Add network and embedInCode resource test cases

Author: marcprux

Package.swift

@@ -72,6 +72,6 @@ let package = Package(
         ]),
         .testTarget(name: "AndroidNativeTests", dependencies: [
             "AndroidNative",
-        ]),
+        ], resources: [.embedInCode("Resources/sample_resource.txt")]),
     ]
 )

README.md

@@ -1,12 +1,13 @@
 # Android Native
 
 This package provides a Swift interface to various
-Android [NDK APIs](https://developer.android.com/ndk/reference).
+Android [NDK APIs](https://developer.android.com/ndk/reference)
+and utilities to integrate Swift Foundation with the Android environment.
 
 ## Requirements
 
-- Swift 5.9
-- [Swift Android SDK](https://github.com/finagolfin/swift-android-sdk)
+- Swift 6
+- [Swift Android Toolchain and SDK](https://github.com/skiptools/swift-android-toolchain)
 
 ## Installation
 
@@ -192,6 +193,28 @@ Add the `AndroidLooper` module as a conditional dependency for any targets that
 ])
 ```
 
+# AndroidBootstrap
+
+The [AndroidBootstrap] class is part of the top-level [AndroidNative] module, and provides
+some conveniences for configuring Android to work with other Foundation types.
+
+## Networking
+
+Foundation's `URLSession` cannot load "https" URLs out of the box on Android because it
+doesn't know where to look to find the local certificate authority files. In order to
+set up `URLSession` properly, first call `AndroidBootstrap.setupCACerts()` one time
+in order to initialize the certificate bundle.
+
+For example:
+
+```swift
+import FoundationNetworking
+import AndroidNative
+
+try AndroidBootstrap.setupCACerts() // needed in order to use https
+let url = URL(string: "https://httpbin.org/get?x=1")!
+let (data, response) = try await URLSession.shared.data(from: url)
+```
 
 # License
 

Sources/AndroidNative/AndroidNative.swift

@@ -5,3 +5,83 @@
 @_exported import AndroidLooper
 @_exported import AndroidChoreographer
 @_exported import AndroidContext
+
+#if canImport(Android)
+import Android
+import Foundation
+
+/// Utilities for setting up Android compatibility with Foundation
+public class AndroidBootstrap {
+    /// Collects all the certificate files from the Android certificate store and writes them to a single `cacerts.pem` file that can be used by libcurl,
+    /// which is communicated through the `URLSessionCertificateAuthorityInfoFile` environment property
+    ///
+    /// See https://android.googlesource.com/platform/frameworks/base/+/8b192b19f264a8829eac2cfaf0b73f6fc188d933%5E%21/#F0
+    /// See https://github.com/apple/swift-nio-ssl/blob/d1088ebe0789d9eea231b40741831f37ab654b61/Sources/NIOSSL/AndroidCABundle.swift#L30
+    @available(macOS 13.0, iOS 16.0, *)
+    public static func setupCACerts(force: Bool = false, fromCertficateFolders certsFolders: [String] = ["/system/etc/security/cacerts", "/apex/com.android.conscrypt/cacerts"]) throws {
+        // if someone else has already set URLSessionCertificateAuthorityInfoFile then do not override unless forced
+        if !force && getenv("URLSessionCertificateAuthorityInfoFile") != nil {
+            return
+        }
+
+        //let cacheFolder = try FileManager.default.url(for: .cachesDirectory, in: .userDomainMask, appropriateFor: nil, create: true) // file:////.cache/ (unwritable)
+        let cacheFolder = URL.temporaryDirectory
+        //logger.debug("setupCACerts: \(cacheFolder)")
+        let generatedCacertsURL = cacheFolder.appendingPathComponent("cacerts-aggregate.pem")
+        //logger.debug("setupCACerts: generatedCacertsURL=\(generatedCacertsURL)")
+
+        let contents = try FileManager.default.contentsOfDirectory(at: cacheFolder, includingPropertiesForKeys: nil)
+        //logger.debug("setupCACerts: cacheFolder=\(cacheFolder) contents=\(contents)")
+
+        // clear any previous generated certificates file that may have been created by this app
+        if FileManager.default.fileExists(atPath: generatedCacertsURL.path) {
+            try FileManager.default.removeItem(atPath: generatedCacertsURL.path)
+        }
+
+        let created = FileManager.default.createFile(atPath: generatedCacertsURL.path, contents: nil)
+        //logger.debug("setupCACerts: created file: \(created): \(generatedCacertsURL.path)")
+
+        let fs = try FileHandle(forWritingTo: generatedCacertsURL)
+        defer { try? fs.close() }
+
+        // write a header
+        fs.write("""
+        ## Bundle of CA Root Certificates
+        ## Auto-generated on \(Date())
+        ## by aggregating certificates from: \(certsFolders)
+
+        """.data(using: .utf8)!)
+
+        // Go through each folder and load each certificate file (ending with ".0"),
+        // and smash them together into a single aggreagate file tha curl can load.
+        // The .0 files will contain some extra metadata, but libcurl only cares about the
+        // -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- sections,
+        // so we can naïvely concatenate them all and libcurl will understand the bundle.
+        for certsFolder in certsFolders {
+            let certsFolderURL = URL(fileURLWithPath: certsFolder)
+            if (try? certsFolderURL.resourceValues(forKeys: [.isDirectoryKey]).isDirectory) != true { continue }
+            let certURLs = try FileManager.default.contentsOfDirectory(at: certsFolderURL, includingPropertiesForKeys: [.isRegularFileKey, .isReadableKey])
+            for certURL in certURLs {
+                //logger.debug("setupCACerts: certURL=\(certURL)")
+                // certificate files have names like "53a1b57a.0"
+                if certURL.pathExtension != "0" { continue }
+                do {
+                    if try certURL.resourceValues(forKeys: [.isRegularFileKey]).isRegularFile == false { continue }
+                    if try certURL.resourceValues(forKeys: [.isReadableKey]).isReadable == false { continue }
+                    try fs.write(contentsOf: try Data(contentsOf: certURL))
+                } catch {
+                    //logger.warning("setupCACerts: error reading certificate file \(certURL.path): \(error)")
+                    continue
+                }
+            }
+        }
+
+
+        //setenv("URLSessionCertificateAuthorityInfoFile", "INSECURE_SSL_NO_VERIFY", 1) // disables all certificate verification
+        //setenv("URLSessionCertificateAuthorityInfoFile", "/system/etc/security/cacerts/", 1) // doesn't work for directories
+        setenv("URLSessionCertificateAuthorityInfoFile", generatedCacertsURL.path, 1)
+        //logger.debug("setupCACerts: set URLSessionCertificateAuthorityInfoFile=\(generatedCacertsURL.path)")
+    }
+}
+#endif
+

Tests/AndroidNativeTests/AndroidNativeTests.swift

@@ -1,7 +1,38 @@
 import XCTest
 import AndroidNative
+#if canImport(FoundationNetworking)
+import FoundationEssentials
+import FoundationNetworking
+#else
+import Foundation
+#endif
 
 class AndroidNativeTests : XCTestCase {
+    public func testNetwork() async throws {
+        struct HTTPGetResponse : Decodable {
+            var args: [String: String]
+            var headers: [String: String]
+            var origin: String?
+            var url: String?
+        }
+        try AndroidBootstrap.setupCACerts() // needed in order to use https
+        let url = URL(string: "https://httpbin.org/get?x=1")!
+        let (data, response) = try await URLSession.shared.data(from: url)
+        let statusCode = (response as? HTTPURLResponse)?.statusCode
+        if statusCode != 200 {
+            // do not fail the test just because httpbin.org is unavailable
+            throw XCTSkip("tolerating bad status code: \(statusCode ?? 0) for url: \(url.absoluteString)")
+        }
+        XCTAssertEqual(200, statusCode)
+        let get = try JSONDecoder().decode(HTTPGetResponse.self, from: data)
+        XCTAssertEqual(get.url, url.absoluteString)
+        XCTAssertEqual(get.args["x"], "1")
+    }
+
+    public func testEmbedInCodeResource() async throws {
+        XCTAssertEqual("Hello Android!\n", String(data: Data(PackageResources.sample_resource_txt), encoding: .utf8) ?? "")
+    }
+
     @available(iOS 13.0, macOS 10.15, tvOS 13.0, watchOS 6.0, *)
     public func testMainActor() async {
         let actorDemo = await MainActorDemo()

Tests/AndroidNativeTests/Resources/sample_resource.txt

@@ -0,0 +1 @@
+Hello Android!