<X509TrustManager>()
+                .firstOrNull()
+                ?: throw IllegalStateException("No X509TrustManager found")
+        }
+    }
 
     /** custom TrustStore */
     @VisibleForTesting