Merge pull request #183 from cconlon/androidTestFixes

Android: fix instrumented test compatibility and add emulator CI

Author: rlm2002

.github/workflows/android_gradle.yml

@@ -1,21 +1,18 @@
-name: Android Gradle Build test logic
+name: Android Gradle Build and Test
 
 on:
-  workflow_call:
-    inputs:
-      os:
-        required: true
-        type: string
-      jdk_distro:
-        required: true
-        type: string
-      jdk_version:
-        required: true
-        type: string
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ 'master' ]
+
+concurrency:
+  group: android-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
 
 jobs:
-  build_wolfssljni:
-    runs-on: ${{ inputs.os }}
+  build_wolfcryptjni:
+    runs-on: ubuntu-latest
     steps:
       - name: Clone wolfcrypt-jni
         uses: actions/checkout@v4
@@ -31,22 +28,80 @@ jobs:
       - name: Create blank options.h
         run: cp IDE/Android/app/src/main/cpp/wolfssl/wolfssl/options.h.in IDE/Android/app/src/main/cpp/wolfssl/wolfssl/options.h
 
-      # Setup Java
+      # Setup Java with Gradle caching
       - name: Setup java
         uses: actions/setup-java@v4
         with:
-          distribution: ${{ inputs.jdk_distro }}
-          java-version: ${{ inputs.jdk_version }}
+          distribution: 'zulu'
+          java-version: '21'
+          cache: 'gradle'
+
+      # Build all targets in single Gradle invocation
+      - name: Gradle Build
+        run: cd IDE/Android && ./gradlew --build-cache assembleDebug assembleDebugUnitTest assembleDebugAndroidTest
 
-      # Gradle assembleDebug
-      - name: Gradle assembleDebug
-        run: cd IDE/Android && ls && ./gradlew assembleDebug
+      # Enable KVM for hardware acceleration (required for emulator)
+      - name: Enable KVM
+        run: |
+          echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
+          sudo udevadm control --reload-rules
+          sudo udevadm trigger --name-match=kvm
 
-      # Gradle assembleDebugUnitTest
-      - name: Gradle assembleDebugUnitTest
-        run: cd IDE/Android && ls && ./gradlew assembleDebugUnitTest
+      # Cache AVD snapshot for faster emulator boot
+      - name: AVD cache
+        uses: actions/cache@v4
+        id: avd-cache
+        with:
+          path: |
+            ~/.android/avd/*
+            ~/.android/adb*
+          key: avd-wolfcryptjni-30-x86_64-atd-v1
 
-      # Gradle assembleDebugAndroidTest
-      - name: Gradle assembleDebugAndroidTest
-        run: cd IDE/Android && ls && ./gradlew assembleDebugAndroidTest
+      # Create AVD and generate snapshot for caching
+      - name: Create AVD and generate snapshot
+        if: steps.avd-cache.outputs.cache-hit != 'true'
+        uses: reactivecircus/android-emulator-runner@v2
+        with:
+          api-level: 30
+          arch: x86_64
+          target: aosp_atd
+          force-avd-creation: false
+          emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
+          disable-animations: true
+          script: echo "Generated AVD snapshot for caching"
 
+      # Run instrumented tests on Android emulator
+      - name: Run Android Instrumented Tests
+        uses: reactivecircus/android-emulator-runner@v2
+        timeout-minutes: 15
+        with:
+          api-level: 30
+          arch: x86_64
+          target: aosp_atd
+          force-avd-creation: false
+          emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
+          disable-animations: true
+          script: |
+            adb wait-for-device
+            adb shell mkdir -p /data/local/tmp/examples/certs/intermediate
+            adb shell mkdir -p /data/local/tmp/examples/certs/rsapss
+            adb shell mkdir -p /data/local/tmp/examples/certs/crl
+            adb push ./examples/certs/ /data/local/tmp/examples/
+            adb logcat -c
+            cd IDE/Android && ./gradlew connectedDebugAndroidTest --no-daemon --no-watch-fs || { adb logcat -d > /tmp/logcat.txt 2>&1; echo "=== LOGCAT (errors) ==="; grep -i "exception\|error\|fatal" /tmp/logcat.txt || true; exit 1; }
+            adb logcat -d > /tmp/logcat.txt 2>&1 || true
+            pgrep -f '[q]emu-system' | xargs -r kill -9 2>/dev/null || true
+            pgrep -f '[c]rashpad' | xargs -r kill -9 2>/dev/null || true
+            sleep 2
+
+      # Upload test reports even on failure
+      - name: Upload Test Reports
+        uses: actions/upload-artifact@v4
+        if: always()
+        timeout-minutes: 5
+        with:
+          name: android-test-reports
+          path: |
+            IDE/Android/app/build/reports/androidTests/
+            /tmp/logcat.txt
+          retention-days: 14

.github/workflows/main.yml

@@ -139,21 +139,6 @@ jobs:
       jdk_version: ${{ matrix.jdk_version }}
       wolfssl_configure: ${{ matrix.wolfssl_configure }}
 
-  # ----------------------- Android Gradle build ------------------------
-  # Run Android gradle build over PR code, only running on Linux with one
-  # JDK/version for now.
-  android-gradle:
-    strategy:
-      matrix:
-        os: [ 'ubuntu-latest' ]
-        jdk_version: [ '21' ]
-    name: Android Gradle (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }})
-    uses: ./.github/workflows/android_gradle.yml
-    with:
-      os: ${{ matrix.os }}
-      jdk_distro: "zulu"
-      jdk_version: ${{ matrix.jdk_version }}
-
   # --------------------- Maven build - test pom.xml --------------------
   # Run Maven build over PR code, running on Linux and Mac with only one
   # JDK/version for now.

IDE/Android/.gitignore

@@ -7,6 +7,7 @@
 /.idea/workspace.xml
 /.idea/navEditor.xml
 /.idea/assetWizardSettings.xml
+/.idea/androidTestResultsUserPreferences.xml
 .DS_Store
 /build
 /captures

IDE/Android/.idea/vcs.xml

@@ -75,7 +75,35 @@ del wolfssl
 mklink /D wolfssl ..\..\..\..\..\..\..\src\java\com\wolfssl\
 ```
 
-## 3. Import and Build the Example Project with Android Studio
+## 3. Push Certificate and KeyStore Files to Android Device
+
+Several JUnit tests require access to certificate and KeyStore files. These
+files are located in the `examples/certs` directory and must be pushed to
+the Android device or emulator before running tests.
+
+Start the emulator or connect your device, then use `adb push` from the root
+wolfcrypt-jni directory. This step can be done after starting Android Studio
+and compiling the project, but must be done before running the test cases.
+
+```
+adb shell mkdir -p /data/local/tmp/examples/certs/intermediate
+adb shell mkdir -p /data/local/tmp/examples/certs/rsapss
+adb shell mkdir -p /data/local/tmp/examples/certs/crl
+adb push ./examples/certs/ /data/local/tmp/examples/
+```
+
+This will push all certificate files, KeyStore files (.jks, .wks, .p12),
+and subdirectories (intermediate, rsapss, crl) needed by the JUnit tests.
+
+If this step is skipped, tests in the following classes will be skipped due
+to missing certificate files:
+
+- `WolfSSLKeyStoreTest`
+- `WolfCryptPKIXCertPathValidatorTest`
+- `WolfCryptPKIXRevocationCheckerTest`
+- `WolfSSLCertManagerOCSPTest`
+
+## 4. Import and Build the Example Project with Android Studio
 
 1) Open the Android Studio project by double clicking on the `Android` folder
 in wolfcrypt-jni/IDE/. Or, from inside Android Studio, open the `Android`

IDE/Android/README.md

@@ -12,6 +12,7 @@ android {
         versionCode 1
         versionName "1.0"
         testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
+        testInstrumentationRunnerArguments notClass: 'com.wolfssl.wolfcrypt.test.WolfCryptTestSuite,com.wolfssl.provider.jce.test.WolfJCETestSuite,com.wolfssl.wolfcrypt.test.fips.WolfCryptFipsTestSuite'
         externalNativeBuild {
             cmake {
                 cppFlags ""
@@ -35,7 +36,6 @@ android {
     }
     sourceSets {
         main.java.srcDirs += '../../../src/main/java'
-        test.java.srcDirs += '../../../src/main/test'
     }
     namespace 'com.example.wolfssl'
 }
@@ -45,6 +45,7 @@ dependencies {
     implementation 'com.android.support:appcompat-v7:28.0.0'
     implementation 'com.android.support.constraint:constraint-layout:2.0.4'
     testImplementation 'junit:junit:4.13.2'
+    androidTestImplementation 'junit:junit:4.13.2'
     androidTestImplementation 'com.android.support.test:runner:1.0.2'
     androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.2'
 }

IDE/Android/app/build.gradle

@@ -0,0 +1 @@
+../../../../../../../src/test/java/com/wolfssl

IDE/Android/app/src/androidTest/java/com/wolfssl

@@ -45,42 +45,48 @@ if ("${WOLFSSL_PKG_TYPE}" MATCHES "normal")
         # wolfssl/options.h by configure if using: "./configure --enable-jni".
         # This list may be configurable depending on use case and desired
         # optimizations.
-        add_definitions(-DWC_RSA_BLINDING -DWOLFSSL_SHA224 -DWOLFSSL_SHA384
-                -DWOLFSSL_SHA512 -DHAVE_HKDF -DNO_DSA -DHAVE_ECC
-                -DECC_SHAMIR -DWC_RSA_PSS -DWOLFSSL_BASE64_ENCODE
-                -DWOLFSSL_SHA3 -DHAVE_POLY1305 -DHAVE_CHACHA -DHAVE_HASHDRBG
-                -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_FFDHE_2048
-                -DWOLFSSL_TLS13 -DHAVE_EXTENDED_MASTER -DWOLFSSL_JNI
-                -DHAVE_EX_DATA -DWOLFSSL_DTLS -DOPENSSL_EXTRA -DOPENSSL_ALL
-                -DHAVE_CRL -DHAVE_OCSP -DHAVE_CRL_MONITOR
-                -DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER
-                -DHAVE_PK_CALLBACKS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN
-                -DHAVE_SNI -DHAVE_ALPN -DNO_RC4 -DHAVE_ENCRYPT_THEN_MAC
-                -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS -DHAVE_DH_DEFAULT_PARAMS
-                -DNO_ERROR_QUEUE -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING
-                -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID
-                -DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_ALWAYS_VERIFY_CB
-                -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS
-                -DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET
-                -DWOLFSSL_AKID_NAME -DHAVE_CTS -DNO_DES3 -DGCM_TABLE_4BIT
-                -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT
-                -DHAVE_AESGCM -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8
-                -DWOLFSSL_KEY_GEN -DWOLFSSL_PUBLIC_MP
-                -DWOLFSSL_CUSTOM_CONFIG
+        add_definitions(-DWOLFSSL_JNI -DATOMIC_USER -DHAVE_PK_CALLBACKS -DERROR_QUEUE_PER_THREAD
+                -DHAVE_EX_DATA -DHAVE_CRL -DHAVE_CRL_MONITOR -DHAVE_OCSP -DHAVE_THREAD_LS
+                -DKEEP_PEER_CERT -DPERSIST_CERT_CACHE -DPERSIST_SESSION_CACHE
+                -DSESSION_CERTS -DWC_NO_ASYNC_THREADING -DWOLFSSL_ALT_CERT_CHAINS
+                -DWOLFSSL_ALT_NAMES -DWOLFSSL_ALWAYS_KEEP_SNI -DWOLFSSL_ALWAYS_VERIFY_CB
+                -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_ASN_PRINT -DWOLFSSL_ASN_TEMPLATE
+                -DWOLFSSL_BASE64_ENCODE -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN
+                -DWOLFSSL_CERT_NAME_ALL -DWOLFSSL_CERT_REQ -DWOLFSSL_KEY_GEN -DWOLFSSL_DTLS
+                -DWOLFSSL_DTLS13 -DWOLFSSL_DTLS_DROP_STATS -DWOLFSSL_DTLS_MTU
+                -DWOLFSSL_SEND_HRR_COOKIE -DWOLFSSL_EITHER_SIDE -DWOLFSSL_PUBLIC_MP
+                -DWOLFSSL_SYS_CA_CERTS -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_TLS13
+                -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT -DWOLFSSL_USE_ALIGN -DWOLFSSL_EXTRA_ALERTS
+                -DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET -DWOLFSSL_AKID_NAME
+                -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN -DHAVE_ENCRYPT_THEN_MAC
+                -DHAVE_EXTENDED_MASTER -DHAVE_SERVER_RENEGOTIATION_INFO -DHAVE_SNI
+                -DHAVE_SUPPORTED_CURVES -DWOLFSSL_ENCRYPTED_KEYS
+                -DOPENSSL_ALL -DOPENSSL_EXTRA -DWOLFSSL_ERROR_CODE_OPENSSL
+                -DWOLFSSL_SHA224 -DWOLFSSL_SHA3 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512
+                -DHAVE_ECC -DECC_MIN_KEY_SZ=224 -DECC_SHAMIR
+                -DECC_TIMING_RESISTANT -DTFM_TIMING_RESISTANT
+                -DWC_RSA_BLINDING -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT
+                -DHAVE_AESGCM -DGCM_TABLE_4BIT -DHAVE_CTS -DWOLFSSL_AES_DIRECT
+                -DHAVE_CHACHA -DHAVE_POLY1305
+                -DHAVE_DH_DEFAULT_PARAMS -DHAVE_FFDHE_2048
+                -DHAVE_HASHDRBG -DHAVE_HKDF
+                -DNO_DES3 -DNO_DES3_TLS_SUITES -DNO_DO178 -DNO_DSA -DNO_ERROR_QUEUE -DNO_MD4
+                -DNO_OLD_TLS -DNO_RC4 -DWOLFSSL_NO_SHAKE128 -DWOLFSSL_NO_SHAKE256
+
+                -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8 -DWOLFSSL_CUSTOM_CONFIG
 
                 # For gethostbyname()
                 -DHAVE_NETDB_H
 
-                # Defines added for debugging. These can be removed if debug
-                # logging is not needed and will increase performance and reduce
-                # library footprint size if removed.
+                # Defines added for debugging. These can be removed if debug logging is not needed
+                # and will increase performance and reduce library footprint size if removed.
                 #-DDEBUG_WOLFSSL -DWOLFSSL_ANDROID_DEBUG
 
-                # Defines added for wolfCrypt test and benchmark only, may not
-                # be needed for your own application. Add -DNO_FILESYSTEM to
-                # disable file system use for wolfCrypt test, but make sure
-                # to remove this define in production applications as
-                # filesystem access is required for wolfJCE use.
+                # Defines added for wolfCrypt test and benchmark only, may not be needed for your
+                # own application.
+                # Add -DNO_FILESYSTEM to disable file system use for wolfCrypt test, but make sure
+                # to remove this define in production applications as filesystem access is required
+                # for wolfJCE use.
                 -DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256
                 -DNO_WRITE_TEMP_FILES -DNO_MAIN_DRIVER
         )

IDE/Android/app/src/main/cpp/CMakeLists.txt

@@ -13,5 +13,3 @@ org.gradle.jvmargs=-Xmx1536m
 # This option should only be used with decoupled projects. More details, visit
 # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
 # org.gradle.parallel=true
-
-