Use intent launcher instead of 'in-foreground'

ArnyminerZ · ArnyminerZ · commit f1cd8c00bf3f · 2025-09-10T08:35:38.000+02:00
diff --git a/lib/src/main/java/at/bitfire/cert4android/CustomCertManager.kt b/lib/src/main/java/at/bitfire/cert4android/CustomCertManager.kt
@@ -6,6 +6,8 @@ package at.bitfire.cert4android
 
 import android.annotation.SuppressLint
 import android.content.Context
+import android.content.Intent
+import androidx.activity.result.ActivityResultLauncher
 import kotlinx.coroutines.flow.StateFlow
 import java.security.cert.CertificateException
 import java.security.cert.X509Certificate
@@ -27,7 +29,7 @@ import javax.net.ssl.X509TrustManager
 class CustomCertManager @JvmOverloads constructor(
     context: Context,
     val trustSystemCerts: Boolean = true,
-    var appInForeground: StateFlow<Boolean>?
+    var launcher: ActivityResultLauncher<Intent>?
 ): X509TrustManager {
 
     private val logger
@@ -51,7 +53,7 @@ class CustomCertManager @JvmOverloads constructor(
      */
     @Throws(CertificateException::class)
     override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) {
-        if (!certStore.isTrusted(chain, authType, trustSystemCerts, appInForeground))
+        if (!certStore.isTrusted(chain, authType, trustSystemCerts, launcher))
             throw CertificateException("Certificate chain not trusted")
     }
 
@@ -75,7 +77,7 @@ class CustomCertManager @JvmOverloads constructor(
             // Allow users to explicitly accept certificates that have a bad hostname here
             (session.peerCertificates.firstOrNull() as? X509Certificate)?.let { cert ->
                 // Check without trusting system certificates so that the user will be asked even for system-trusted certificates
-                if (certStore.isTrusted(arrayOf(cert), "RSA", false, appInForeground))
+                if (certStore.isTrusted(arrayOf(cert), "RSA", false, launcher))
                     return true
             }
 
diff --git a/lib/src/main/java/at/bitfire/cert4android/CustomCertStore.kt b/lib/src/main/java/at/bitfire/cert4android/CustomCertStore.kt
@@ -6,6 +6,8 @@ package at.bitfire.cert4android
 
 import android.annotation.SuppressLint
 import android.content.Context
+import android.content.Intent
+import androidx.activity.result.ActivityResultLauncher
 import androidx.annotation.VisibleForTesting
 import kotlinx.coroutines.TimeoutCancellationException
 import kotlinx.coroutines.flow.StateFlow
@@ -81,7 +83,7 @@ class CustomCertStore internal constructor(
     /**
      * Determines whether a certificate chain is trusted.
      */
-    fun isTrusted(chain: Array<X509Certificate>, authType: String, trustSystemCerts: Boolean, appInForeground: StateFlow<Boolean>?): Boolean {
+    fun isTrusted(chain: Array<X509Certificate>, authType: String, trustSystemCerts: Boolean, launcher: ActivityResultLauncher<Intent>?): Boolean {
         if (chain.isEmpty())
             throw IllegalArgumentException("Certificate chain must not be empty")
         val cert = chain[0]
@@ -107,7 +109,7 @@ class CustomCertStore internal constructor(
                 }
         }
 
-        if (appInForeground == null) {
+        if (launcher == null) {
             logger.log(Level.INFO, "Certificate not known and running in non-interactive mode, rejecting")
             return false
         }
@@ -117,7 +119,7 @@ class CustomCertStore internal constructor(
 
             try {
                 withTimeout(userTimeout) {
-                    ui.check(cert, appInForeground.value)
+                    ui.check(cert, launcher)
                 }
             } catch (_: TimeoutCancellationException) {
                 logger.log(Level.WARNING, "User timeout while waiting for certificate decision, rejecting")
diff --git a/lib/src/main/java/at/bitfire/cert4android/UserDecisionRegistry.kt b/lib/src/main/java/at/bitfire/cert4android/UserDecisionRegistry.kt
@@ -4,6 +4,7 @@ import android.annotation.SuppressLint
 import android.app.PendingIntent
 import android.content.Context
 import android.content.Intent
+import androidx.activity.result.ActivityResultLauncher
 import androidx.core.app.NotificationCompat
 import androidx.core.app.TaskStackBuilder
 import kotlinx.coroutines.suspendCancellableCoroutine
@@ -48,10 +49,10 @@ class UserDecisionRegistry private constructor(
      * @param appInForeground   whether the app is currently in foreground = whether it can directly launch an Activity
      * @return *true* if the user explicitly trusts the certificate, *false* if unknown or untrusted
      */
-    suspend fun check(cert: X509Certificate, appInForeground: Boolean): Boolean = suspendCancellableCoroutine { cont ->
+    suspend fun check(cert: X509Certificate, launcher: ActivityResultLauncher<Intent>?): Boolean = suspendCancellableCoroutine { cont ->
         // check whether we're able to retrieve user feedback (= start an Activity and/or show a notification)
         val notificationsPermitted = NotificationUtils.notificationsPermitted(context)
-        val userDecisionPossible = appInForeground || notificationsPermitted
+        val userDecisionPossible = launcher != null || notificationsPermitted
 
         if (userDecisionPossible) {
             // User decision possible → remember request in pendingDecisions so that a later decision will be applied to this request
@@ -86,7 +87,7 @@ class UserDecisionRegistry private constructor(
             }
 
             if (requestDecision)
-                requestDecision(cert, launchActivity = appInForeground, showNotification = notificationsPermitted)
+                requestDecision(cert, launcher, showNotification = notificationsPermitted)
 
         } else {
             // We're not able to retrieve user feedback, directly reject request
@@ -108,8 +109,8 @@ class UserDecisionRegistry private constructor(
      * @throws IllegalArgumentException  when both [launchActivity] and [showNotification] are *false*
      */
     @SuppressLint("MissingPermission")
-    internal fun requestDecision(cert: X509Certificate, launchActivity: Boolean, showNotification: Boolean) {
-        if (!launchActivity && !showNotification)
+    internal fun requestDecision(cert: X509Certificate, launcher: ActivityResultLauncher<Intent>?, showNotification: Boolean) {
+        if (launcher == null && !showNotification)
             throw IllegalArgumentException("User decision requires certificate Activity and/or notification")
 
         val rawCert = cert.encoded
@@ -147,9 +148,9 @@ class UserDecisionRegistry private constructor(
             nm.notify(CertUtils.getTag(cert), NotificationUtils.ID_CERT_DECISION, notify)
         }
 
-        if (launchActivity) {
+        if (launcher != null) {
             decisionIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
-            context.startActivity(decisionIntent)
+            launcher.launch(decisionIntent)
         }
     }
 
