Add to "Reset hints"

- Implement BackupsPage composable with UI elements
- Add strings for backups reminder and acceptance

.github/CODEOWNERS

@@ -0,0 +1,4 @@
+# See https://docs.github.com/de/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# For combination with "Require review from code owners" for main-ose branch:
+*      @bitfireAT/app-dev

.github/dependabot.yml

@@ -8,4 +8,25 @@ updates:
     schedule:
       interval: "weekly"
     commit-message:
-      prefix: "[CI] "
+      prefix: "[CI] "
+    labels:
+      - "github_actions"
+      - "dependencies"
+    groups:
+      ci-actions:
+        patterns: ["*"]
+        
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:             # don't create "java" label (default for gradle ecosystem)
+      - "dependencies"
+    groups:
+      app-dependencies:
+        patterns: ["*"]
+    ignore:
+      # dependencies without semantic versioning
+      - dependency-name: "com.github.bitfireat:cert4android"
+      - dependency-name: "com.github.bitfireat:dav4jvm"
+      - dependency-name: "com.github.bitfireat:synctools"

.github/workflows/codeql.yml

@@ -8,6 +8,7 @@ on:
     branches: [ main-ose ]
   schedule:
     - cron: '22 10 * * 1'
+
 concurrency:
   group: codeql-${{ github.ref }}
   cancel-in-progress: true
@@ -21,38 +22,29 @@ jobs:
       contents: read
       security-events: write
 
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'java' ]
-
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
-    - uses: actions/setup-java@v4
+      uses: actions/checkout@v6
+    - uses: actions/setup-java@v5
       with:
         distribution: temurin
         java-version: 21
-    - uses: gradle/actions/setup-gradle@v4
+    - uses: gradle/actions/setup-gradle@v5
       with:
         cache-encryption-key: ${{ secrets.gradle_encryption_key }}
         cache-read-only: true         # gradle user home cache is generated by test jobs
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
-        languages: ${{ matrix.language }}
+        languages: java-kotlin
+        build-mode: manual            # autobuild uses older JDK
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    #- name: Autobuild
-    #  uses: github/codeql-action/autobuild@v2
-
-    - name: Build
-      run: ./gradlew --build-cache --configuration-cache --configuration-cache-problems=warn --no-daemon app:assembleOseDebug
+    - name: Build                     # we must not use build cache here
+      run: ./gradlew --no-daemon --configuration-cache app:assembleDebug
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/dependency-submission.yml

@@ -0,0 +1,24 @@
+name: Dependency Submission
+
+on:
+  push:
+    branches: [ 'main-ose' ]
+
+permissions:
+  contents: write
+
+jobs:
+  dependency-submission:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v6
+    - uses: actions/setup-java@v5
+      with:
+        distribution: temurin
+        java-version: 21
+
+    - name: Generate and submit dependency graph
+      uses: gradle/actions/dependency-submission@v5
+      with:
+        cache-encryption-key: ${{ secrets.gradle_encryption_key }}
+        dependency-graph-exclude-configurations: '.*[Tt]est.* .*[cC]heck.*'

.github/workflows/dependent-issues.yml

@@ -1,55 +0,0 @@
-name: Dependent Issues
-
-on:
-  issues:
-    types:
-      - opened
-      - edited
-      - closed
-      - reopened
-  pull_request_target:
-    types:
-      - opened
-      - edited
-      - closed
-      - reopened
-      # Makes sure we always add status check for PRs. Useful only if
-      # this action is required to pass before merging. Otherwise, it
-      # can be removed.
-      - synchronize
-
-  # Schedule a daily check. Useful if you reference cross-repository
-  # issues or pull requests. Otherwise, it can be removed.
-  schedule:
-    - cron: '19 9 * * *'
-
-permissions: write-all
-
-jobs:
-  check:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: z0al/dependent-issues@v1
-        env:
-          # (Required) The token to use to make API calls to GitHub.
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # (Optional) The token to use to make API calls to GitHub for remote repos.
-          GITHUB_READ_TOKEN: ${{ secrets.DEPENDENT_ISSUES_READ_TOKEN }}
-
-        with:
-          # (Optional) The label to use to mark dependent issues
-          # label: dependent
-
-          # (Optional) Enable checking for dependencies in issues.
-          # Enable by setting the value to "on". Default "off"
-          check_issues: on
-
-          # (Optional) A comma-separated list of keywords. Default
-          # "depends on, blocked by"
-          keywords: depends on, blocked by
-
-          # (Optional) A custom comment body. It supports `{{ dependencies }}` token.
-          comment: >
-            This PR/issue depends on:
-
-            {{ dependencies }}

.github/workflows/release.yml

@@ -19,19 +19,19 @@ jobs:
       discussions: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-java@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-java@v5
         with:
           distribution: temurin
           java-version: 21
-      - uses: gradle/actions/setup-gradle@v4
+      - uses: gradle/actions/setup-gradle@v5
 
       - name: Prepare keystore
         run: echo ${{ secrets.android_keystore_base64 }} | base64 -d >$GITHUB_WORKSPACE/keystore.jks
 
       - name: Build signed package
-        # Make sure that caches are disabled to generate reproducible release builds
-        run: ./gradlew --no-build-cache --no-configuration-cache --no-daemon app:assembleRelease
+        # Use build cache to speed up building of build variants, but clean caches from previous tests before
+        run: ./gradlew --build-cache --configuration-cache --no-daemon app:clean app:assembleRelease
         env:
           ANDROID_KEYSTORE: ${{ github.workspace }}/keystore.jks
           ANDROID_KEYSTORE_PASSWORD: ${{ secrets.android_keystore_password }}
@@ -45,4 +45,3 @@ jobs:
           files: app/build/outputs/apk/ose/release/*.apk
           fail_on_unmatched_files: true
           generate_release_notes: true
-          discussion_category_name: Announcements

.github/workflows/test-dev.yml

@@ -9,74 +9,128 @@ concurrency:
   group: test-dev-${{ github.ref }}
   cancel-in-progress: true
 
+# We provide a remote gradle build cache. Take the settings from the secrets and enable
+# configuration and build cache for all gradle jobs.
+#
+# Note: The secrets are not available for forks and Dependabot PRs.
+env:
+  GRADLE_BUILDCACHE_URL: ${{ secrets.gradle_buildcache_url }}
+  GRADLE_BUILDCACHE_USERNAME: ${{ secrets.gradle_buildcache_username }}
+  GRADLE_BUILDCACHE_PASSWORD: ${{ secrets.gradle_buildcache_password }}
+  GRADLE_OPTS: -Dorg.gradle.caching=true -Dorg.gradle.configuration-cache=true
+
 jobs:
   compile:
-    name: Compile for build cache
-    if: ${{ github.ref == 'refs/heads/main-ose' }}
+    name: Compile
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-java@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-java@v5
         with:
           distribution: temurin
           java-version: 21
 
       # See https://community.gradle.org/github-actions/docs/setup-gradle/ for more information
-      - uses: gradle/actions/setup-gradle@v4            # creates build cache when on main branch
+      - uses: gradle/actions/setup-gradle@v5
         with:
           cache-encryption-key: ${{ secrets.gradle_encryption_key }}
-          dependency-graph: generate-and-submit         # submit Github Dependency Graph info
+          cache-read-only: false                            # allow branches to update their configuration cache
+          gradle-home-cache-excludes: caches/build-cache-1  # don't cache local build cache because we use a remote cache
 
-      - run: ./gradlew --build-cache --configuration-cache --configuration-cache-problems=warn app:compileOseDebugSource
+      - name: Cache Android environment
+        uses: actions/cache@v5
+        with:
+          path: ~/.config/.android                          # needs to be cached so that configuration cache can work
+          key: android-${{ hashFiles('app/build.gradle.kts') }}
 
-  test:
+      - name: Compile
+        run: ./gradlew app:compileOseDebugSource
+
+      # Cache configurations for the other jobs (including assemble for CodeQL)
+      - name: Populate configuration cache
+        run: |
+          ./gradlew --dry-run app:assembleDebug
+          ./gradlew --dry-run app:lintOseDebug
+          ./gradlew --dry-run app:testOseDebugUnitTest
+          ./gradlew --dry-run app:virtualOseDebugAndroidTest
+
+  unit_tests:
     needs: compile
-    if: ${{ !cancelled() }}     # even if compile didn't run (because not on main branch)
     name: Lint and unit tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-java@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-java@v5
         with:
           distribution: temurin
           java-version: 21
-      - uses: gradle/actions/setup-gradle@v4
+      - uses: gradle/actions/setup-gradle@v5
         with:
           cache-encryption-key: ${{ secrets.gradle_encryption_key }}
           cache-read-only: true
 
-      - name: Run lint
-        run: ./gradlew --build-cache --configuration-cache --configuration-cache-problems=warn app:lintOseDebug
-      - name: Run unit tests
-        run: ./gradlew --build-cache --configuration-cache --configuration-cache-problems=warn app:testOseDebugUnitTest
+      - name: Restore Android environment
+        uses: actions/cache/restore@v5
+        with:
+          path: ~/.config/.android
+          key: android-${{ hashFiles('app/build.gradle.kts') }}
 
-  test_on_emulator:
+      - name: Lint checks
+        run: ./gradlew app:lintOseDebug
+
+      - name: Unit tests
+        run: ./gradlew app:testOseDebugUnitTest
+
+  instrumented_tests:
     needs: compile
-    if: ${{ !cancelled() }}     # even if compile didn't run (because not on main branch)
     name: Instrumented tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-java@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-java@v5
         with:
           distribution: temurin
           java-version: 21
-      - uses: gradle/actions/setup-gradle@v4
+      - uses: gradle/actions/setup-gradle@v5
         with:
           cache-encryption-key: ${{ secrets.gradle_encryption_key }}
           cache-read-only: true
 
+      - name: Restore Android environment
+        uses: actions/cache/restore@v5
+        with:
+          path: ~/.config/.android
+          key: android-${{ hashFiles('app/build.gradle.kts') }}
+
+      # gradle and Android SDK often take more space than what is available on the default runner.
+      # We try to free a few GB here to make gradle-managed devices more reliable.
+      - name: Free some disk space
+        uses: jlumbroso/free-disk-space@main
+        with:
+          android: false          # we need the Android SDK
+          large-packages: false   # apt takes too long
+          swap-storage: false     # gradle needs much memory
+
+      - name: Restore AVD
+        id: restore-avd
+        uses: actions/cache/restore@v5
+        with:
+          path: ~/.config/.android/avd                        # where AVD is stored
+          key: avd-${{ hashFiles('app/build.gradle.kts') }}   # gradle-managed devices are defined there
+
+      # Enable virtualization for Android emulator
       - name: Enable KVM group perms
         run: |
           echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
           sudo udevadm control --reload-rules
           sudo udevadm trigger --name-match=kvm
 
-      - name: Cache AVD
-        uses: actions/cache@v4
-        with:
-          path: ~/.config/.android/avd
-          key: avd-${{ hashFiles('app/build.gradle.kts') }}   # gradle-managed devices are defined there
+      - name: Instrumented tests
+        run: ./gradlew app:virtualOseDebugAndroidTest
 
-      - name: Run device tests
-        run: ./gradlew --build-cache --configuration-cache --configuration-cache-problems=warn app:virtualCheck
+      - name: Cache AVD
+        uses: actions/cache/save@v5
+        if: steps.restore-avd.outputs.cache-hit != 'true'
+        with:
+          path: ~/.config/.android/avd                        # where AVD is stored
+          key: avd-${{ hashFiles('app/build.gradle.kts') }}   # gradle-managed devices are defined there

.gitignore

@@ -16,10 +16,6 @@
 bin/
 gen/
 
-# Gradle files
-.gradle/
-build/
-
 # Local configuration file (sdk path, etc)
 local.properties
 

.tx/config

@@ -1,30 +0,0 @@
-[main]
-host     = https://www.transifex.com
-lang_map = ar_SA: ar, en_GB: en-rGB, fa_IR: fa-rIR, fi_FI: fi, nb_NO: nb, sk_SK: sk, sl_SI: sl, tr_TR: tr, zh_CN: zh, zh_TW: zh-rTW
-
-[o:bitfireAT:p:davx5:r:app]
-file_filter   = app/src/main/res/values-<lang>/strings.xml
-source_file   = app/src/main/res/values/strings.xml
-source_lang   = en
-type          = ANDROID
-minimum_perc  = 20
-resource_name = App strings (all flavors)
-
-
-# Attention: fastlane directories are like "en-us", not "en-rUS"!
-
-[o:bitfireAT:p:davx5:r:metadata-short-description]
-file_filter   = fastlane/metadata/android/<lang>/short_description.txt
-source_file   = fastlane/metadata/android/en-US/short_description.txt
-source_lang   = en
-type          = TXT
-minimum_perc  = 100
-resource_name = Metadata: short description
-
-[o:bitfireAT:p:davx5:r:metadata-full-description]
-file_filter   = fastlane/metadata/android/<lang>/full_description.txt
-source_file   = fastlane/metadata/android/en-US/full_description.txt
-source_lang   = en
-type          = TXT
-minimum_perc  = 100
-resource_name = Metadata: full description

CONTRIBUTING.md

@@ -14,24 +14,11 @@ If you send us a pull request, our CLA bot will ask you to sign the
 Contributor's License Agreement so that we can use your contribution.
 
 
-# Copyright
+# Copyright notice
 
 Make sure that every file that contains significant work (at least every code file)
-starts with the copyright header:
-
-```
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-```
-
-You can set this in Android Studio:
-
-1. Settings / Editor / Copyright / Copyright Profiles
-2. Paste the text above (without the stars).
-3. Set Formatting so that the preview exactly looks like above; one blank line after the block.
-4. Set this copyright profile as the default profile for the project.
-5. Apply copyright: right-click in file tree / Update copyright.
+starts with the copyright header. Android Studio should do so automatically because the
+configuration is stored in the repository (`.idea/copyright`).
 
 
 # Style guide
@@ -110,8 +97,3 @@ Test classes should be in the appropriate directory (see existing tests) and in
 tested class. Tests are usually be named like `methodToBeTested_Condition()`, see
 [Test apps on Android](https://developer.android.com/training/testing/).
 
-
-# Authors
-
-If you make significant contributions, feel free to add yourself to the [AUTHORS file](AUTHORS).
-

README.md

@@ -1,9 +1,9 @@
 
-[![Website](https://img.shields.io/website?style=flat-square&up_color=%237cb342&url=https%3A%2F%2Fwww.davx5.com)](https://www.davx5.com/)
-[![F-Droid](https://img.shields.io/f-droid/v/at.bitfire.davdroid?style=flat-square)](https://f-droid.org/packages/at.bitfire.davdroid/)
-[![License](https://img.shields.io/github/license/bitfireAT/davx5-ose?style=flat-square)](https://github.com/bitfireAT/davx5-ose/blob/main/LICENSE)
 [![Follow @davx5app@fosstodon.org](https://img.shields.io/mastodon/follow/109598783742737223?domain=https%3A%2F%2Ffosstodon.org&style=flat-square)](https://fosstodon.org/@davx5app)
-[![Development tests](https://github.com/bitfireAT/davx5-ose/actions/workflows/test-dev.yml/badge.svg)](https://github.com/bitfireAT/davx5-ose/actions/workflows/test-dev.yml)
+[![Website](https://img.shields.io/website?style=flat-square&up_color=%237cb342&url=https%3A%2F%2Fwww.davx5.com)](https://www.davx5.com/)
+[![License](https://img.shields.io/github/license/bitfireAT/davx5-ose?style=flat-square)](https://github.com/bitfireAT/davx5-ose/blob/main/LICENSE)
+[![F-Droid](https://img.shields.io/f-droid/v/at.bitfire.davdroid?style=flat-square)](https://f-droid.org/packages/at.bitfire.davdroid/)
+![GitHub Downloads (all assets, all releases)](https://img.shields.io/github/downloads/bitfireAT/davx5-ose/total?label=GitHub%20downloads)
 
 ![DAVx⁵ logo](app/src/main/res/mipmap-xxxhdpi/ic_launcher.png)
 
@@ -11,8 +11,10 @@
 DAVx⁵
 ========
 
-Please see the [DAVx⁵ Web site](https://www.davx5.com) for
-comprehensive information about DAVx⁵, including a list of services it has been tested with.
+> [!IMPORTANT]
+> Please see the [DAVx⁵ Web site](https://www.davx5.com) for
+> comprehensive information about DAVx⁵, including a list of services it has been tested with,
+> a manual and FAQ.
 
 DAVx⁵ is licensed under the [GPLv3 License](LICENSE).
 
@@ -26,8 +28,7 @@ Parts of DAVx⁵ have been outsourced into these libraries:
 
 * [cert4android](https://github.com/bitfireAT/cert4android) – custom certificate management
 * [dav4jvm](https://github.com/bitfireAT/dav4jvm) – WebDAV/CalDav/CardDAV framework
-* [ical4android](https://github.com/bitfireAT/ical4android) – iCalendar processing and Calendar Provider access
-* [vcard4android](https://github.com/bitfireAT/vcard4android) – vCard processing and Contacts Provider access
+* [synctools](https://github.com/bitfireAT/synctools) – iCalendar/vCard/Tasks processing and content provider access
 
 **If you want to support DAVx⁵, please consider [donating to DAVx⁵](https://www.davx5.com/donate)
 or [purchasing it](https://www.davx5.com/download).**

app/build.gradle.kts

@@ -6,10 +6,9 @@ plugins {
     alias(libs.plugins.android.application)
     alias(libs.plugins.compose.compiler)
     alias(libs.plugins.hilt)
-    alias(libs.plugins.kotlin.android)
+    alias(libs.plugins.kotlin.serialization)
     alias(libs.plugins.ksp)
-
-    alias(libs.plugins.mikepenz.aboutLibraries)
+    alias(libs.plugins.mikepenz.aboutLibraries.android)
 }
 
 // Android configuration
@@ -19,14 +18,17 @@ android {
     defaultConfig {
         applicationId = "at.bitfire.davdroid"
 
-        versionCode = 405000000
-        versionName = "4.5"
+        versionCode = 405080003
+        versionName = "4.5.8"
 
-        setProperty("archivesBaseName", "davx5-ose-$versionName")
+        base.archivesName = "davx5-ose-$versionName"
 
         minSdk = 24        // Android 7.0
         targetSdk = 36     // Android 16
 
+        // whether the build supports and allows to use custom certificates
+        buildConfigField("boolean", "allowCustomCerts", "true")
+
         testInstrumentationRunner = "at.bitfire.davdroid.HiltTestRunner"
     }
 
@@ -121,8 +123,10 @@ ksp {
 }
 
 aboutLibraries {
-    // exclude timestamps for reproducible builds [https://github.com/bitfireAT/davx5-ose/issues/994]
-    excludeFields = arrayOf("generated")
+    export {
+        // exclude timestamps for reproducible builds [https://github.com/bitfireAT/davx5-ose/issues/994]
+        excludeFields.add("generated")
+    }
 }
 
 dependencies {
@@ -154,21 +158,21 @@ dependencies {
 
     // Jetpack Compose
     implementation(libs.compose.accompanist.permissions)
-    implementation(platform(libs.compose.bom))
-    implementation(libs.compose.material3)
-    implementation(libs.compose.materialIconsExtended)
-    debugImplementation(libs.compose.ui.tooling)
-    implementation(libs.compose.ui.toolingPreview)
+    implementation(platform(libs.androidx.compose.bom))
+    implementation(libs.androidx.compose.material3)
+    implementation(libs.androidx.compose.materialIconsExtended)
+    debugImplementation(libs.androidx.compose.ui.tooling)
+    implementation(libs.androidx.compose.ui.toolingPreview)
 
     // Glance Widgets
-    implementation(libs.glance.base)
-    implementation(libs.glance.material)
+    implementation(libs.androidx.glance.base)
+    implementation(libs.androidx.glance.material)
 
     // Jetpack Room
-    implementation(libs.room.runtime)
-    implementation(libs.room.base)
-    implementation(libs.room.paging)
-    ksp(libs.room.compiler)
+    implementation(libs.androidx.room.runtime)
+    implementation(libs.androidx.room.base)
+    implementation(libs.androidx.room.paging)
+    ksp(libs.androidx.room.compiler)
 
     // own libraries
     implementation(libs.bitfire.cert4android)
@@ -176,14 +180,20 @@ dependencies {
         exclude(group="junit")
         exclude(group="org.ogce", module="xpp3")    // Android has its own XmlPullParser implementation
     }
-    implementation(libs.bitfire.synctools)
+    implementation(libs.bitfire.synctools) {
+        exclude(group="androidx.test")              // synctools declares test rules, but we don't want them in non-test code
+        exclude(group = "junit")
+    }
 
     // third-party libs
-    @Suppress("RedundantSuppression")
+    implementation(libs.conscrypt)
     implementation(libs.dnsjava)
     implementation(libs.guava)
-    implementation(libs.mikepenz.aboutLibraries)
-    implementation(libs.nsk90.kstatemachine)
+    implementation(libs.ktor.client.content.negotiation)
+    implementation(libs.ktor.client.core)
+    implementation(libs.ktor.client.okhttp)
+    implementation(libs.ktor.serialization.kotlinx.json)
+    implementation(libs.mikepenz.aboutLibraries.m3)
     implementation(libs.okhttp.base)
     implementation(libs.okhttp.brotli)
     implementation(libs.okhttp.logging)
@@ -202,6 +212,7 @@ dependencies {
 
     // for tests
     androidTestImplementation(libs.androidx.arch.core.testing)
+    androidTestImplementation(libs.androidx.room.testing)
     androidTestImplementation(libs.androidx.test.core)
     androidTestImplementation(libs.androidx.test.junit)
     androidTestImplementation(libs.androidx.test.rules)
@@ -212,10 +223,10 @@ dependencies {
     androidTestImplementation(libs.kotlinx.coroutines.test)
     androidTestImplementation(libs.mockk.android)
     androidTestImplementation(libs.okhttp.mockwebserver)
-    androidTestImplementation(libs.room.testing)
 
     testImplementation(libs.bitfire.dav4jvm)
     testImplementation(libs.junit)
     testImplementation(libs.mockk)
     testImplementation(libs.okhttp.mockwebserver)
+    testImplementation(libs.robolectric)
 }

app/proguard-rules-release.pro

@@ -24,3 +24,8 @@
 -dontwarn sun.net.spi.nameservice.NameService
 -dontwarn sun.net.spi.nameservice.NameServiceDescriptor
 -dontwarn org.xbill.DNS.spi.DnsjavaInetAddressResolverProvider
+
+# okhttp
+# https://github.com/bitfireAT/davx5/issues/711 / https://github.com/square/okhttp/issues/8574
+-keep class okhttp3.internal.idn.IdnaMappingTable { *; }
+-keep class okhttp3.internal.idn.IdnaMappingTableInstanceKt{ *; }

app/src/androidTest/AndroidManifest.xml

@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
     android:installLocation="internalOnly">
 
     <!-- account management permissions not required for own accounts since API level 22 -->
@@ -7,4 +8,9 @@
     <uses-permission android:name="android.permission.GET_ACCOUNTS" android:maxSdkVersion="22"/>
     <uses-permission android:name="android.permission.MANAGE_ACCOUNTS" android:maxSdkVersion="22"/>
 
+    <!--
+    Since Mockk 1.14.7 it's required to use minSdk 26. We use 24, so override for tests.
+    -->
+    <uses-sdk tools:overrideLibrary="io.mockk.android,io.mockk.proxy.android" />
+
 </manifest>

app/src/androidTest/kotlin/at/bitfire/davdroid/CatchExceptionsRule.kt

@@ -1,37 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid
-
-import org.junit.rules.TestRule
-import org.junit.runner.Description
-import org.junit.runners.model.Statement
-import kotlin.reflect.KClass
-
-/**
- * Use this custom rule to ignore exceptions thrown by another rule.
- *
- * @param innerRule The rule to wrap.
- * @param exceptionsToIgnore The exceptions to ignore.
- */
-class CatchExceptionsRule(
-    private val innerRule: TestRule,
-    private vararg val exceptionsToIgnore: KClass<out Throwable>
-) : TestRule {
-    override fun apply(base: Statement, description: Description): Statement {
-        return object : Statement() {
-            override fun evaluate() {
-                try {
-                    innerRule.apply(base, description).evaluate()
-                } catch (e: Throwable) {
-                    val shouldIgnore = exceptionsToIgnore.any { it.isInstance(e) }
-                    if (shouldIgnore)
-                        base.evaluate()
-                    else
-                        throw e
-                }
-            }
-        }
-    }
-}

app/src/androidTest/kotlin/at/bitfire/davdroid/Dav4jvm.kt

@@ -1,20 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid
-
-import android.util.Xml
-import at.bitfire.dav4jvm.XmlUtils
-import org.junit.Assert.assertTrue
-import org.junit.Test
-
-class Dav4jvm {
-
-    @Test
-    fun test_Dav4jvm_XmlUtils_NewPullParser_RelaxedParsing() {
-        val parser = XmlUtils.newPullParser()
-        assertTrue(parser.getFeature(Xml.FEATURE_RELAXED))
-    }
-
-}

app/src/androidTest/kotlin/at/bitfire/davdroid/ExternalLibrariesTest.kt

@@ -0,0 +1,30 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid
+
+import android.util.Xml
+import at.bitfire.dav4jvm.XmlUtils
+import okhttp3.HttpUrl.Companion.toHttpUrl
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertTrue
+import org.junit.Test
+
+class ExternalLibrariesTest {
+
+    @Test
+    fun test_Dav4jvm_XmlUtils_NewPullParser_RelaxedParsing() {
+        val parser = XmlUtils.newPullParser()
+        assertTrue(parser.getFeature(Xml.FEATURE_RELAXED))
+    }
+
+    @Test
+    fun testOkhttpHttpUrl_PublicSuffixList() {
+        // HttpUrl.topPrivateDomain() requires okhttp's internal PublicSuffixList.
+        // In Android, loading the PublicSuffixList is done over AndroidX startup.
+        // This test verifies that everything is working.
+        assertEquals("example.com", "http://example.com".toHttpUrl().topPrivateDomain())
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/HiltTestRunner.kt

@@ -10,8 +10,11 @@ import android.os.Build
 import android.os.Bundle
 import androidx.test.runner.AndroidJUnitRunner
 import at.bitfire.davdroid.di.TestCoroutineDispatchersModule
-import at.bitfire.davdroid.sync.SyncAdapterService
+import at.bitfire.davdroid.test.BuildConfig
+import at.bitfire.synctools.log.LogcatHandler
 import dagger.hilt.android.testing.HiltTestApplication
+import java.util.logging.Level
+import java.util.logging.Logger
 
 @Suppress("unused")
 class HiltTestRunner : AndroidJUnitRunner() {
@@ -22,13 +25,16 @@ class HiltTestRunner : AndroidJUnitRunner() {
     override fun onCreate(arguments: Bundle?) {
         super.onCreate(arguments)
 
+        // set root logger to adb Logcat
+        val rootLogger = Logger.getLogger("")
+        rootLogger.level = Level.ALL
+        rootLogger.handlers.forEach { rootLogger.removeHandler(it) }
+        rootLogger.addHandler(LogcatHandler(BuildConfig.APPLICATION_ID))
+
         // MockK requirements
         if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P)
             throw AssertionError("MockK requires Android P [https://mockk.io/ANDROID.html]")
 
-        // disable sync adapters
-        SyncAdapterService.syncActive.set(false)
-
         // set main dispatcher for tests (especially runTest)
         TestCoroutineDispatchersModule.initMainDispatcher()
     }

app/src/androidTest/kotlin/at/bitfire/davdroid/InitCalendarProviderRule.kt

@@ -1,123 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid
-
-import android.Manifest
-import android.accounts.Account
-import android.content.ContentProviderClient
-import android.content.ContentUris
-import android.content.ContentValues
-import android.os.Build
-import android.provider.CalendarContract
-import androidx.test.platform.app.InstrumentationRegistry
-import androidx.test.rule.GrantPermissionRule
-import at.bitfire.davdroid.resource.LocalCalendar
-import at.bitfire.davdroid.resource.LocalEvent
-import at.bitfire.ical4android.AndroidCalendar
-import at.bitfire.ical4android.Event
-import net.fortuna.ical4j.model.property.DtStart
-import net.fortuna.ical4j.model.property.RRule
-import org.junit.Assert.assertNotNull
-import org.junit.rules.ExternalResource
-import org.junit.rules.RuleChain
-import java.util.logging.Logger
-
-/**
- * JUnit ClassRule which initializes the AOSP CalendarProvider.
- *
- * It seems that the calendar provider unfortunately forgets the very first requests when it is used the very first time,
- * maybe by some wrongly synchronized database initialization. So things like querying the instances
- * fails in this case.
- *
- * So this rule is needed to allow tests which need the calendar provider to succeed even when the calendar provider
- * is used the very first time (especially in CI tests / a fresh emulator).
- *
- * See [at.bitfire.davdroid.resource.LocalCalendarTest] for an example of how to use this rule.
- */
-class InitCalendarProviderRule private constructor(): ExternalResource() {
-
-    companion object {
-
-        private var isInitialized = false
-        private val logger = Logger.getLogger(InitCalendarProviderRule::javaClass.name)
-
-        fun getInstance(): RuleChain = RuleChain
-            .outerRule(GrantPermissionRule.grant(Manifest.permission.READ_CALENDAR, Manifest.permission.WRITE_CALENDAR))
-            .around(InitCalendarProviderRule())
-
-    }
-
-    override fun before() {
-        if (!isInitialized) {
-            logger.info("Initializing calendar provider")
-            if (Build.VERSION.SDK_INT < 31)
-                logger.warning("Calendar provider initialization may or may not work. See InitCalendarProviderRule")
-
-            val context = InstrumentationRegistry.getInstrumentation().targetContext
-            val client = context.contentResolver.acquireContentProviderClient(CalendarContract.AUTHORITY)
-            assertNotNull("Couldn't acquire calendar provider", client)
-
-            client!!.use {
-                initCalendarProvider(client)
-                isInitialized = true
-            }
-        }
-    }
-
-    private fun initCalendarProvider(provider: ContentProviderClient) {
-        val account = Account("LocalCalendarTest", CalendarContract.ACCOUNT_TYPE_LOCAL)
-
-        // Sometimes, the calendar provider returns an ID for the created calendar, but then fails to find it.
-        var calendarOrNull: LocalCalendar? = null
-        for (i in 0..50) {
-            calendarOrNull = createAndVerifyCalendar(account, provider)
-            if (calendarOrNull != null)
-                break
-            else
-                Thread.sleep(100)
-        }
-        val calendar = calendarOrNull ?: throw IllegalStateException("Couldn't create calendar")
-
-        try {
-            // single event init
-            val normalEvent = Event().apply {
-                dtStart = DtStart("20220120T010203Z")
-                summary = "Event with 1 instance"
-            }
-            val normalLocalEvent = LocalEvent(calendar, normalEvent, null, null, null, 0)
-            normalLocalEvent.add()
-            LocalEvent.numInstances(provider, account, normalLocalEvent.id!!)
-
-            // recurring event init
-            val recurringEvent = Event().apply {
-                dtStart = DtStart("20220120T010203Z")
-                summary = "Event over 22 years"
-                rRules.add(RRule("FREQ=YEARLY;UNTIL=20740119T010203Z"))     // year needs to be  >2074 (not supported by Android <11 Calendar Storage)
-            }
-            val localRecurringEvent = LocalEvent(calendar, recurringEvent, null, null, null, 0)
-            localRecurringEvent.add()
-            LocalEvent.numInstances(provider, account, localRecurringEvent.id!!)
-        } finally {
-            calendar.delete()
-        }
-    }
-
-    private fun createAndVerifyCalendar(account: Account, provider: ContentProviderClient): LocalCalendar? {
-        val uri = AndroidCalendar.create(account, provider, ContentValues())
-
-        return try {
-            AndroidCalendar.findByID(
-                account,
-                provider,
-                LocalCalendar.Factory,
-                ContentUris.parseId(uri)
-            )
-        } catch (e: Exception) {
-            logger.warning("Couldn't find calendar after creation: $e")
-            null
-        }
-    }
-
-}

app/src/androidTest/kotlin/at/bitfire/davdroid/db/CollectionTest.kt

@@ -4,22 +4,20 @@
 
 package at.bitfire.davdroid.db
 
-import android.security.NetworkSecurityPolicy
 import androidx.test.filters.SmallTest
-import at.bitfire.dav4jvm.DavResource
-import at.bitfire.dav4jvm.property.webdav.ResourceType
-import at.bitfire.davdroid.network.HttpClient
+import at.bitfire.dav4jvm.okhttp.DavResource
+import at.bitfire.dav4jvm.property.webdav.WebDAV
+import at.bitfire.davdroid.network.HttpClientBuilder
 import dagger.hilt.android.testing.HiltAndroidRule
 import dagger.hilt.android.testing.HiltAndroidTest
 import okhttp3.HttpUrl.Companion.toHttpUrl
+import okhttp3.OkHttpClient
 import okhttp3.mockwebserver.MockResponse
 import okhttp3.mockwebserver.MockWebServer
-import org.junit.After
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
 import org.junit.Assert.assertNull
 import org.junit.Assert.assertTrue
-import org.junit.Assume
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
@@ -29,12 +27,12 @@ import javax.inject.Inject
 class CollectionTest {
 
     @Inject
-    lateinit var httpClientBuilder: HttpClient.Builder
+    lateinit var httpClientBuilder: HttpClientBuilder
 
     @get:Rule
     val hiltRule = HiltAndroidRule(this)
 
-    private lateinit var httpClient: HttpClient
+    private lateinit var httpClient: OkHttpClient
     private val server = MockWebServer()
 
     @Before
@@ -42,12 +40,6 @@ class CollectionTest {
         hiltRule.inject()
 
         httpClient = httpClientBuilder.build()
-        Assume.assumeTrue(NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted)
-    }
-
-    @After
-    fun teardown() {
-        httpClient.close()
     }
 
 
@@ -69,8 +61,8 @@ class CollectionTest {
                         "</multistatus>"))
 
         lateinit var info: Collection
-        DavResource(httpClient.okHttpClient, server.url("/"))
-                .propfind(0, ResourceType.NAME) { response, _ ->
+        DavResource(httpClient, server.url("/"))
+                .propfind(0, WebDAV.ResourceType) { response, _ ->
             info = Collection.fromDavResponse(response) ?: throw IllegalArgumentException()
         }
         assertEquals(Collection.TYPE_ADDRESSBOOK, info.type)
@@ -125,8 +117,8 @@ class CollectionTest {
                     "</multistatus>"))
 
         lateinit var info: Collection
-        DavResource(httpClient.okHttpClient, server.url("/"))
-            .propfind(0, ResourceType.NAME) { response, _ ->
+        DavResource(httpClient, server.url("/"))
+            .propfind(0, WebDAV.ResourceType) { response, _ ->
                 info = Collection.fromDavResponse(response)!!
             }
         assertEquals(Collection.TYPE_CALENDAR, info.type)
@@ -161,8 +153,8 @@ class CollectionTest {
                     "</multistatus>"))
 
         lateinit var info: Collection
-        DavResource(httpClient.okHttpClient, server.url("/"))
-            .propfind(0, ResourceType.NAME) { response, _ ->
+        DavResource(httpClient, server.url("/"))
+            .propfind(0, WebDAV.ResourceType) { response, _ ->
                 info = Collection.fromDavResponse(response)!!
             }
         assertEquals(Collection.TYPE_CALENDAR, info.type)
@@ -195,8 +187,8 @@ class CollectionTest {
                         "</multistatus>"))
 
         lateinit var info: Collection
-        DavResource(httpClient.okHttpClient, server.url("/"))
-                .propfind(0, ResourceType.NAME) { response, _ ->
+        DavResource(httpClient, server.url("/"))
+                .propfind(0, WebDAV.ResourceType) { response, _ ->
                     info = Collection.fromDavResponse(response) ?: throw IllegalArgumentException()
                 }
         assertEquals(Collection.TYPE_WEBCAL, info.type)

app/src/androidTest/kotlin/at/bitfire/davdroid/db/HomeSetDaoTest.kt

@@ -0,0 +1,97 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.db
+
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.launch
+import kotlinx.coroutines.runBlocking
+import okhttp3.HttpUrl.Companion.toHttpUrl
+import org.junit.After
+import org.junit.Assert.assertEquals
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import javax.inject.Inject
+
+@HiltAndroidTest
+class HomeSetDaoTest {
+
+    @get:Rule
+    var hiltRule = HiltAndroidRule(this)
+
+    @Inject
+    lateinit var db: AppDatabase
+    lateinit var dao: HomeSetDao
+    var serviceId: Long = 0
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+        dao = db.homeSetDao()
+
+        serviceId = db.serviceDao().insertOrReplace(
+            Service(id=0, accountName="test", type= Service.TYPE_CALDAV, principal = null)
+        )
+    }
+
+    @After
+    fun tearDown() {
+        db.serviceDao().deleteAll()
+    }
+
+
+    @Test
+    fun testInsertOrUpdate() {
+        // should insert new row or update (upsert) existing row - without changing its key!
+        val entry1 = HomeSet(id=0, serviceId=serviceId, personal=true, url="https://example.com/1".toHttpUrl())
+        val insertId1 = dao.insertOrUpdateByUrlBlocking(entry1)
+        assertEquals(1L, insertId1)
+        assertEquals(entry1.copy(id = 1L), dao.getById(1))
+
+        val updatedEntry1 = HomeSet(id=0, serviceId=serviceId, personal=true, url="https://example.com/1".toHttpUrl(), displayName="Updated Entry")
+        val updateId1 = dao.insertOrUpdateByUrlBlocking(updatedEntry1)
+        assertEquals(1L, updateId1)
+        assertEquals(updatedEntry1.copy(id = 1L), dao.getById(1))
+
+        val entry2 = HomeSet(id=0, serviceId=serviceId, personal=true, url= "https://example.com/2".toHttpUrl())
+        val insertId2 = dao.insertOrUpdateByUrlBlocking(entry2)
+        assertEquals(2L, insertId2)
+        assertEquals(entry2.copy(id = 2L), dao.getById(2))
+    }
+
+    @Test
+    fun testInsertOrUpdate_TransactionSafe() {
+        runBlocking(Dispatchers.IO) {
+            for (i in 0..9999)
+                launch {
+                    dao.insertOrUpdateByUrlBlocking(
+                        HomeSet(
+                            id = 0,
+                            serviceId = serviceId,
+                            url = "https://example.com/".toHttpUrl(),
+                            personal = true
+                        )
+                    )
+                }
+        }
+        assertEquals(1, dao.getByService(serviceId).size)
+    }
+
+    @Test
+    fun testDelete() {
+        // should delete row with given primary key (id)
+        val entry1 = HomeSet(id=1, serviceId=serviceId, personal=true, url= "https://example.com/1".toHttpUrl())
+
+        val insertId1 = dao.insertOrUpdateByUrlBlocking(entry1)
+        assertEquals(1L, insertId1)
+        assertEquals(entry1, dao.getById(1L))
+
+        dao.delete(entry1)
+        assertEquals(null, dao.getById(1L))
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/db/PrincipalDaoTest.kt

@@ -0,0 +1,96 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.db
+
+import android.database.sqlite.SQLiteConstraintException
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import io.mockk.junit4.MockKRule
+import io.mockk.spyk
+import io.mockk.verify
+import kotlinx.coroutines.test.runTest
+import okhttp3.HttpUrl.Companion.toHttpUrl
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertTrue
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import javax.inject.Inject
+
+
+@HiltAndroidTest
+class PrincipalDaoTest {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @get:Rule
+    val mockKRule = MockKRule(this)
+
+    @Inject
+    lateinit var db: AppDatabase
+
+    private lateinit var principalDao: PrincipalDao
+    private lateinit var service: Service
+    private val url = "https://example.com/dav/principal".toHttpUrl()
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+        principalDao = spyk(db.principalDao())
+
+        service = Service(id = 1, accountName = "account", type = "webdav")
+        db.serviceDao().insertOrReplace(service)
+    }
+
+    @Test
+    fun insertOrUpdate_insertsIfNotExisting() = runTest {
+        val principal = Principal(serviceId = service.id, url = url, displayName = "principal")
+        val id = principalDao.insertOrUpdate(service.id, principal)
+        assertTrue(id > 0)
+
+        val stored = principalDao.get(id)
+        assertEquals("principal", stored.displayName)
+        verify(exactly = 0) { principalDao.update(any()) }
+    }
+
+    @Test
+    fun insertOrUpdate_doesNotUpdateIfDisplayNameIsEqual() = runTest {
+        val principalOld = Principal(serviceId = service.id, url = url, displayName = "principalOld")
+        val idOld = principalDao.insertOrUpdate(service.id, principalOld)
+
+        val principalNew = Principal(serviceId = service.id, url = url, displayName = "principalOld")
+        val idNew = principalDao.insertOrUpdate(service.id, principalNew)
+
+        assertEquals(idOld, idNew)
+        val stored = principalDao.get(idOld)
+        assertEquals("principalOld", stored.displayName)
+        verify(exactly = 0) { principalDao.update(any()) }
+    }
+
+    @Test
+    fun insertOrUpdate_updatesIfDisplayNameIsDifferent() = runTest {
+        val principalOld = Principal(serviceId = service.id, url = url, displayName = "principalOld")
+        val idOld = principalDao.insertOrUpdate(service.id, principalOld)
+
+        val principalNew = Principal(serviceId = service.id, url = url, displayName = "principalNew")
+        val idNew = principalDao.insertOrUpdate(service.id, principalNew)
+
+        assertEquals(idOld, idNew)
+
+        val updated = principalDao.get(idOld)
+        assertEquals("principalNew", updated.displayName)
+        verify(exactly = 1) { principalDao.update(any()) }
+    }
+
+    @Test(expected = SQLiteConstraintException::class)
+    fun insertOrUpdate_throwsForeignKeyConstraintViolationException() = runTest {
+        // throws on non-existing service
+        val url = "https://example.com/dav/principal".toHttpUrl()
+        val principal1 = Principal(serviceId = 999, url = url, displayName = "p1")
+        principalDao.insertOrUpdate(999, principal1)
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/db/SyncStatsDaoTest.kt

@@ -0,0 +1,77 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.db
+
+import androidx.sqlite.SQLiteException
+import at.bitfire.davdroid.sync.SyncDataType
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import kotlinx.coroutines.test.runTest
+import okhttp3.HttpUrl.Companion.toHttpUrl
+import org.junit.After
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import javax.inject.Inject
+
+@HiltAndroidTest
+class SyncStatsDaoTest {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @Inject
+    lateinit var db: AppDatabase
+    var collectionId: Long = 0
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+
+        val serviceId = db.serviceDao().insertOrReplace(Service(
+            id = 0,
+            accountName = "test@example.com",
+            type = Service.TYPE_CALDAV
+        ))
+        collectionId = db.collectionDao().insert(Collection(
+            id = 0,
+            serviceId = serviceId,
+            type = Collection.TYPE_CALENDAR,
+            url = "https://example.com".toHttpUrl()
+        ))
+    }
+
+    @After
+    fun tearDown() {
+        db.serviceDao().deleteAll()
+    }
+
+    @Test
+    fun testInsertOrReplace_ExistingForeignKey() = runTest {
+        val dao = db.syncStatsDao()
+        dao.insertOrReplace(
+            SyncStats(
+                id = 0,
+                collectionId = collectionId,
+                dataType = SyncDataType.CONTACTS.toString(),
+                lastSync = System.currentTimeMillis()
+            )
+        )
+    }
+
+    @Test(expected = SQLiteException::class)
+    fun testInsertOrReplace_MissingForeignKey() = runTest {
+        val dao = db.syncStatsDao()
+        dao.insertOrReplace(
+            SyncStats(
+                id = 0,
+                collectionId = 12345,
+                dataType = SyncDataType.CONTACTS.toString(),
+                lastSync = System.currentTimeMillis()
+            )
+        )
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/db/migration/DatabaseMigrationTest.kt

@@ -44,6 +44,11 @@ abstract class DatabaseMigrationTest(
     /**
      * Used for testing the migration process from [toVersion]-1 to [toVersion].
      *
+     * Note: SQLite's foreign key constraint enforcement is not enabled in tests. We need
+     * to enable it ourselves using setting "PRAGMA foreign_keys=ON" directly after opening
+     * a new database connection (works per connection). In tests it's usually more practical
+     * not to do so, however. In production database connections room enables it for us.
+     *
      * @param prepare      Callback to prepare the database. Will be run with database schema in version [toVersion] - 1.
      * @param validate     Callback to validate the migration result. Will be run with database schema in version [toVersion].
      */
@@ -61,6 +66,8 @@ abstract class DatabaseMigrationTest(
         // Prepare the database with the initial version.
         val dbName = "test"
         helper.createDatabase(dbName, version = toVersion - 1).apply {
+            // We could enable foreign key constraint enforcement here
+            // by setting "PRAGMA foreign_keys=ON".
             prepare(this)
             close()
         }

app/src/androidTest/kotlin/at/bitfire/davdroid/di/FakeSyncAdapterModule.kt

@@ -0,0 +1,20 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.di
+
+import at.bitfire.davdroid.sync.FakeSyncAdapter
+import at.bitfire.davdroid.sync.adapter.SyncAdapter
+import at.bitfire.davdroid.sync.adapter.SyncAdapterImpl
+import dagger.Binds
+import dagger.Module
+import dagger.hilt.components.SingletonComponent
+import dagger.hilt.testing.TestInstallIn
+
+@Module
+@TestInstallIn(components = [SingletonComponent::class], replaces = [SyncAdapterImpl.RealSyncAdapterModule::class])
+abstract class FakeSyncAdapterModule {
+    @Binds
+    abstract fun provide(impl: FakeSyncAdapter): SyncAdapter
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/di/TestLoggerModule.kt

@@ -1,33 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid.di
-
-import at.bitfire.davdroid.log.LogcatHandler
-import dagger.Module
-import dagger.Provides
-import dagger.hilt.components.SingletonComponent
-import dagger.hilt.testing.TestInstallIn
-import java.util.logging.Level
-import java.util.logging.Logger
-import javax.inject.Singleton
-
-/**
- * Module that provides verbose logging for tests.
- */
-@TestInstallIn(
-    components = [SingletonComponent::class],
-    replaces = [LoggerModule::class]
-)
-@Module
-class TestLoggerModule {
-
-    @Provides
-    @Singleton
-    fun logger(): Logger = Logger.getGlobal().apply {
-        level = Level.ALL
-        addHandler(LogcatHandler())
-    }
-
-}

app/src/androidTest/kotlin/at/bitfire/davdroid/network/Android10ResolverTest.kt

@@ -19,7 +19,7 @@ class Android10ResolverTest {
     val FQDN_DAVX5 = "www.davx5.com"
 
     @Test
-    @SdkSuppress(minSdkVersion = Build.VERSION_CODES.Q)
+    @SdkSuppress(minSdkVersion = Build.VERSION_CODES.Q, maxSdkVersion = 34)
     fun testResolveA() {
         val www = InetAddress.getAllByName(FQDN_DAVX5).filterIsInstance<Inet4Address>().first()
 

app/src/androidTest/kotlin/at/bitfire/davdroid/network/ConscryptIntegrationTest.kt

@@ -0,0 +1,31 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.network
+
+import org.conscrypt.Conscrypt
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+import java.security.Security
+
+class ConscryptIntegrationTest {
+
+    val integration = ConscryptIntegration()
+
+    @Test
+    fun testInitialize_InstallsConscrypt() {
+        uninstallConscrypt()
+        assertFalse(integration.conscryptInstalled())
+
+        integration.initialize()
+        assertTrue(integration.conscryptInstalled())
+    }
+
+    private fun uninstallConscrypt() {
+        for (conscrypt in Security.getProviders().filter { Conscrypt.isConscrypt(it) })
+            Security.removeProvider(conscrypt.name)
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/network/HttpClientBuilderTest.kt

@@ -4,9 +4,11 @@
 
 package at.bitfire.davdroid.network
 
-import android.security.NetworkSecurityPolicy
 import dagger.hilt.android.testing.HiltAndroidRule
 import dagger.hilt.android.testing.HiltAndroidTest
+import io.ktor.client.request.get
+import io.ktor.client.statement.bodyAsText
+import kotlinx.coroutines.test.runTest
 import okhttp3.Request
 import okhttp3.mockwebserver.MockResponse
 import okhttp3.mockwebserver.MockWebServer
@@ -14,30 +16,27 @@ import org.junit.After
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertNull
 import org.junit.Assert.assertTrue
-import org.junit.Assume
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
 import javax.inject.Inject
+import javax.inject.Provider
 
 @HiltAndroidTest
-class HttpClientTest {
+class HttpClientBuilderTest {
 
     @get:Rule
     var hiltRule = HiltAndroidRule(this)
 
     @Inject
-    lateinit var httpClientBuilder: HttpClient.Builder
+    lateinit var httpClientBuilder: Provider<HttpClientBuilder>
 
-    lateinit var httpClient: HttpClient
     lateinit var server: MockWebServer
 
     @Before
     fun setUp() {
         hiltRule.inject()
 
-        httpClient = httpClientBuilder.build()
-
         server = MockWebServer()
         server.start(30000)
     }
@@ -45,13 +44,32 @@ class HttpClientTest {
     @After
     fun tearDown() {
         server.shutdown()
-        httpClient.close()
     }
 
 
+    @Test
+    fun testBuild_SharesConnectionPoolAndDispatcher() {
+        val client1 = httpClientBuilder.get().build()
+        val client2 = httpClientBuilder.get().build()
+        assertEquals(client1.connectionPool, client2.connectionPool)
+        assertEquals(client1.dispatcher, client2.dispatcher)
+    }
+
+    @Test
+    fun testBuildKtor_CreatesWorkingClient() = runTest {
+        server.enqueue(MockResponse()
+            .setResponseCode(200)
+            .setBody("Some Content"))
+
+        httpClientBuilder.get().buildKtor().use { client ->
+            val response = client.get(server.url("/").toString())
+            assertEquals(200, response.status.value)
+            assertEquals("Some Content", response.bodyAsText())
+        }
+    }
+
     @Test
     fun testCookies() {
-        Assume.assumeTrue(NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted)
         val url = server.url("/test")
 
         // set cookie for root path (/) and /test path in first response
@@ -60,7 +78,9 @@ class HttpClientTest {
                 .addHeader("Set-Cookie", "cookie1=1; path=/")
                 .addHeader("Set-Cookie", "cookie2=2")
                 .setBody("Cookie set"))
-        httpClient.okHttpClient.newCall(Request.Builder()
+
+        val httpClient = httpClientBuilder.get().build()
+        httpClient.newCall(Request.Builder()
                 .get().url(url)
                 .build()).execute()
         assertNull(server.takeRequest().getHeader("Cookie"))
@@ -71,7 +91,7 @@ class HttpClientTest {
                 .addHeader("Set-Cookie", "cookie1=1a; path=/; Max-Age=0")
                 .addHeader("Set-Cookie", "cookie2=2a")
                 .setResponseCode(200))
-        httpClient.okHttpClient.newCall(Request.Builder()
+        httpClient.newCall(Request.Builder()
                 .get().url(url)
                 .build()).execute()
         val header = server.takeRequest().getHeader("Cookie")
@@ -79,7 +99,7 @@ class HttpClientTest {
 
         server.enqueue(MockResponse()
                 .setResponseCode(200))
-        httpClient.okHttpClient.newCall(Request.Builder()
+        httpClient.newCall(Request.Builder()
                 .get().url(url)
                 .build()).execute()
         assertEquals("cookie2=2a", server.takeRequest().getHeader("Cookie"))

app/src/androidTest/kotlin/at/bitfire/davdroid/network/OkhttpClientTest.kt

@@ -2,9 +2,9 @@
  * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
  */
 
-package at.bitfire.davdroid
+package at.bitfire.davdroid.network
 
-import at.bitfire.davdroid.network.HttpClient
+import androidx.test.filters.SdkSuppress
 import dagger.hilt.android.testing.HiltAndroidRule
 import dagger.hilt.android.testing.HiltAndroidTest
 import okhttp3.Request
@@ -17,7 +17,7 @@ import javax.inject.Inject
 class OkhttpClientTest {
 
     @Inject
-    lateinit var httpClientBuilder: HttpClient.Builder
+    lateinit var httpClientBuilder: HttpClientBuilder
 
     @get:Rule
     val hiltRule = HiltAndroidRule(this)
@@ -29,15 +29,17 @@ class OkhttpClientTest {
 
 
     @Test
+    @SdkSuppress(maxSdkVersion = 34)
     fun testIcloudWithSettings() {
-        httpClientBuilder.build().use { client ->
-            client.okHttpClient
-                .newCall(Request.Builder()
-                .get()
-                .url("https://icloud.com")
-                .build())
-                .execute()
-        }
+        val client = httpClientBuilder.build()
+        client
+            .newCall(
+                Request.Builder()
+                    .get()
+                    .url("https://icloud.com")
+                    .build()
+            )
+            .execute()
     }
 
 }

app/src/androidTest/kotlin/at/bitfire/davdroid/repository/AccountRepositoryTest.kt

@@ -0,0 +1,214 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.repository
+
+import android.accounts.Account
+import android.accounts.AccountManager
+import android.content.Context
+import androidx.hilt.work.HiltWorkerFactory
+import at.bitfire.davdroid.R
+import at.bitfire.davdroid.TestUtils
+import at.bitfire.davdroid.resource.LocalAddressBookStore
+import at.bitfire.davdroid.resource.LocalCalendarStore
+import at.bitfire.davdroid.resource.LocalDataStore
+import at.bitfire.davdroid.settings.AccountSettings
+import at.bitfire.davdroid.sync.AutomaticSyncManager
+import at.bitfire.davdroid.sync.SyncDataType
+import at.bitfire.davdroid.sync.TasksAppManager
+import at.bitfire.davdroid.sync.account.AccountsCleanupWorker
+import at.bitfire.davdroid.sync.account.TestAccount
+import at.bitfire.davdroid.sync.worker.SyncWorkerManager
+import dagger.hilt.android.qualifiers.ApplicationContext
+import dagger.hilt.android.testing.BindValue
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import io.mockk.clearAllMocks
+import io.mockk.coVerify
+import io.mockk.every
+import io.mockk.impl.annotations.MockK
+import io.mockk.junit4.MockKRule
+import io.mockk.mockk
+import io.mockk.mockkObject
+import io.mockk.unmockkObject
+import io.mockk.verify
+import junit.framework.TestCase.assertTrue
+import kotlinx.coroutines.test.runTest
+import org.junit.After
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import javax.inject.Inject
+
+@HiltAndroidTest
+class AccountRepositoryTest {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @get:Rule
+    val mockKRule = MockKRule(this)
+
+    // System under test
+
+    @Inject
+    lateinit var accountRepository: AccountRepository
+
+    // Real injections
+
+    @Inject
+    @ApplicationContext
+    lateinit var context: Context
+
+    @Inject
+    lateinit var accountSettingsFactory: AccountSettings.Factory
+
+    @Inject
+    lateinit var workerFactory: HiltWorkerFactory
+
+    // Dependency overrides
+
+    @BindValue @MockK(relaxed = true)
+    lateinit var automaticSyncManager: AutomaticSyncManager
+
+    @BindValue @MockK(relaxed = true)
+    lateinit var localAddressBookStore: LocalAddressBookStore
+
+    @BindValue @MockK(relaxed = true)
+    lateinit var localCalendarStore: LocalCalendarStore
+
+    @BindValue @MockK(relaxed = true)
+    lateinit var serviceRepository: DavServiceRepository
+
+    @BindValue @MockK(relaxed = true)
+    lateinit var syncWorkerManager: SyncWorkerManager
+
+    @BindValue @MockK(relaxed = true)
+    lateinit var tasksAppManager: TasksAppManager
+
+
+    // Account setup
+    private val newName = "Renamed Account"
+    lateinit var am: AccountManager
+    lateinit var accountType: String
+    lateinit var account: Account
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+        TestUtils.setUpWorkManager(context, workerFactory)
+
+        // Account setup
+        am = AccountManager.get(context)
+        accountType = context.getString(R.string.account_type)
+        account = TestAccount.create()
+
+        // AccountsCleanupWorker static mocking
+        mockkObject(AccountsCleanupWorker)
+        every { AccountsCleanupWorker.lockAccountsCleanup() } returns Unit
+    }
+
+    @After
+    fun tearDown() {
+        am.getAccountsByType(accountType).forEach { account ->
+            am.removeAccountExplicitly(account)
+        }
+
+        unmockkObject(AccountsCleanupWorker)
+        clearAllMocks()
+    }
+
+
+    // testRename
+
+    @Test(expected = IllegalArgumentException::class)
+    fun testRename_checksForAlreadyExisting() = runTest {
+        val existing = Account("Existing Account", accountType)
+        am.addAccountExplicitly(existing, null, null)
+
+        accountRepository.rename(account.name, existing.name)
+    }
+
+    @Test
+    fun testRename_locksAccountsCleanup() = runTest {
+        accountRepository.rename(account.name, newName)
+
+        verify { AccountsCleanupWorker.lockAccountsCleanup() }
+    }
+
+    @Test
+    fun testRename_renamesAccountInAndroid() = runTest {
+        accountRepository.rename(account.name, newName)
+
+        val accountsAfter = am.getAccountsByType(accountType)
+        assertTrue(accountsAfter.any { it.name == newName })
+    }
+
+    @Test
+    fun testRename_cancelsRunningSynchronizationOfOldAccount() = runTest {
+        accountRepository.rename(account.name, newName)
+
+        coVerify { syncWorkerManager.cancelAllWork(account) }
+    }
+
+    @Test
+    fun testRename_disablesPeriodicSyncsForOldAccount() = runTest {
+        accountRepository.rename(account.name, newName)
+
+        for (dataType in SyncDataType.entries)
+            coVerify(exactly = 1) {
+                syncWorkerManager.disablePeriodic(account, dataType)
+            }
+    }
+
+    @Test
+    fun testRename_updatesAccountNameReferencesInDatabase() = runTest {
+        accountRepository.rename(account.name, newName)
+
+        coVerify { serviceRepository.renameAccount(account.name, newName) }
+    }
+
+    @Test
+    fun testRename_updatesAddressBooks() = runTest {
+        accountRepository.rename(account.name, newName)
+
+        val newAccount = accountRepository.fromName(newName)
+        coVerify { localAddressBookStore.updateAccount(account, newAccount, any()) }
+    }
+
+    @Test
+    fun testRename_updatesCalendarEvents() = runTest {
+        accountRepository.rename(account.name, newName)
+
+        val newAccount = accountRepository.fromName(newName)
+        coVerify { localCalendarStore.updateAccount(account, newAccount, any()) }
+    }
+
+    @Test
+    fun testRename_updatesAccountNameOfLocalTasks() = runTest {
+        val mockDataStore = mockk<LocalDataStore<*>>(relaxed = true)
+        every { tasksAppManager.getDataStore() } returns mockDataStore
+        accountRepository.rename(account.name, newName)
+
+        val newAccount = accountRepository.fromName(newName)
+        coVerify { mockDataStore.updateAccount(account, newAccount, any()) }
+    }
+
+    @Test
+    fun testRename_updatesAutomaticSync() = runTest {
+        accountRepository.rename(account.name, newName)
+
+        val newAccount = accountRepository.fromName(newName)
+        coVerify { automaticSyncManager.updateAutomaticSync(newAccount) }
+    }
+
+    @Test
+    fun testRename_releasesAccountsCleanupWorkerMutex() = runTest {
+        accountRepository.rename(account.name, newName)
+
+        verify { AccountsCleanupWorker.lockAccountsCleanup() }
+        coVerify { serviceRepository.renameAccount(account.name, newName) }
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/repository/DavHomeSetRepositoryTest.kt

@@ -1,74 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid.repository
-
-import at.bitfire.davdroid.db.HomeSet
-import at.bitfire.davdroid.db.Service
-import dagger.hilt.android.testing.HiltAndroidRule
-import dagger.hilt.android.testing.HiltAndroidTest
-import okhttp3.HttpUrl.Companion.toHttpUrl
-import org.junit.Assert.assertEquals
-import org.junit.Before
-import org.junit.Rule
-import org.junit.Test
-import javax.inject.Inject
-
-@HiltAndroidTest
-class DavHomeSetRepositoryTest {
-
-    @Inject
-    lateinit var repository: DavHomeSetRepository
-
-    @Inject
-    lateinit var serviceRepository: DavServiceRepository
-
-    @get:Rule
-    var hiltRule = HiltAndroidRule(this)
-
-    var serviceId: Long = 0
-
-    @Before
-    fun setUp() {
-        hiltRule.inject()
-
-        serviceId = serviceRepository.insertOrReplaceBlocking(
-            Service(id=0, accountName="test", type= Service.TYPE_CALDAV, principal = null)
-        )
-    }
-
-
-    @Test
-    fun testInsertOrUpdate() {
-        // should insert new row or update (upsert) existing row - without changing its key!
-        val entry1 = HomeSet(id=0, serviceId=serviceId, personal=true, url="https://example.com/1".toHttpUrl())
-        val insertId1 = repository.insertOrUpdateByUrlBlocking(entry1)
-        assertEquals(1L, insertId1)
-        assertEquals(entry1.copy(id = 1L), repository.getByIdBlocking(1L))
-
-        val updatedEntry1 = HomeSet(id=0, serviceId=serviceId, personal=true, url="https://example.com/1".toHttpUrl(), displayName="Updated Entry")
-        val updateId1 = repository.insertOrUpdateByUrlBlocking(updatedEntry1)
-        assertEquals(1L, updateId1)
-        assertEquals(updatedEntry1.copy(id = 1L), repository.getByIdBlocking(1L))
-
-        val entry2 = HomeSet(id=0, serviceId=serviceId, personal=true, url= "https://example.com/2".toHttpUrl())
-        val insertId2 = repository.insertOrUpdateByUrlBlocking(entry2)
-        assertEquals(2L, insertId2)
-        assertEquals(entry2.copy(id = 2L), repository.getByIdBlocking(2L))
-    }
-
-    @Test
-    fun testDeleteBlocking() {
-        // should delete row with given primary key (id)
-        val entry1 = HomeSet(id=1, serviceId=serviceId, personal=true, url= "https://example.com/1".toHttpUrl())
-
-        val insertId1 = repository.insertOrUpdateByUrlBlocking(entry1)
-        assertEquals(1L, insertId1)
-        assertEquals(entry1, repository.getByIdBlocking(1L))
-
-        repository.deleteBlocking(entry1)
-        assertEquals(null, repository.getByIdBlocking(1L))
-    }
-
-}

app/src/androidTest/kotlin/at/bitfire/davdroid/resource/LocalAddressBookTest.kt

@@ -29,6 +29,7 @@ import org.junit.Rule
 import org.junit.Test
 import java.io.FileNotFoundException
 import java.util.LinkedList
+import java.util.Optional
 import javax.inject.Inject
 
 @HiltAndroidTest
@@ -98,7 +99,7 @@ class LocalAddressBookTest {
             val id = ContentUris.parseId(uri)
 
             // make sure it's not dirty
-            localGroup.clearDirty(null, null, null)
+            localGroup.clearDirty(Optional.empty(), null, null)
             assertFalse("Group is dirty before moving", isGroupDirty(addressBook, id))
 
             // rename address book
@@ -127,7 +128,7 @@ class LocalAddressBookTest {
      */
     fun isContactDirty(adddressBook: LocalAddressBook, id: Long): Boolean {
         val uri = ContentUris.withAppendedId(adddressBook.rawContactsSyncUri(), id)
-        provider!!.query(uri, arrayOf(ContactsContract.RawContacts.DIRTY), null, null, null)?.use { cursor ->
+        provider.query(uri, arrayOf(ContactsContract.RawContacts.DIRTY), null, null, null)?.use { cursor ->
             if (cursor.moveToFirst())
                 return cursor.getInt(0) != 0
         }
@@ -143,7 +144,7 @@ class LocalAddressBookTest {
      */
     fun isGroupDirty(adddressBook: LocalAddressBook, id: Long): Boolean {
         val uri = ContentUris.withAppendedId(adddressBook.groupsSyncUri(), id)
-        provider!!.query(uri, arrayOf(ContactsContract.Groups.DIRTY), null, null, null)?.use { cursor ->
+        provider.query(uri, arrayOf(ContactsContract.Groups.DIRTY), null, null, null)?.use { cursor ->
             if (cursor.moveToFirst())
                 return cursor.getInt(0) != 0
         }

app/src/androidTest/kotlin/at/bitfire/davdroid/resource/LocalCalendarStoreTest.kt

@@ -0,0 +1,114 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.resource
+
+import android.accounts.Account
+import android.content.ContentProviderClient
+import android.content.Context
+import android.net.Uri
+import android.provider.CalendarContract
+import android.provider.CalendarContract.Calendars
+import androidx.core.content.contentValuesOf
+import at.bitfire.davdroid.sync.account.TestAccount
+import at.bitfire.ical4android.util.MiscUtils.asSyncAdapter
+import at.bitfire.ical4android.util.MiscUtils.closeCompat
+import at.bitfire.synctools.test.InitCalendarProviderRule
+import dagger.hilt.android.qualifiers.ApplicationContext
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import org.junit.After
+import org.junit.Assert.assertEquals
+import org.junit.Assume
+import org.junit.Before
+import org.junit.Ignore
+import org.junit.Rule
+import org.junit.Test
+import org.junit.rules.TestRule
+import javax.inject.Inject
+
+@HiltAndroidTest
+class LocalCalendarStoreTest {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @get:Rule
+    val initCalendarProviderRule: TestRule = InitCalendarProviderRule.initialize()
+
+    @Inject @ApplicationContext
+    lateinit var context: Context
+
+    @Inject
+    lateinit var localCalendarStore: LocalCalendarStore
+
+    private lateinit var provider: ContentProviderClient
+    private lateinit var account: Account
+    private lateinit var calendarUri: Uri
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+        provider = context.contentResolver.acquireContentProviderClient(CalendarContract.AUTHORITY)!!
+        account = TestAccount.create(accountName = "InitialAccountName")
+        calendarUri = createCalendarForAccount(account)
+    }
+
+    @After
+    fun tearDown() {
+        provider.delete(calendarUri, null, null)
+        TestAccount.remove(account)
+        provider.closeCompat()
+    }
+
+
+    @Ignore("Flaky in CI")
+    @Test
+    fun testUpdateAccount_updatesOwnerAccount() {
+        // Verify initial state (assume to skip and prevent flaky test failures)
+        Assume.assumeTrue("InitialAccountName" == getOwnerAccount())
+
+        // Rename account
+        val oldAccount = account
+        account = TestAccount.rename(account, "ChangedAccountName")
+
+        // Update account name in local calendar
+        localCalendarStore.updateAccount(oldAccount, account, provider)
+
+        // Verify [Calendar.OWNER_ACCOUNT] of local calendar was updated
+        assertEquals("ChangedAccountName", getOwnerAccount())
+    }
+
+
+    // helpers
+
+    private fun createCalendarForAccount(account: Account): Uri =
+         provider.insert(
+            Calendars.CONTENT_URI.asSyncAdapter(account),
+            contentValuesOf(
+                Calendars.ACCOUNT_NAME to account.name,
+                Calendars.ACCOUNT_TYPE to account.type,
+                Calendars.OWNER_ACCOUNT to account.name,
+                Calendars.VISIBLE to 1,
+                Calendars.SYNC_EVENTS to 1,
+                Calendars._SYNC_ID to 999,
+                Calendars.CALENDAR_DISPLAY_NAME to "displayName",
+            )
+        )!!.asSyncAdapter(account)
+
+    private fun getOwnerAccount(): String? {
+        provider.query(
+            calendarUri,
+            arrayOf(Calendars.OWNER_ACCOUNT),
+            "${Calendars.ACCOUNT_NAME}=?",
+            arrayOf(account.name),
+            null
+        )!!.use { cursor ->
+            if (!cursor.moveToNext())
+                return null
+            return cursor.getString(0)
+        }
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/resource/LocalCalendarTest.kt

@@ -6,146 +6,137 @@ package at.bitfire.davdroid.resource
 
 import android.accounts.Account
 import android.content.ContentProviderClient
-import android.content.ContentUris
 import android.content.ContentValues
+import android.content.Entity
 import android.provider.CalendarContract
 import android.provider.CalendarContract.ACCOUNT_TYPE_LOCAL
 import android.provider.CalendarContract.Events
+import androidx.core.content.contentValuesOf
 import androidx.test.platform.app.InstrumentationRegistry
-import at.bitfire.davdroid.InitCalendarProviderRule
-import at.bitfire.ical4android.AndroidCalendar
-import at.bitfire.ical4android.Event
-import at.bitfire.ical4android.util.MiscUtils.asSyncAdapter
 import at.bitfire.ical4android.util.MiscUtils.closeCompat
-import net.fortuna.ical4j.model.property.DtStart
-import net.fortuna.ical4j.model.property.RRule
-import net.fortuna.ical4j.model.property.RecurrenceId
-import net.fortuna.ical4j.model.property.Status
+import at.bitfire.synctools.storage.calendar.AndroidCalendar
+import at.bitfire.synctools.storage.calendar.AndroidCalendarProvider
+import at.bitfire.synctools.storage.calendar.EventsContract
+import at.bitfire.synctools.test.InitCalendarProviderRule
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
 import org.junit.After
-import org.junit.AfterClass
 import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNull
 import org.junit.Before
-import org.junit.BeforeClass
-import org.junit.ClassRule
+import org.junit.Rule
 import org.junit.Test
 import org.junit.rules.TestRule
+import javax.inject.Inject
 
+@HiltAndroidTest
 class LocalCalendarTest {
 
-    companion object {
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
 
-        @JvmField
-        @ClassRule
-        val initCalendarProviderRule: TestRule = InitCalendarProviderRule.getInstance()
+    @get:Rule
+    val initCalendarProviderRule: TestRule = InitCalendarProviderRule.initialize()
 
-        private lateinit var provider: ContentProviderClient
-
-        @BeforeClass
-        @JvmStatic
-        fun setUpClass() {
-            val context = InstrumentationRegistry.getInstrumentation().targetContext
-            provider = context.contentResolver.acquireContentProviderClient(CalendarContract.AUTHORITY)!!
-        }
-
-        @AfterClass
-        @JvmStatic
-        fun tearDownClass() {
-            provider.closeCompat()
-        }
-
-    }
+    @Inject
+    lateinit var localCalendarFactory: LocalCalendar.Factory
 
     private val account = Account("LocalCalendarTest", ACCOUNT_TYPE_LOCAL)
+    private lateinit var androidCalendar: AndroidCalendar
+    private lateinit var client: ContentProviderClient
     private lateinit var calendar: LocalCalendar
 
     @Before
     fun setUp() {
-        val uri = AndroidCalendar.create(account, provider, ContentValues())
-        calendar = AndroidCalendar.findByID(account, provider, LocalCalendar.Factory, ContentUris.parseId(uri))
+        hiltRule.inject()
+
+        val context = InstrumentationRegistry.getInstrumentation().targetContext
+        client = context.contentResolver.acquireContentProviderClient(CalendarContract.AUTHORITY)!!
+
+        val provider = AndroidCalendarProvider(account, client)
+        androidCalendar = provider.createAndGetCalendar(ContentValues())
+        calendar = localCalendarFactory.create(androidCalendar)
     }
 
     @After
     fun tearDown() {
-        calendar.delete()
+        androidCalendar.delete()
+        client.closeCompat()
     }
 
 
-    @Test
-    fun testDeleteDirtyEventsWithoutInstances_NoInstances_CancelledExceptions() {
-        // create recurring event with only deleted/cancelled instances
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 3 instances"
-            rRules.add(RRule("FREQ=DAILY;COUNT=3"))
-            exceptions.add(Event().apply {
-                recurrenceId = RecurrenceId("20220120T010203Z")
-                dtStart = DtStart("20220120T010203Z")
-                summary = "Cancelled exception on 1st day"
-                status = Status.VEVENT_CANCELLED
-            })
-            exceptions.add(Event().apply {
-                recurrenceId = RecurrenceId("20220121T010203Z")
-                dtStart = DtStart("20220121T010203Z")
-                summary = "Cancelled exception on 2nd day"
-                status = Status.VEVENT_CANCELLED
-            })
-            exceptions.add(Event().apply {
-                recurrenceId = RecurrenceId("20220122T010203Z")
-                dtStart = DtStart("20220122T010203Z")
-                summary = "Cancelled exception on 3rd day"
-                status = Status.VEVENT_CANCELLED
-            })
-        }
-        val localEvent = LocalEvent(calendar, event, "filename.ics", null, null, LocalResource.FLAG_REMOTELY_PRESENT)
-        localEvent.add()
-        val eventId = localEvent.id!!
+    /**
+     * Verifies that [LocalCalendar.removeNotDirtyMarked] works as expected.
+     * @param contentValues values to set on the event. Required:
+     * - [Events._ID]
+     * - [Events.DIRTY]
+     */
+    private fun testRemoveNotDirtyMarked(contentValues: ContentValues) {
+        val entity = Entity(
+            contentValuesOf(
+                Events.CALENDAR_ID to androidCalendar.id,
+                Events.DTSTART to System.currentTimeMillis(),
+                Events.DTEND to System.currentTimeMillis(),
+                Events.TITLE to "Some Event",
+                EventsContract.COLUMN_FLAGS to 123
+            ).apply { putAll(contentValues) }
+        )
+        val id = androidCalendar.addEvent(entity)
 
-        // set event as dirty
-        provider.update(ContentUris.withAppendedId(Events.CONTENT_URI.asSyncAdapter(account), eventId), ContentValues(1).apply {
-            put(Events.DIRTY, 1)
-        }, null, null)
+        calendar.removeNotDirtyMarked(123)
 
-        // this method should mark the event as deleted
-        calendar.deleteDirtyEventsWithoutInstances()
-
-        // verify that event is now marked as deleted
-        provider.query(
-            ContentUris.withAppendedId(Events.CONTENT_URI.asSyncAdapter(account), eventId),
-            arrayOf(Events.DELETED), null, null, null
-        )!!.use { cursor ->
-            cursor.moveToNext()
-            assertEquals(1, cursor.getInt(0))
-        }
+        assertNull(androidCalendar.getEvent(id))
     }
 
     @Test
-    // Needs InitCalendarProviderRule
-    fun testDeleteDirtyEventsWithoutInstances_Recurring_Instances() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 3 instances"
-            rRules.add(RRule("FREQ=DAILY;COUNT=3"))
-        }
-        val localEvent = LocalEvent(calendar, event, "filename.ics", null, null, LocalResource.FLAG_REMOTELY_PRESENT)
-        localEvent.add()
-        val eventId = localEvent.id!!
+    fun testRemoveNotDirtyMarked_IdLargerThanIntMaxValue() = testRemoveNotDirtyMarked(
+        contentValuesOf(Events._ID to Int.MAX_VALUE.toLong() + 10, Events.DIRTY to 0)
+    )
 
-        // set event as dirty
-        provider.update(ContentUris.withAppendedId(Events.CONTENT_URI.asSyncAdapter(account), eventId), ContentValues(1).apply {
-            put(Events.DIRTY, 1)
-        }, null, null)
+    @Test
+    fun testRemoveNotDirtyMarked_DirtyIs0() = testRemoveNotDirtyMarked(
+        contentValuesOf(Events._ID to 1, Events.DIRTY to 0)
+    )
 
-        // this method should mark the event as deleted
-        calendar.deleteDirtyEventsWithoutInstances()
+    @Test
+    fun testRemoveNotDirtyMarked_DirtyNull() = testRemoveNotDirtyMarked(
+        contentValuesOf(Events._ID to 1, Events.DIRTY to null)
+    )
 
-        // verify that event is not marked as deleted
-        provider.query(
-            ContentUris.withAppendedId(Events.CONTENT_URI.asSyncAdapter(account), eventId),
-            arrayOf(Events.DELETED), null, null, null
-        )!!.use { cursor ->
-            cursor.moveToNext()
-            assertEquals(0, cursor.getInt(0))
-        }
+    /**
+     * Verifies that [LocalCalendar.markNotDirty] works as expected.
+     * @param contentValues values to set on the event. Required:
+     * - [Events.DIRTY]
+     */
+    private fun testMarkNotDirty(contentValues: ContentValues) {
+        val id = androidCalendar.addEvent(Entity(
+            contentValuesOf(
+                Events.CALENDAR_ID to androidCalendar.id,
+                Events._ID to 1,
+                Events.DTSTART to System.currentTimeMillis(),
+                Events.DTEND to System.currentTimeMillis(),
+                Events.TITLE to "Some Event",
+                EventsContract.COLUMN_FLAGS to 123
+            ).apply { putAll(contentValues) }
+        ))
+
+        val updated = calendar.markNotDirty(321)
+        assertEquals(1, updated)
+        assertEquals(321, androidCalendar.getEvent(id)?.entityValues?.getAsInteger(EventsContract.COLUMN_FLAGS))
     }
 
+    @Test
+    fun test_markNotDirty_DirtyIs0() = testMarkNotDirty(
+        contentValuesOf(
+            Events.DIRTY to 0
+        )
+    )
+
+    @Test
+    fun test_markNotDirty_DirtyIsNull() = testMarkNotDirty(
+        contentValuesOf(
+            Events.DIRTY to null
+        )
+    )
+
 }

app/src/androidTest/kotlin/at/bitfire/davdroid/resource/LocalEventTest.kt

@@ -1,485 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid.resource
-
-import android.accounts.Account
-import android.content.ContentProviderClient
-import android.content.ContentUris
-import android.content.ContentValues
-import android.os.Build
-import android.provider.CalendarContract
-import android.provider.CalendarContract.ACCOUNT_TYPE_LOCAL
-import android.provider.CalendarContract.Events
-import androidx.test.platform.app.InstrumentationRegistry
-import at.bitfire.davdroid.InitCalendarProviderRule
-import at.bitfire.ical4android.AndroidCalendar
-import at.bitfire.ical4android.Event
-import at.bitfire.ical4android.util.MiscUtils.closeCompat
-import at.techbee.jtx.JtxContract.asSyncAdapter
-import net.fortuna.ical4j.model.Date
-import net.fortuna.ical4j.model.DateList
-import net.fortuna.ical4j.model.parameter.Value
-import net.fortuna.ical4j.model.property.DtStart
-import net.fortuna.ical4j.model.property.ExDate
-import net.fortuna.ical4j.model.property.RRule
-import net.fortuna.ical4j.model.property.RecurrenceId
-import net.fortuna.ical4j.model.property.Status
-import org.junit.After
-import org.junit.AfterClass
-import org.junit.Assert.assertEquals
-import org.junit.Assert.assertNull
-import org.junit.Assert.assertTrue
-import org.junit.Before
-import org.junit.BeforeClass
-import org.junit.ClassRule
-import org.junit.Test
-import org.junit.rules.TestRule
-import java.util.UUID
-
-class LocalEventTest {
-
-    private val account = Account("LocalCalendarTest", ACCOUNT_TYPE_LOCAL)
-    private lateinit var calendar: LocalCalendar
-
-    @Before
-    fun setUp() {
-        val uri = AndroidCalendar.create(account, provider, ContentValues())
-        calendar = AndroidCalendar.findByID(account, provider, LocalCalendar.Factory, ContentUris.parseId(uri))
-    }
-
-    @After
-    fun removeCalendar() {
-        calendar.delete()
-    }
-
-
-    @Test
-    fun testNumDirectInstances_SingleInstance() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 1 instance"
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        assertEquals(1, LocalEvent.numDirectInstances(provider, account, localEvent.id!!))
-    }
-
-    @Test
-    fun testNumDirectInstances_Recurring() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 5 instances"
-            rRules.add(RRule("FREQ=DAILY;COUNT=5"))
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        assertEquals(5, LocalEvent.numDirectInstances(provider, account, localEvent.id!!))
-    }
-
-    @Test
-    fun testNumDirectInstances_Recurring_Endless() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event without end"
-            rRules.add(RRule("FREQ=DAILY"))
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        assertNull(LocalEvent.numDirectInstances(provider, account, localEvent.id!!))
-    }
-
-    @Test
-    // flaky, needs InitCalendarProviderRule
-    fun testNumDirectInstances_Recurring_LateEnd() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 53 years"
-            rRules.add(RRule("FREQ=YEARLY;UNTIL=20740119T010203Z"))     // year 2074 is not supported by Android <11 Calendar Storage
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R)
-            assertEquals(52, LocalEvent.numDirectInstances(provider, account, localEvent.id!!))
-        else
-            assertNull(LocalEvent.numDirectInstances(provider, account, localEvent.id!!))
-    }
-
-    @Test
-    // flaky, needs InitCalendarProviderRule
-    fun testNumDirectInstances_Recurring_ManyInstances() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 2 years"
-            rRules.add(RRule("FREQ=DAILY;UNTIL=20240120T010203Z"))
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-        val number = LocalEvent.numDirectInstances(provider, account, localEvent.id!!)
-
-        // Some android versions (i.e. <=Q and S) return 365*2 instances (wrong, 365*2+1 => correct),
-        // but we are satisfied with either result for now
-        assertTrue(number == 365*2 || number == 365*2+1)
-    }
-
-    @Test
-    // flaky, needs InitCalendarProviderRule
-    fun testNumDirectInstances_RecurringWithExdate() {
-        val event = Event().apply {
-            dtStart = DtStart(Date("20220120T010203Z"))
-            summary = "Event with 5 instances"
-            rRules.add(RRule("FREQ=DAILY;COUNT=5"))
-            exDates.add(ExDate(DateList("20220121T010203Z", Value.DATE_TIME)))
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        assertEquals(4, LocalEvent.numDirectInstances(provider, account, localEvent.id!!))
-    }
-
-    @Test
-    fun testNumDirectInstances_RecurringWithExceptions() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 5 instances"
-            rRules.add(RRule("FREQ=DAILY;COUNT=5"))
-            exceptions.add(Event().apply {
-                recurrenceId = RecurrenceId("20220122T010203Z")
-                dtStart = DtStart("20220122T130203Z")
-                summary = "Exception on 3rd day"
-            })
-            exceptions.add(Event().apply {
-                recurrenceId = RecurrenceId("20220124T010203Z")
-                dtStart = DtStart("20220122T160203Z")
-                summary = "Exception on 5th day"
-            })
-        }
-        val localEvent = LocalEvent(calendar, event, "filename.ics", null, null, 0)
-        localEvent.add()
-
-        assertEquals(5-2, LocalEvent.numDirectInstances(provider, account, localEvent.id!!))
-    }
-
-
-    @Test
-    // flaky, needs InitCalendarProviderRule
-    fun testNumInstances_SingleInstance() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 1 instance"
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        assertEquals(1, LocalEvent.numInstances(provider, account, localEvent.id!!))
-    }
-
-    @Test
-    fun testNumInstances_Recurring() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 5 instances"
-            rRules.add(RRule("FREQ=DAILY;COUNT=5"))
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        assertEquals(5, LocalEvent.numInstances(provider, account, localEvent.id!!))
-    }
-
-    @Test
-    fun testNumInstances_Recurring_Endless() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with infinite instances"
-            rRules.add(RRule("FREQ=YEARLY"))
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        assertNull(LocalEvent.numInstances(provider, account, localEvent.id!!))
-    }
-
-    @Test
-    // flaky, needs InitCalendarProviderRule
-    fun testNumInstances_Recurring_LateEnd() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event over 22 years"
-            rRules.add(RRule("FREQ=YEARLY;UNTIL=20740119T010203Z"))     // year 2074 not supported by Android <11 Calendar Storage
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R)
-            assertEquals(52, LocalEvent.numInstances(provider, account, localEvent.id!!))
-        else
-            assertNull(LocalEvent.numInstances(provider, account, localEvent.id!!))
-    }
-
-    @Test
-    // flaky, needs InitCalendarProviderRule
-    fun testNumInstances_Recurring_ManyInstances() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event over two years"
-            rRules.add(RRule("FREQ=DAILY;UNTIL=20240120T010203Z"))
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        assertEquals(
-            if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.Q)
-                365*2       // Android <10: does not include UNTIL (incorrect!)
-            else
-                365*2 + 1,  // Android ≥10: includes UNTIL (correct)
-            LocalEvent.numInstances(provider, account, localEvent.id!!))
-    }
-
-    @Test
-    fun testNumInstances_RecurringWithExceptions() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 6 instances"
-            rRules.add(RRule("FREQ=DAILY;COUNT=6"))
-            exceptions.add(Event().apply {
-                recurrenceId = RecurrenceId("20220122T010203Z")
-                dtStart = DtStart("20220122T130203Z")
-                summary = "Exception on 3rd day"
-            })
-            exceptions.add(Event().apply {
-                recurrenceId = RecurrenceId("20220124T010203Z")
-                dtStart = DtStart("20220122T160203Z")
-                summary = "Exception on 5th day"
-            })
-        }
-        val localEvent = LocalEvent(calendar, event, "filename.ics", null, null, 0)
-        localEvent.add()
-
-        calendar.findById(localEvent.id!!)
-
-        assertEquals(6, LocalEvent.numInstances(provider, account, localEvent.id!!))
-    }
-
-
-    @Test
-    fun testMarkEventAsDeleted() {
-        // Create event
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "A fine event"
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()
-
-        // Delete event
-        LocalEvent.markAsDeleted(provider, account, localEvent.id!!)
-
-        // Get the status of whether the event is deleted
-        provider.query(
-            ContentUris.withAppendedId(Events.CONTENT_URI, localEvent.id!!).asSyncAdapter(account),
-            arrayOf(Events.DELETED),
-            null,
-            null, null
-        )!!.use { cursor ->
-            cursor.moveToFirst()
-            assertEquals(1, cursor.getInt(0))
-        }
-    }
-
-
-    @Test
-    fun testPrepareForUpload_NoUid() {
-        // create event
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event without uid"
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add()    // save it to calendar storage
-
-        // prepare for upload - this should generate a new random uuid, returned as filename
-        val fileNameWithSuffix = localEvent.prepareForUpload()
-        val fileName = fileNameWithSuffix.removeSuffix(".ics")
-
-        // throws an exception if fileName is not an UUID
-        UUID.fromString(fileName)
-
-        // UID in calendar storage should be the same as file name
-        provider.query(
-            ContentUris.withAppendedId(Events.CONTENT_URI, localEvent.id!!).asSyncAdapter(account),
-            arrayOf(Events.UID_2445), null, null, null
-        )!!.use { cursor ->
-            cursor.moveToFirst()
-            assertEquals(fileName, cursor.getString(0))
-        }
-    }
-
-    @Test
-    fun testPrepareForUpload_NormalUid() {
-        // create event
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with normal uid"
-            uid = "some-event@hostname.tld"     // old UID format, UUID would be new format
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add() // save it to calendar storage
-
-        // prepare for upload - this should use the UID for the file name
-        val fileNameWithSuffix = localEvent.prepareForUpload()
-        val fileName = fileNameWithSuffix.removeSuffix(".ics")
-
-        assertEquals(event.uid, fileName)
-
-        // UID in calendar storage should still be set, too
-        provider.query(
-            ContentUris.withAppendedId(Events.CONTENT_URI, localEvent.id!!).asSyncAdapter(account),
-            arrayOf(Events.UID_2445), null, null, null
-        )!!.use { cursor ->
-            cursor.moveToFirst()
-            assertEquals(fileName, cursor.getString(0))
-        }
-    }
-
-    @Test
-    fun testPrepareForUpload_UidHasDangerousChars() {
-        // create event
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with funny uid"
-            uid = "https://www.example.com/events/asdfewfe-cxyb-ewrws-sadfrwerxyvser-asdfxye-"
-        }
-        val localEvent = LocalEvent(calendar, event, null, null, null, 0)
-        localEvent.add() // save it to calendar storage
-
-        // prepare for upload - this should generate a new random uuid, returned as filename
-        val fileNameWithSuffix = localEvent.prepareForUpload()
-        val fileName = fileNameWithSuffix.removeSuffix(".ics")
-
-        // throws an exception if fileName is not an UUID
-        UUID.fromString(fileName)
-
-        // UID in calendar storage shouldn't have been changed
-        provider.query(
-            ContentUris.withAppendedId(Events.CONTENT_URI, localEvent.id!!).asSyncAdapter(account),
-            arrayOf(Events.UID_2445), null, null, null
-        )!!.use { cursor ->
-            cursor.moveToFirst()
-            assertEquals(event.uid, cursor.getString(0))
-        }
-    }
-
-
-    @Test
-    fun testDeleteDirtyEventsWithoutInstances_NoInstances_Exdate() {
-        // TODO
-    }
-
-    @Test
-    fun testDeleteDirtyEventsWithoutInstances_NoInstances_CancelledExceptions() {
-        // create recurring event with only deleted/cancelled instances
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 3 instances"
-            rRules.add(RRule("FREQ=DAILY;COUNT=3"))
-            exceptions.add(Event().apply {
-                recurrenceId = RecurrenceId("20220120T010203Z")
-                dtStart = DtStart("20220120T010203Z")
-                summary = "Cancelled exception on 1st day"
-                status = Status.VEVENT_CANCELLED
-            })
-            exceptions.add(Event().apply {
-                recurrenceId = RecurrenceId("20220121T010203Z")
-                dtStart = DtStart("20220121T010203Z")
-                summary = "Cancelled exception on 2nd day"
-                status = Status.VEVENT_CANCELLED
-            })
-            exceptions.add(Event().apply {
-                recurrenceId = RecurrenceId("20220122T010203Z")
-                dtStart = DtStart("20220122T010203Z")
-                summary = "Cancelled exception on 3rd day"
-                status = Status.VEVENT_CANCELLED
-            })
-        }
-        val localEvent = LocalEvent(calendar, event, "filename.ics", null, null, LocalResource.FLAG_REMOTELY_PRESENT)
-        localEvent.add()
-        val eventId = localEvent.id!!
-
-        // set event as dirty
-        provider.update(ContentUris.withAppendedId(Events.CONTENT_URI.asSyncAdapter(account), eventId), ContentValues(1).apply {
-            put(Events.DIRTY, 1)
-        }, null, null)
-
-        // this method should mark the event as deleted
-        calendar.deleteDirtyEventsWithoutInstances()
-
-        // verify that event is now marked as deleted
-        provider.query(
-            ContentUris.withAppendedId(Events.CONTENT_URI.asSyncAdapter(account), eventId),
-            arrayOf(Events.DELETED), null, null, null
-        )!!.use { cursor ->
-            cursor.moveToNext()
-            assertEquals(1, cursor.getInt(0))
-        }
-    }
-
-    @Test
-    fun testDeleteDirtyEventsWithoutInstances_Recurring_Instances() {
-        val event = Event().apply {
-            dtStart = DtStart("20220120T010203Z")
-            summary = "Event with 3 instances"
-            rRules.add(RRule("FREQ=DAILY;COUNT=3"))
-        }
-        val localEvent = LocalEvent(calendar, event, "filename.ics", null, null, LocalResource.FLAG_REMOTELY_PRESENT)
-        localEvent.add()
-        val eventId = localEvent.id!!
-
-        // set event as dirty
-        provider.update(ContentUris.withAppendedId(Events.CONTENT_URI.asSyncAdapter(account), eventId), ContentValues(1).apply {
-            put(Events.DIRTY, 1)
-        }, null, null)
-
-        // this method should mark the event as deleted
-        calendar.deleteDirtyEventsWithoutInstances()
-
-        // verify that event is not marked as deleted
-        provider.query(
-            ContentUris.withAppendedId(Events.CONTENT_URI.asSyncAdapter(account), eventId),
-            arrayOf(Events.DELETED), null, null, null
-        )!!.use { cursor ->
-            cursor.moveToNext()
-            assertEquals(0, cursor.getInt(0))
-        }
-    }
-
-
-    companion object {
-
-        @JvmField
-        @ClassRule
-        val initCalendarProviderRule: TestRule = InitCalendarProviderRule.getInstance()
-
-        private lateinit var provider: ContentProviderClient
-
-        @BeforeClass
-        @JvmStatic
-        fun setUpClass() {
-            val context = InstrumentationRegistry.getInstrumentation().targetContext
-            provider = context.contentResolver.acquireContentProviderClient(CalendarContract.AUTHORITY)!!
-        }
-
-        @AfterClass
-        @JvmStatic
-        fun tearDownClass() {
-            provider.closeCompat()
-        }
-
-    }
-
-}

app/src/androidTest/kotlin/at/bitfire/davdroid/resource/LocalGroupTest.kt

@@ -14,45 +14,54 @@ import android.provider.ContactsContract
 import android.provider.ContactsContract.CommonDataKinds.GroupMembership
 import androidx.test.platform.app.InstrumentationRegistry
 import androidx.test.rule.GrantPermissionRule
-import at.bitfire.vcard4android.BatchOperation
+import at.bitfire.synctools.storage.ContactsBatchOperation
 import at.bitfire.vcard4android.CachedGroupMembership
 import at.bitfire.vcard4android.Contact
 import at.bitfire.vcard4android.GroupMethod
 import dagger.hilt.android.qualifiers.ApplicationContext
 import dagger.hilt.android.testing.HiltAndroidRule
 import dagger.hilt.android.testing.HiltAndroidTest
-import org.junit.AfterClass
+import org.junit.After
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
-import org.junit.Assert.assertNotNull
-import org.junit.Assert.assertNull
 import org.junit.Assert.assertTrue
 import org.junit.Before
-import org.junit.BeforeClass
-import org.junit.ClassRule
 import org.junit.Rule
 import org.junit.Test
+import java.util.Optional
 import javax.inject.Inject
 
 @HiltAndroidTest
 class LocalGroupTest {
 
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @get:Rule
+    val permissionRule = GrantPermissionRule.grant(Manifest.permission.READ_CONTACTS, Manifest.permission.WRITE_CONTACTS)!!
+
     @Inject @ApplicationContext
     lateinit var context: Context
 
     @Inject
     lateinit var localTestAddressBookProvider: LocalTestAddressBookProvider
 
-    @get:Rule
-    val hiltRule = HiltAndroidRule(this)
+    lateinit var provider: ContentProviderClient
 
     val account = Account("Test Account", "Test Account Type")
 
     @Before
-    fun setup() {
+    fun setUp() {
         hiltRule.inject()
+
+        val context = InstrumentationRegistry.getInstrumentation().context
+        provider = context.contentResolver.acquireContentProviderClient(ContactsContract.AUTHORITY)!!
     }
 
+    @After
+    fun tearDown() {
+        provider.close()
+    }
 
     @Test
     fun testApplyPendingMemberships_addPendingMembership() {
@@ -115,7 +124,7 @@ class LocalGroupTest {
             val group = newGroup(ab)
 
             // add contact1 to group
-            val batch = BatchOperation(ab.provider!!)
+            val batch = ContactsBatchOperation(ab.provider!!)
             contact1.addToGroup(batch, group.id!!)
             batch.commit()
 
@@ -145,7 +154,6 @@ class LocalGroupTest {
         }
     }
 
-
     @Test
     fun testClearDirty_addCachedGroupMembership() {
         localTestAddressBookProvider.provide(account, provider, GroupMethod.CATEGORIES) { ab ->
@@ -164,7 +172,7 @@ class LocalGroupTest {
                 }
             )
 
-            group.clearDirty(null, null)
+            group.clearDirty(Optional.empty(), null)
 
             // check cached group membership
             ab.provider!!.query(
@@ -200,7 +208,7 @@ class LocalGroupTest {
                 }
             )
 
-            group.clearDirty(null, null)
+            group.clearDirty(Optional.empty(), null)
 
             // cached group membership should be gone
             ab.provider!!.query(
@@ -213,7 +221,6 @@ class LocalGroupTest {
             }
     }
 
-
     @Test
     fun testMarkMembersDirty() {
         localTestAddressBookProvider.provide(account, provider, GroupMethod.CATEGORIES) { ab ->
@@ -223,7 +230,7 @@ class LocalGroupTest {
                 LocalContact(ab, Contact().apply { displayName = "Test" }, "fn.vcf", null, 0)
             contact1.add()
 
-            val batch = BatchOperation(ab.provider!!)
+            val batch = ContactsBatchOperation(ab.provider!!)
             contact1.addToGroup(batch, group.id!!)
             batch.commit()
 
@@ -233,17 +240,11 @@ class LocalGroupTest {
         }
     }
 
-
     @Test
-    fun testPrepareForUpload() {
-        localTestAddressBookProvider.provide(account, provider, GroupMethod.CATEGORIES) { ab ->
+    fun testUpdate() {
+        localTestAddressBookProvider.provide(account, provider) { ab ->
             val group = newGroup(ab)
-            assertNull(group.getContact().uid)
-
-            val fileName = group.prepareForUpload()
-            val newUid = group.getContact().uid
-            assertNotNull(newUid)
-            assertEquals("$newUid.vcf", fileName)
+            group.update(Contact(displayName = "New Group Name"), null, null, null, 0)
         }
     }
 
@@ -259,27 +260,4 @@ class LocalGroupTest {
             add()
         }
 
-
-    companion object {
-
-        @JvmField
-        @ClassRule
-        val permissionRule = GrantPermissionRule.grant(Manifest.permission.READ_CONTACTS, Manifest.permission.WRITE_CONTACTS)!!
-
-        private lateinit var provider: ContentProviderClient
-
-        @BeforeClass
-        @JvmStatic
-        fun connect() {
-            val context = InstrumentationRegistry.getInstrumentation().context
-            provider = context.contentResolver.acquireContentProviderClient(ContactsContract.AUTHORITY)!!
-        }
-
-        @AfterClass
-        @JvmStatic
-        fun disconnect() {
-            provider.close()
-        }
-    }
-
 }

app/src/androidTest/kotlin/at/bitfire/davdroid/resource/LocalTestAddressBook.kt

@@ -10,7 +10,7 @@ import android.content.Context
 import at.bitfire.davdroid.repository.DavCollectionRepository
 import at.bitfire.davdroid.repository.DavServiceRepository
 import at.bitfire.davdroid.settings.AccountSettings
-import at.bitfire.davdroid.sync.SyncFrameworkIntegration
+import at.bitfire.davdroid.sync.adapter.SyncFrameworkIntegration
 import at.bitfire.vcard4android.GroupMethod
 import dagger.assisted.Assisted
 import dagger.assisted.AssistedFactory

app/src/androidTest/kotlin/at/bitfire/davdroid/servicedetection/CollectionListRefresherTest.kt

@@ -1,749 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid.servicedetection
-
-import android.security.NetworkSecurityPolicy
-import at.bitfire.davdroid.db.AppDatabase
-import at.bitfire.davdroid.db.Collection
-import at.bitfire.davdroid.db.HomeSet
-import at.bitfire.davdroid.db.Principal
-import at.bitfire.davdroid.db.Service
-import at.bitfire.davdroid.network.HttpClient
-import at.bitfire.davdroid.settings.Settings
-import at.bitfire.davdroid.settings.SettingsManager
-import dagger.hilt.android.testing.BindValue
-import dagger.hilt.android.testing.HiltAndroidRule
-import dagger.hilt.android.testing.HiltAndroidTest
-import io.mockk.every
-import io.mockk.impl.annotations.MockK
-import io.mockk.junit4.MockKRule
-import kotlinx.coroutines.test.runTest
-import okhttp3.mockwebserver.Dispatcher
-import okhttp3.mockwebserver.MockResponse
-import okhttp3.mockwebserver.MockWebServer
-import okhttp3.mockwebserver.RecordedRequest
-import org.junit.After
-import org.junit.Assert.assertEquals
-import org.junit.Assert.assertFalse
-import org.junit.Assert.assertTrue
-import org.junit.Assume
-import org.junit.Before
-import org.junit.Rule
-import org.junit.Test
-import java.util.logging.Logger
-import javax.inject.Inject
-
-@HiltAndroidTest
-class CollectionListRefresherTest {
-
-    @Inject
-    lateinit var db: AppDatabase
-
-    @Inject
-    lateinit var httpClientBuilder: HttpClient.Builder
-
-    @Inject
-    lateinit var logger: Logger
-
-    @Inject
-    lateinit var refresherFactory: CollectionListRefresher.Factory
-
-    @BindValue
-    @MockK(relaxed = true)
-    lateinit var settings: SettingsManager
-
-    @get:Rule
-    val hiltRule = HiltAndroidRule(this)
-
-    @get:Rule
-    val mockKRule = MockKRule(this)
-
-    private lateinit var client: HttpClient
-    private lateinit var mockServer: MockWebServer
-    private lateinit var service: Service
-
-    @Before
-    fun setUp() {
-        hiltRule.inject()
-
-        // Start mock web server
-        mockServer = MockWebServer().apply {
-            dispatcher = TestDispatcher(logger)
-            start()
-        }
-
-        // build HTTP client
-        client = httpClientBuilder.build()
-        Assume.assumeTrue(NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted)
-
-        // insert test service
-        val serviceId = db.serviceDao().insertOrReplace(
-            Service(id = 0, accountName = "test", type = Service.TYPE_CARDDAV, principal = null)
-        )
-        service = db.serviceDao().get(serviceId)!!
-    }
-
-    @After
-    fun tearDown() {
-        client.close()
-        mockServer.shutdown()
-    }
-
-
-    @Test
-    fun testDiscoverHomesets() {
-        val baseUrl = mockServer.url(PATH_CARDDAV + SUBPATH_PRINCIPAL)
-
-        // Query home sets
-        refresherFactory.create(service, client.okHttpClient).discoverHomesets(baseUrl)
-
-        // Check home set has been saved correctly to database
-        val savedHomesets = db.homeSetDao().getByService(service.id)
-        assertEquals(2, savedHomesets.size)
-
-        // Home set from current-user-principal
-        val personalHomeset = savedHomesets[1]
-        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL/"), personalHomeset.url)
-        assertEquals(service.id, personalHomeset.serviceId)
-        // personal should be true for homesets detected at first query of current-user-principal (Even if they occur in a group principal as well!!!)
-        assertEquals(true, personalHomeset.personal)
-
-        // Home set found in a group principal
-        val groupHomeset = savedHomesets[0]
-        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_HOMESET_NON_PERSONAL/"), groupHomeset.url)
-        assertEquals(service.id, groupHomeset.serviceId)
-        // personal should be false for homesets not detected at the first query of current-user-principal (IE. in groups)
-        assertEquals(false, groupHomeset.personal)
-    }
-
-
-    // refreshHomesetsAndTheirCollections
-
-    @Test
-    fun refreshHomesetsAndTheirCollections_addsNewCollection() = runTest {
-        // save homeset in DB
-        val homesetId = db.homeSetDao().insert(
-            HomeSet(id=0, service.id, true, mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL"))
-        )
-
-        // Refresh
-        refresherFactory.create(service, client.okHttpClient).refreshHomesetsAndTheirCollections()
-
-        // Check the collection defined in homeset is now in the database
-        assertEquals(
-            Collection(
-                1,
-                service.id,
-                homesetId,
-                1, // will have gotten an owner too
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
-                displayName = "My Contacts",
-                description = "My Contacts Description"
-            ),
-            db.collectionDao().getByService(service.id).first()
-        )
-    }
-
-    @Test
-    fun refreshHomesetsAndTheirCollections_updatesExistingCollection() {
-        // save "old" collection in DB
-        val collectionId = db.collectionDao().insertOrUpdateByUrl(
-            Collection(
-                0,
-                service.id,
-                null,
-                null,
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
-                displayName = "My Contacts",
-                description = "My Contacts Description"
-            )
-        )
-
-        // Refresh
-        refresherFactory.create(service, client.okHttpClient).refreshHomesetsAndTheirCollections()
-
-        // Check the collection got updated
-        assertEquals(
-            Collection(
-                collectionId,
-                service.id,
-                null,
-                null,
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
-                displayName = "My Contacts",
-                description = "My Contacts Description"
-            ),
-            db.collectionDao().get(collectionId)
-        )
-    }
-
-    @Test
-    fun refreshHomesetsAndTheirCollections_preservesCollectionFlags() {
-        // save "old" collection in DB - with set flags
-        val collectionId = db.collectionDao().insertOrUpdateByUrl(
-            Collection(
-                0,
-                service.id,
-                null,
-                null,
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
-                displayName = "My Contacts",
-                description = "My Contacts Description",
-                forceReadOnly = true,
-                sync = true
-            )
-        )
-
-        // Refresh
-        refresherFactory.create(service, client.okHttpClient).refreshHomesetsAndTheirCollections()
-
-        // Check the collection got updated
-        assertEquals(
-            Collection(
-                collectionId,
-                service.id,
-                null,
-                null,
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
-                displayName = "My Contacts",
-                description = "My Contacts Description",
-                forceReadOnly = true,
-                sync = true
-            ),
-            db.collectionDao().get(collectionId)
-        )
-    }
-
-    @Test
-    fun refreshHomesetsAndTheirCollections_marksRemovedCollectionsAsHomeless() {
-        // save homeset in DB - which is empty (zero address books) on the serverside
-        val homesetId = db.homeSetDao().insert(
-            HomeSet(id=0, service.id, true, mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_HOMESET_EMPTY"))
-        )
-
-        // place collection in DB - as part of the homeset
-        val collectionId = db.collectionDao().insertOrUpdateByUrl(
-            Collection(
-                0,
-                service.id,
-                homesetId,
-                null,
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/")
-            )
-        )
-
-        // Refresh - should mark collection as homeless, because serverside homeset is empty.
-        refresherFactory.create(service, client.okHttpClient).refreshHomesetsAndTheirCollections()
-
-        // Check the collection, is now marked as homeless
-        assertEquals(null, db.collectionDao().get(collectionId)!!.homeSetId)
-    }
-
-    @Test
-    fun refreshHomesetsAndTheirCollections_addsOwnerUrls() {
-        // save a homeset in DB
-        val homesetId = db.homeSetDao().insert(
-            HomeSet(id=0, service.id, true, mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL"))
-        )
-
-        // place collection in DB - as part of the homeset
-        val collectionId = db.collectionDao().insertOrUpdateByUrl(
-            Collection(
-                0,
-                service.id,
-                homesetId, // part of above home set
-                null,
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/")
-            )
-        )
-
-        // Refresh - homesets and their collections
-        assertEquals(0, db.principalDao().getByService(service.id).size)
-        refresherFactory.create(service, client.okHttpClient).refreshHomesetsAndTheirCollections()
-
-        // Check principal saved and the collection was updated with its reference
-        val principals = db.principalDao().getByService(service.id)
-        assertEquals(1, principals.size)
-        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL"), principals[0].url)
-        assertEquals(null, principals[0].displayName)
-        assertEquals(
-            principals[0].id,
-            db.collectionDao().get(collectionId)!!.ownerId
-        )
-    }
-
-
-    // refreshHomelessCollections
-
-    @Test
-    fun refreshHomelessCollections_updatesExistingCollection() {
-        // place homeless collection in DB
-        val collectionId = db.collectionDao().insertOrUpdateByUrl(
-            Collection(
-                0,
-                service.id,
-                null,
-                null,
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
-            )
-        )
-
-        // Refresh
-        refresherFactory.create(service, client.okHttpClient).refreshHomelessCollections()
-
-        // Check the collection got updated - with display name and description
-        assertEquals(
-            Collection(
-                collectionId,
-                service.id,
-                null,
-                1, // will have gotten an owner too
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
-                displayName = "My Contacts",
-                description = "My Contacts Description"
-            ),
-            db.collectionDao().get(collectionId)
-        )
-    }
-
-    @Test
-    fun refreshHomelessCollections_deletesInaccessibleCollections() {
-        // place homeless collection in DB - it is also inaccessible
-        val collectionId = db.collectionDao().insertOrUpdateByUrl(
-            Collection(
-                0,
-                service.id,
-                null,
-                null,
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_INACCESSIBLE")
-            )
-        )
-
-        // Refresh - should delete collection
-        refresherFactory.create(service, client.okHttpClient).refreshHomelessCollections()
-
-        // Check the collection got deleted
-        assertEquals(null, db.collectionDao().get(collectionId))
-    }
-
-    @Test
-    fun refreshHomelessCollections_addsOwnerUrls() {
-        // place homeless collection in DB
-        val collectionId = db.collectionDao().insertOrUpdateByUrl(
-            Collection(
-                0,
-                service.id,
-                null,
-                null,
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
-            )
-        )
-
-        // Refresh homeless collections
-        assertEquals(0, db.principalDao().getByService(service.id).size)
-        refresherFactory.create(service, client.okHttpClient).refreshHomelessCollections()
-
-        // Check principal saved and the collection was updated with its reference
-        val principals = db.principalDao().getByService(service.id)
-        assertEquals(1, principals.size)
-        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL"), principals[0].url)
-        assertEquals(null, principals[0].displayName)
-        assertEquals(
-            principals[0].id,
-            db.collectionDao().get(collectionId)!!.ownerId
-        )
-    }
-
-
-    // refreshPrincipals
-
-    @Test
-    fun refreshPrincipals_inaccessiblePrincipal() {
-        // place principal without display name in db
-        val principalId = db.principalDao().insert(
-            Principal(
-                0,
-                service.id,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL_INACCESSIBLE"), // no trailing slash
-                null // no display name for now
-            )
-        )
-        // add an associated collection - as the principal is rightfully removed otherwise
-        db.collectionDao().insertOrUpdateByUrl(
-            Collection(
-                0,
-                service.id,
-                null,
-                principalId, // create association with principal
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"), // with trailing slash
-            )
-        )
-
-        // Refresh principals
-        refresherFactory.create(service, client.okHttpClient).refreshPrincipals()
-
-        // Check principal was not updated
-        val principals = db.principalDao().getByService(service.id)
-        assertEquals(1, principals.size)
-        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL_INACCESSIBLE"), principals[0].url)
-        assertEquals(null, principals[0].displayName)
-    }
-
-    @Test
-    fun refreshPrincipals_updatesPrincipal() {
-        // place principal without display name in db
-        val principalId = db.principalDao().insert(
-            Principal(
-                0,
-                service.id,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL"), // no trailing slash
-                null // no display name for now
-            )
-        )
-        // add an associated collection - as the principal is rightfully removed otherwise
-        db.collectionDao().insertOrUpdateByUrl(
-            Collection(
-                0,
-                service.id,
-                null,
-                principalId, // create association with principal
-                Collection.TYPE_ADDRESSBOOK,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"), // with trailing slash
-            )
-        )
-
-        // Refresh principals
-        refresherFactory.create(service, client.okHttpClient).refreshPrincipals()
-
-        // Check principal now got a display name
-        val principals = db.principalDao().getByService(service.id)
-        assertEquals(1, principals.size)
-        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL"), principals[0].url)
-        assertEquals("Mr. Wobbles", principals[0].displayName)
-    }
-
-    @Test
-    fun refreshPrincipals_deletesPrincipalsWithoutCollections() {
-        // place principal without collections in DB
-        db.principalDao().insert(
-            Principal(
-                0,
-                service.id,
-                mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL_WITHOUT_COLLECTIONS/")
-            )
-        )
-
-        // Refresh principals - detecting it does not own collections
-        refresherFactory.create(service, client.okHttpClient).refreshPrincipals()
-
-        // Check principal was deleted
-        val principals = db.principalDao().getByService(service.id)
-        assertEquals(0, principals.size)
-    }
-
-    // Others
-
-    @Test
-    fun shouldPreselect_none() {
-        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_NONE
-        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns ""
-
-        val collection = Collection(
-            0,
-            service.id,
-            0,
-            type = Collection.TYPE_ADDRESSBOOK,
-            url = mockServer.url("/addressbook-homeset/addressbook/")
-        )
-        val homesets = listOf(
-            HomeSet(
-                id = 0,
-                serviceId = service.id,
-                personal = true,
-                url = mockServer.url("/addressbook-homeset/")
-            )
-        )
-
-        val refresher = refresherFactory.create(service, client.okHttpClient)
-        assertFalse(refresher.shouldPreselect(collection, homesets))
-    }
-
-    @Test
-    fun shouldPreselect_all() {
-        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_ALL
-        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns ""
-
-        val collection = Collection(
-            0,
-            service.id,
-            0,
-            type = Collection.TYPE_ADDRESSBOOK,
-            url = mockServer.url("/addressbook-homeset/addressbook/")
-        )
-        val homesets = listOf(
-            HomeSet(
-                id = 0,
-                serviceId = service.id,
-                personal = false,
-                url = mockServer.url("/addressbook-homeset/")
-            )
-        )
-
-        val refresher = refresherFactory.create(service, client.okHttpClient)
-        assertTrue(refresher.shouldPreselect(collection, homesets))
-    }
-
-    @Test
-    fun shouldPreselect_all_blacklisted() {
-        val url = mockServer.url("/addressbook-homeset/addressbook/")
-
-        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_ALL
-        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns url.toString()
-
-        val collection = Collection(
-            id = 0,
-            serviceId = service.id,
-            homeSetId = 0,
-            type = Collection.TYPE_ADDRESSBOOK,
-            url = url
-        )
-        val homesets = listOf(
-            HomeSet(
-                id = 0,
-                serviceId = service.id,
-                personal = false,
-                url = mockServer.url("/addressbook-homeset/")
-            )
-        )
-
-        val refresher = refresherFactory.create(service, client.okHttpClient)
-        assertFalse(refresher.shouldPreselect(collection, homesets))
-    }
-
-    @Test
-    fun shouldPreselect_personal_notPersonal() {
-        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_PERSONAL
-        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns ""
-
-        val collection = Collection(
-            id = 0,
-            serviceId = service.id,
-            homeSetId = 0,
-            type = Collection.TYPE_ADDRESSBOOK,
-            url = mockServer.url("/addressbook-homeset/addressbook/")
-        )
-        val homesets = listOf(
-            HomeSet(
-                id = 0,
-                serviceId = service.id,
-                personal = false,
-                url = mockServer.url("/addressbook-homeset/")
-            )
-        )
-
-        val refresher = refresherFactory.create(service, client.okHttpClient)
-        assertFalse(refresher.shouldPreselect(collection, homesets))
-    }
-
-    @Test
-    fun shouldPreselect_personal_isPersonal() {
-        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_PERSONAL
-        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns ""
-
-        val collection = Collection(
-            0,
-            service.id,
-            0,
-            type = Collection.TYPE_ADDRESSBOOK,
-            url = mockServer.url("/addressbook-homeset/addressbook/")
-        )
-        val homesets = listOf(
-            HomeSet(
-                id = 0,
-                serviceId = service.id,
-                personal = true,
-                url = mockServer.url("/addressbook-homeset/")
-            )
-        )
-
-        val refresher = refresherFactory.create(service, client.okHttpClient)
-        assertTrue(refresher.shouldPreselect(collection, homesets))
-    }
-
-    @Test
-    fun shouldPreselect_personal_isPersonalButBlacklisted() {
-        val collectionUrl = mockServer.url("/addressbook-homeset/addressbook/")
-
-        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_PERSONAL
-        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns collectionUrl.toString()
-
-        val collection = Collection(
-            id = 0,
-            serviceId = service.id,
-            homeSetId = 0,
-            type = Collection.TYPE_ADDRESSBOOK,
-            url = collectionUrl
-        )
-        val homesets = listOf(
-            HomeSet(
-                id = 0,
-                serviceId = service.id,
-                personal = true,
-                url = mockServer.url("/addressbook-homeset/")
-            )
-        )
-
-        val refresher = refresherFactory.create(service, client.okHttpClient)
-        assertFalse(refresher.shouldPreselect(collection, homesets))
-    }
-
-
-    companion object {
-
-        private const val PATH_CALDAV = "/caldav"
-        private const val PATH_CARDDAV = "/carddav"
-
-        private const val SUBPATH_PRINCIPAL = "/principal"
-        private const val SUBPATH_PRINCIPAL_INACCESSIBLE = "/inaccessible-principal"
-        private const val SUBPATH_PRINCIPAL_WITHOUT_COLLECTIONS = "/principal2"
-        private const val SUBPATH_GROUPPRINCIPAL_0 = "/groups/0"
-        private const val SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL = "/addressbooks-homeset"
-        private const val SUBPATH_ADDRESSBOOK_HOMESET_NON_PERSONAL = "/addressbooks-homeset-non-personal"
-        private const val SUBPATH_ADDRESSBOOK_HOMESET_EMPTY = "/addressbooks-homeset-empty"
-        private const val SUBPATH_ADDRESSBOOK = "/addressbooks/my-contacts"
-        private const val SUBPATH_ADDRESSBOOK_INACCESSIBLE = "/addressbooks/inaccessible-contacts"
-
-    }
-
-    class TestDispatcher(
-        private val logger: Logger
-    ): Dispatcher() {
-
-        override fun dispatch(request: RecordedRequest): MockResponse {
-            val path = request.path!!.trimEnd('/')
-
-            if (request.method.equals("PROPFIND", true)) {
-                val properties = when (path) {
-                    PATH_CALDAV,
-                    PATH_CARDDAV ->
-                        "<current-user-principal>" +
-                        "   <href>$path${SUBPATH_PRINCIPAL}</href>" +
-                        "</current-user-principal>"
-
-                    PATH_CARDDAV + SUBPATH_PRINCIPAL ->
-                        "<resourcetype><principal/></resourcetype>" +
-                        "<displayname>Mr. Wobbles</displayname>" +
-                        "<CARD:addressbook-home-set>" +
-                        "   <href>${PATH_CARDDAV}${SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL}</href>" +
-                        "</CARD:addressbook-home-set>" +
-                        "<group-membership>" +
-                        "   <href>${PATH_CARDDAV}${SUBPATH_GROUPPRINCIPAL_0}</href>" +
-                        "</group-membership>"
-
-                    PATH_CARDDAV + SUBPATH_PRINCIPAL_WITHOUT_COLLECTIONS ->
-                        "<CARD:addressbook-home-set>" +
-                        "   <href>${PATH_CARDDAV}${SUBPATH_ADDRESSBOOK_HOMESET_EMPTY}</href>" +
-                        "</CARD:addressbook-home-set>" +
-                        "<displayname>Mr. Wobbles Jr.</displayname>"
-
-                    PATH_CARDDAV + SUBPATH_GROUPPRINCIPAL_0 ->
-                        "<resourcetype><principal/></resourcetype>" +
-                        "<displayname>All address books</displayname>" +
-                        "<CARD:addressbook-home-set>" +
-                        "   <href>${PATH_CARDDAV}${SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL}</href>" +
-                        "   <href>${PATH_CARDDAV}${SUBPATH_ADDRESSBOOK_HOMESET_NON_PERSONAL}</href>" +
-                        "</CARD:addressbook-home-set>"
-
-                    PATH_CARDDAV + SUBPATH_ADDRESSBOOK,
-                    PATH_CARDDAV + SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL ->
-                        "<resourcetype>" +
-                        "   <collection/>" +
-                        "   <CARD:addressbook/>" +
-                        "</resourcetype>" +
-                        "<displayname>My Contacts</displayname>" +
-                        "<CARD:addressbook-description>My Contacts Description</CARD:addressbook-description>" +
-                        "<owner>" +
-                        "   <href>${PATH_CARDDAV + SUBPATH_PRINCIPAL}</href>" +
-                        "</owner>"
-
-                    PATH_CARDDAV + SUBPATH_ADDRESSBOOK_HOMESET_NON_PERSONAL ->
-                        "<resourcetype>" +
-                        "   <collection/>" +
-                        "   <CARD:addressbook/>" +
-                        "</resourcetype>" +
-                        "<displayname>Freds Contacts (not mine)</displayname>" +
-                        "<CARD:addressbook-description>Not personal contacts</CARD:addressbook-description>" +
-                        "<owner>" +
-                        "   <href>${PATH_CARDDAV + SUBPATH_PRINCIPAL}</href>" + // OK, user is allowed to own non-personal contacts
-                        "</owner>"
-
-                    PATH_CALDAV + SUBPATH_PRINCIPAL ->
-                        "<CAL:calendar-user-address-set>" +
-                        "  <href>urn:unknown-entry</href>" +
-                        "  <href>mailto:email1@example.com</href>" +
-                        "  <href>mailto:email2@example.com</href>" +
-                        "</CAL:calendar-user-address-set>"
-
-                    SUBPATH_ADDRESSBOOK_HOMESET_EMPTY -> ""
-
-                    else -> ""
-                }
-
-                var responseBody = ""
-                var responseCode = 207
-                when (path) {
-                    PATH_CARDDAV + SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL ->
-                        responseBody =
-                            "<multistatus xmlns='DAV:' xmlns:CARD='urn:ietf:params:xml:ns:carddav' xmlns:CAL='urn:ietf:params:xml:ns:caldav'>" +
-                            "<response>" +
-                            "   <href>${PATH_CARDDAV + SUBPATH_ADDRESSBOOK}</href>" +
-                            "   <propstat><prop>" +
-                                    properties +
-                            "   </prop></propstat>" +
-                            "   <status>HTTP/1.1 200 OK</status>" +
-                            "</response>" +
-                            "</multistatus>"
-
-                    PATH_CARDDAV + SUBPATH_PRINCIPAL_INACCESSIBLE,
-                    PATH_CARDDAV + SUBPATH_ADDRESSBOOK_INACCESSIBLE ->
-                        responseCode = 404
-
-                    else ->
-                        responseBody =
-                            "<multistatus xmlns='DAV:' xmlns:CARD='urn:ietf:params:xml:ns:carddav' xmlns:CAL='urn:ietf:params:xml:ns:caldav'>" +
-                            "<response>" +
-                            "   <href>$path</href>" +
-                            "   <propstat><prop>"+
-                                    properties +
-                            "   </prop></propstat>" +
-                            "</response>" +
-                            "</multistatus>"
-                }
-
-                logger.info("Queried: $path")
-                logger.info("Response: $responseBody")
-                return MockResponse()
-                    .setResponseCode(responseCode)
-                    .setBody(responseBody)
-            }
-
-            return MockResponse().setResponseCode(404)
-        }
-
-    }
-
-}

app/src/androidTest/kotlin/at/bitfire/davdroid/servicedetection/CollectionsWithoutHomeSetRefresherTest.kt

@@ -0,0 +1,219 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.servicedetection
+
+import at.bitfire.davdroid.db.AppDatabase
+import at.bitfire.davdroid.db.Collection
+import at.bitfire.davdroid.db.Service
+import at.bitfire.davdroid.network.HttpClientBuilder
+import at.bitfire.davdroid.settings.SettingsManager
+import dagger.hilt.android.testing.BindValue
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import io.mockk.impl.annotations.MockK
+import io.mockk.junit4.MockKRule
+import okhttp3.OkHttpClient
+import okhttp3.mockwebserver.Dispatcher
+import okhttp3.mockwebserver.MockResponse
+import okhttp3.mockwebserver.MockWebServer
+import okhttp3.mockwebserver.RecordedRequest
+import org.junit.After
+import org.junit.Assert.assertEquals
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import java.util.logging.Logger
+import javax.inject.Inject
+
+@HiltAndroidTest
+class CollectionsWithoutHomeSetRefresherTest {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @get:Rule
+    val mockKRule = MockKRule(this)
+
+    @Inject
+    lateinit var db: AppDatabase
+
+    @Inject
+    lateinit var httpClientBuilder: HttpClientBuilder
+
+    @Inject
+    lateinit var logger: Logger
+
+    @Inject
+    lateinit var refresherFactory: CollectionsWithoutHomeSetRefresher.Factory
+
+    @BindValue
+    @MockK(relaxed = true)
+    lateinit var settings: SettingsManager
+
+    private lateinit var client: OkHttpClient
+    private lateinit var mockServer: MockWebServer
+    private lateinit var service: Service
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+
+        // Start mock web server
+        mockServer = MockWebServer().apply {
+            dispatcher = TestDispatcher(logger)
+            start()
+        }
+
+        // build HTTP client
+        client = httpClientBuilder.build()
+
+        // insert test service
+        val serviceId = db.serviceDao().insertOrReplace(
+            Service(id = 0, accountName = "test", type = Service.TYPE_CARDDAV, principal = null)
+        )
+        service = db.serviceDao().get(serviceId)!!
+    }
+
+    @After
+    fun tearDown() {
+        mockServer.shutdown()
+    }
+
+
+    // refreshCollectionsWithoutHomeSet
+
+    @Test
+    fun refreshCollectionsWithoutHomeSet_updatesExistingCollection() {
+        // place homeless collection in DB
+        val collectionId = db.collectionDao().insertOrUpdateByUrl(
+            Collection(
+                0,
+                service.id,
+                null,
+                null,
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
+            )
+        )
+
+        // Refresh
+        refresherFactory.create(service, client).refreshCollectionsWithoutHomeSet()
+
+        // Check the collection got updated - with display name and description
+        assertEquals(
+            Collection(
+                collectionId,
+                service.id,
+                null,
+                1, // will have gotten an owner too
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
+                displayName = "My Contacts",
+                description = "My Contacts Description"
+            ),
+            db.collectionDao().get(collectionId)
+        )
+    }
+
+    @Test
+    fun refreshCollectionsWithoutHomeSet_deletesInaccessibleCollectionsWithoutHomeSet() {
+        // place homeless collection in DB - it is also inaccessible
+        val collectionId = db.collectionDao().insertOrUpdateByUrl(
+            Collection(
+                0,
+                service.id,
+                null,
+                null,
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_INACCESSIBLE")
+            )
+        )
+
+        // Refresh - should delete collection
+        refresherFactory.create(service, client).refreshCollectionsWithoutHomeSet()
+
+        // Check the collection got deleted
+        assertEquals(null, db.collectionDao().get(collectionId))
+    }
+
+    @Test
+    fun refreshCollectionsWithoutHomeSet_addsOwnerUrls() {
+        // place homeless collection in DB
+        val collectionId = db.collectionDao().insertOrUpdateByUrl(
+            Collection(
+                0,
+                service.id,
+                null,
+                null,
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
+            )
+        )
+
+        // Refresh homeless collections
+        assertEquals(0, db.principalDao().getByService(service.id).size)
+        refresherFactory.create(service, client).refreshCollectionsWithoutHomeSet()
+
+        // Check principal saved and the collection was updated with its reference
+        val principals = db.principalDao().getByService(service.id)
+        assertEquals(1, principals.size)
+        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL"), principals[0].url)
+        assertEquals(null, principals[0].displayName)
+        assertEquals(
+            principals[0].id,
+            db.collectionDao().get(collectionId)!!.ownerId
+        )
+    }
+
+
+    companion object {
+        private const val PATH_CARDDAV = "/carddav"
+        private const val SUBPATH_PRINCIPAL = "/principal"
+        private const val SUBPATH_ADDRESSBOOK = "/addressbooks/my-contacts"
+        private const val SUBPATH_ADDRESSBOOK_INACCESSIBLE = "/addressbooks/inaccessible-contacts"
+    }
+
+    class TestDispatcher(
+        private val logger: Logger
+    ): Dispatcher() {
+
+        override fun dispatch(request: RecordedRequest): MockResponse {
+            val path = request.path!!.trimEnd('/')
+            logger.info("${request.method} on $path")
+
+            if (request.method.equals("PROPFIND", true)) {
+                val properties = when (path) {
+                    PATH_CARDDAV + SUBPATH_ADDRESSBOOK ->
+                        "<resourcetype>" +
+                        "   <collection/>" +
+                        "   <CARD:addressbook/>" +
+                        "</resourcetype>" +
+                        "<displayname>My Contacts</displayname>" +
+                        "<CARD:addressbook-description>My Contacts Description</CARD:addressbook-description>" +
+                        "<owner>" +
+                        "   <href>${PATH_CARDDAV + SUBPATH_PRINCIPAL}</href>" +
+                        "</owner>"
+
+                    else -> ""
+                }
+
+                return MockResponse()
+                    .setResponseCode(207)
+                    .setBody("<multistatus xmlns='DAV:' xmlns:CARD='urn:ietf:params:xml:ns:carddav' xmlns:CAL='urn:ietf:params:xml:ns:caldav'>" +
+                            "<response>" +
+                            "   <href>$path</href>" +
+                            "   <propstat><prop>"+
+                            properties +
+                            "   </prop></propstat>" +
+                            "</response>" +
+                            "</multistatus>")
+            }
+
+            return MockResponse().setResponseCode(404)
+        }
+
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/servicedetection/DavResourceFinderTest.kt

@@ -4,15 +4,16 @@
 
 package at.bitfire.davdroid.servicedetection
 
-import android.security.NetworkSecurityPolicy
-import at.bitfire.dav4jvm.DavResource
-import at.bitfire.dav4jvm.property.carddav.AddressbookHomeSet
-import at.bitfire.dav4jvm.property.webdav.ResourceType
-import at.bitfire.davdroid.db.Credentials
-import at.bitfire.davdroid.network.HttpClient
+import at.bitfire.dav4jvm.okhttp.DavResource
+import at.bitfire.dav4jvm.property.carddav.CardDAV
+import at.bitfire.dav4jvm.property.webdav.WebDAV
+import at.bitfire.davdroid.network.HttpClientBuilder
 import at.bitfire.davdroid.servicedetection.DavResourceFinder.Configuration.ServiceInfo
+import at.bitfire.davdroid.settings.Credentials
+import at.bitfire.davdroid.util.SensitiveString.Companion.toSensitiveString
 import dagger.hilt.android.testing.HiltAndroidRule
 import dagger.hilt.android.testing.HiltAndroidTest
+import okhttp3.OkHttpClient
 import okhttp3.mockwebserver.Dispatcher
 import okhttp3.mockwebserver.MockResponse
 import okhttp3.mockwebserver.MockWebServer
@@ -23,7 +24,6 @@ import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
 import org.junit.Assert.assertNull
 import org.junit.Assert.assertTrue
-import org.junit.Assume
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
@@ -49,7 +49,7 @@ class DavResourceFinderTest {
     val hiltRule = HiltAndroidRule(this)
 
     @Inject
-    lateinit var httpClientBuilder: HttpClient.Builder
+    lateinit var httpClientBuilder: HttpClientBuilder
 
     @Inject
     lateinit var logger: Logger
@@ -58,7 +58,7 @@ class DavResourceFinderTest {
     lateinit var resourceFinderFactory: DavResourceFinder.Factory
 
     private lateinit var server: MockWebServer
-    private lateinit var client: HttpClient
+    private lateinit var client: OkHttpClient
     private lateinit var finder: DavResourceFinder
 
     @Before
@@ -70,11 +70,10 @@ class DavResourceFinderTest {
             start()
         }
 
-        val credentials = Credentials(username = "mock", password = "12345".toCharArray())
+        val credentials = Credentials(username = "mock", password = "12345".toSensitiveString())
         client = httpClientBuilder
-                .authenticate(host = null, credentials = credentials)
+                .authenticate(domain = null, getCredentials = { credentials })
                 .build()
-        Assume.assumeTrue(NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted)
 
         val baseURI = URI.create("/")
         finder = resourceFinderFactory.create(baseURI, credentials)
@@ -82,7 +81,6 @@ class DavResourceFinderTest {
 
     @After
     fun tearDown() {
-        client.close()
         server.shutdown()
     }
 
@@ -91,9 +89,9 @@ class DavResourceFinderTest {
     fun testRememberIfAddressBookOrHomeset() {
         // recognize home set
         var info = ServiceInfo()
-        DavResource(client.okHttpClient, server.url(PATH_CARDDAV + SUBPATH_PRINCIPAL))
-                .propfind(0, AddressbookHomeSet.NAME) { response, _ ->
-            finder.scanResponse(ResourceType.ADDRESSBOOK, response, info)
+        DavResource(client, server.url(PATH_CARDDAV + SUBPATH_PRINCIPAL))
+                .propfind(0, CardDAV.AddressbookHomeSet) { response, _ ->
+            finder.scanResponse(CardDAV.Addressbook, response, info)
         }
         assertEquals(0, info.collections.size)
         assertEquals(1, info.homeSets.size)
@@ -101,9 +99,9 @@ class DavResourceFinderTest {
 
         // recognize address book
         info = ServiceInfo()
-        DavResource(client.okHttpClient, server.url(PATH_CARDDAV + SUBPATH_ADDRESSBOOK))
-                .propfind(0, ResourceType.NAME) { response, _ ->
-            finder.scanResponse(ResourceType.ADDRESSBOOK, response, info)
+        DavResource(client, server.url(PATH_CARDDAV + SUBPATH_ADDRESSBOOK))
+                .propfind(0, WebDAV.ResourceType) { response, _ ->
+            finder.scanResponse(CardDAV.Addressbook, response, info)
         }
         assertEquals(1, info.collections.size)
         assertEquals(server.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"), info.collections.keys.first())

app/src/androidTest/kotlin/at/bitfire/davdroid/servicedetection/HomeSetRefresherTest.kt

@@ -0,0 +1,470 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.servicedetection
+
+import at.bitfire.davdroid.db.AppDatabase
+import at.bitfire.davdroid.db.Collection
+import at.bitfire.davdroid.db.HomeSet
+import at.bitfire.davdroid.db.Service
+import at.bitfire.davdroid.network.HttpClientBuilder
+import at.bitfire.davdroid.settings.Settings
+import at.bitfire.davdroid.settings.SettingsManager
+import dagger.hilt.android.testing.BindValue
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import io.mockk.every
+import io.mockk.impl.annotations.MockK
+import io.mockk.junit4.MockKRule
+import junit.framework.TestCase.assertFalse
+import junit.framework.TestCase.assertTrue
+import kotlinx.coroutines.test.runTest
+import okhttp3.OkHttpClient
+import okhttp3.mockwebserver.Dispatcher
+import okhttp3.mockwebserver.MockResponse
+import okhttp3.mockwebserver.MockWebServer
+import okhttp3.mockwebserver.RecordedRequest
+import org.junit.After
+import org.junit.Assert.assertEquals
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import java.util.logging.Logger
+import javax.inject.Inject
+
+@HiltAndroidTest
+class HomeSetRefresherTest {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @get:Rule
+    val mockKRule = MockKRule(this)
+
+    @Inject
+    lateinit var db: AppDatabase
+
+    @Inject
+    lateinit var httpClientBuilder: HttpClientBuilder
+
+    @Inject
+    lateinit var logger: Logger
+
+    @Inject
+    lateinit var homeSetRefresherFactory: HomeSetRefresher.Factory
+
+    @BindValue
+    @MockK(relaxed = true)
+    lateinit var settings: SettingsManager
+
+    private lateinit var client: OkHttpClient
+    private lateinit var mockServer: MockWebServer
+    private lateinit var service: Service
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+
+        // Start mock web server
+        mockServer = MockWebServer().apply {
+            dispatcher = TestDispatcher(logger)
+            start()
+        }
+
+        // build HTTP client
+        client = httpClientBuilder.build()
+
+        // insert test service
+        val serviceId = db.serviceDao().insertOrReplace(
+            Service(id = 0, accountName = "test", type = Service.TYPE_CARDDAV, principal = null)
+        )
+        service = db.serviceDao().get(serviceId)!!
+    }
+
+    @After
+    fun tearDown() {
+        mockServer.shutdown()
+    }
+
+
+    // refreshHomesetsAndTheirCollections
+
+    @Test
+    fun refreshHomesetsAndTheirCollections_addsNewCollection() = runTest {
+        // save homeset in DB
+        val homesetId = db.homeSetDao().insert(
+            HomeSet(id = 0, service.id, true, mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL"))
+        )
+
+        // Refresh
+        homeSetRefresherFactory.create(service, client)
+            .refreshHomesetsAndTheirCollections()
+
+        // Check the collection defined in homeset is now in the database
+        assertEquals(
+            Collection(
+                1,
+                service.id,
+                homesetId,
+                1, // will have gotten an owner too
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
+                displayName = "My Contacts",
+                description = "My Contacts Description"
+            ),
+            db.collectionDao().getByService(service.id).first()
+        )
+    }
+
+    @Test
+    fun refreshHomesetsAndTheirCollections_updatesExistingCollection() {
+        // save "old" collection in DB
+        val collectionId = db.collectionDao().insertOrUpdateByUrl(
+            Collection(
+                0,
+                service.id,
+                null,
+                null,
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
+                displayName = "My Contacts",
+                description = "My Contacts Description"
+            )
+        )
+
+        // Refresh
+        homeSetRefresherFactory.create(service, client).refreshHomesetsAndTheirCollections()
+
+        // Check the collection got updated
+        assertEquals(
+            Collection(
+                collectionId,
+                service.id,
+                null,
+                null,
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
+                displayName = "My Contacts",
+                description = "My Contacts Description"
+            ),
+            db.collectionDao().get(collectionId)
+        )
+    }
+
+    @Test
+    fun refreshHomesetsAndTheirCollections_preservesCollectionFlags() {
+        // save "old" collection in DB - with set flags
+        val collectionId = db.collectionDao().insertOrUpdateByUrl(
+            Collection(
+                0,
+                service.id,
+                null,
+                null,
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
+                displayName = "My Contacts",
+                description = "My Contacts Description",
+                forceReadOnly = true,
+                sync = true
+            )
+        )
+
+        // Refresh
+        homeSetRefresherFactory.create(service, client).refreshHomesetsAndTheirCollections()
+
+        // Check the collection got updated
+        assertEquals(
+            Collection(
+                collectionId,
+                service.id,
+                null,
+                null,
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"),
+                displayName = "My Contacts",
+                description = "My Contacts Description",
+                forceReadOnly = true,
+                sync = true
+            ),
+            db.collectionDao().get(collectionId)
+        )
+    }
+
+    @Test
+    fun refreshHomesetsAndTheirCollections_marksRemovedCollectionsAsHomeless() {
+        // save homeset in DB - which is empty (zero address books) on the serverside
+        val homesetId = db.homeSetDao().insert(
+            HomeSet(id = 0, service.id, true, mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_HOMESET_EMPTY"))
+        )
+
+        // place collection in DB - as part of the homeset
+        val collectionId = db.collectionDao().insertOrUpdateByUrl(
+            Collection(
+                0,
+                service.id,
+                homesetId,
+                null,
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/")
+            )
+        )
+
+        // Refresh - should mark collection as homeless, because serverside homeset is empty.
+        homeSetRefresherFactory.create(service, client).refreshHomesetsAndTheirCollections()
+
+        // Check the collection, is now marked as homeless
+        assertEquals(null, db.collectionDao().get(collectionId)!!.homeSetId)
+    }
+
+    @Test
+    fun refreshHomesetsAndTheirCollections_addsOwnerUrls() {
+        // save a homeset in DB
+        val homesetId = db.homeSetDao().insert(
+            HomeSet(id = 0, service.id, true, mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL"))
+        )
+
+        // place collection in DB - as part of the homeset
+        val collectionId = db.collectionDao().insertOrUpdateByUrl(
+            Collection(
+                0,
+                service.id,
+                homesetId, // part of above home set
+                null,
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/")
+            )
+        )
+
+        // Refresh - homesets and their collections
+        assertEquals(0, db.principalDao().getByService(service.id).size)
+        homeSetRefresherFactory.create(service, client).refreshHomesetsAndTheirCollections()
+
+        // Check principal saved and the collection was updated with its reference
+        val principals = db.principalDao().getByService(service.id)
+        assertEquals(1, principals.size)
+        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL"), principals[0].url)
+        assertEquals(null, principals[0].displayName)
+        assertEquals(
+            principals[0].id,
+            db.collectionDao().get(collectionId)!!.ownerId
+        )
+    }
+
+
+    // other
+
+    @Test
+    fun shouldPreselect_none() {
+        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_NONE
+        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns ""
+
+        val collection = Collection(
+            0,
+            service.id,
+            0,
+            type = Collection.TYPE_ADDRESSBOOK,
+            url = mockServer.url("/addressbook-homeset/addressbook/")
+        )
+        val homesets = listOf(
+            HomeSet(
+                id = 0,
+                serviceId = service.id,
+                personal = true,
+                url = mockServer.url("/addressbook-homeset/")
+            )
+        )
+
+        val refresher = homeSetRefresherFactory.create(service, client)
+        assertFalse(refresher.shouldPreselect(collection, homesets))
+    }
+
+    @Test
+    fun shouldPreselect_all() {
+        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_ALL
+        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns ""
+
+        val collection = Collection(
+            0,
+            service.id,
+            0,
+            type = Collection.TYPE_ADDRESSBOOK,
+            url = mockServer.url("/addressbook-homeset/addressbook/")
+        )
+        val homesets = listOf(
+            HomeSet(
+                id = 0,
+                serviceId = service.id,
+                personal = false,
+                url = mockServer.url("/addressbook-homeset/")
+            )
+        )
+
+        val refresher = homeSetRefresherFactory.create(service, client)
+        assertTrue(refresher.shouldPreselect(collection, homesets))
+    }
+
+    @Test
+    fun shouldPreselect_all_blacklisted() {
+        val url = mockServer.url("/addressbook-homeset/addressbook/")
+
+        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_ALL
+        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns url.toString()
+
+        val collection = Collection(
+            id = 0,
+            serviceId = service.id,
+            homeSetId = 0,
+            type = Collection.TYPE_ADDRESSBOOK,
+            url = url
+        )
+        val homesets = listOf(
+            HomeSet(
+                id = 0,
+                serviceId = service.id,
+                personal = false,
+                url = mockServer.url("/addressbook-homeset/")
+            )
+        )
+
+        val refresher = homeSetRefresherFactory.create(service, client)
+        assertFalse(refresher.shouldPreselect(collection, homesets))
+    }
+
+    @Test
+    fun shouldPreselect_personal_notPersonal() {
+        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_PERSONAL
+        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns ""
+
+        val collection = Collection(
+            id = 0,
+            serviceId = service.id,
+            homeSetId = 0,
+            type = Collection.TYPE_ADDRESSBOOK,
+            url = mockServer.url("/addressbook-homeset/addressbook/")
+        )
+        val homesets = listOf(
+            HomeSet(
+                id = 0,
+                serviceId = service.id,
+                personal = false,
+                url = mockServer.url("/addressbook-homeset/")
+            )
+        )
+
+        val refresher = homeSetRefresherFactory.create(service, client)
+        assertFalse(refresher.shouldPreselect(collection, homesets))
+    }
+
+    @Test
+    fun shouldPreselect_personal_isPersonal() {
+        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_PERSONAL
+        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns ""
+
+        val collection = Collection(
+            0,
+            service.id,
+            0,
+            type = Collection.TYPE_ADDRESSBOOK,
+            url = mockServer.url("/addressbook-homeset/addressbook/")
+        )
+        val homesets = listOf(
+            HomeSet(
+                id = 0,
+                serviceId = service.id,
+                personal = true,
+                url = mockServer.url("/addressbook-homeset/")
+            )
+        )
+
+        val refresher = homeSetRefresherFactory.create(service, client)
+        assertTrue(refresher.shouldPreselect(collection, homesets))
+    }
+
+    @Test
+    fun shouldPreselect_personal_isPersonalButBlacklisted() {
+        val collectionUrl = mockServer.url("/addressbook-homeset/addressbook/")
+
+        every { settings.getIntOrNull(Settings.PRESELECT_COLLECTIONS) } returns Settings.PRESELECT_COLLECTIONS_PERSONAL
+        every { settings.getString(Settings.PRESELECT_COLLECTIONS_EXCLUDED) } returns collectionUrl.toString()
+
+        val collection = Collection(
+            id = 0,
+            serviceId = service.id,
+            homeSetId = 0,
+            type = Collection.TYPE_ADDRESSBOOK,
+            url = collectionUrl
+        )
+        val homesets = listOf(
+            HomeSet(
+                id = 0,
+                serviceId = service.id,
+                personal = true,
+                url = mockServer.url("/addressbook-homeset/")
+            )
+        )
+
+        val refresher = homeSetRefresherFactory.create(service, client)
+        assertFalse(refresher.shouldPreselect(collection, homesets))
+    }
+
+
+    companion object {
+
+        private const val PATH_CARDDAV = "/carddav"
+
+        private const val SUBPATH_PRINCIPAL = "/principal"
+        private const val SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL = "/addressbooks-homeset"
+        private const val SUBPATH_ADDRESSBOOK_HOMESET_EMPTY = "/addressbooks-homeset-empty"
+        private const val SUBPATH_ADDRESSBOOK = "/addressbooks/my-contacts"
+
+    }
+
+    class TestDispatcher(
+        private val logger: Logger
+    ) : Dispatcher() {
+
+        override fun dispatch(request: RecordedRequest): MockResponse {
+            val path = request.path!!.trimEnd('/')
+
+            if (request.method.equals("PROPFIND", true)) {
+                val properties = when (path) {
+
+                    PATH_CARDDAV + SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL ->
+                        "<resourcetype>" +
+                                "   <collection/>" +
+                                "   <CARD:addressbook/>" +
+                                "</resourcetype>" +
+                                "<displayname>My Contacts</displayname>" +
+                                "<CARD:addressbook-description>My Contacts Description</CARD:addressbook-description>" +
+                                "<owner>" +
+                                "   <href>${PATH_CARDDAV + SUBPATH_PRINCIPAL}</href>" +
+                                "</owner>"
+
+                    SUBPATH_ADDRESSBOOK_HOMESET_EMPTY -> ""
+
+                    else -> ""
+                }
+
+                logger.info("Queried: $path")
+                return MockResponse()
+                    .setResponseCode(207)
+                    .setBody(
+                        "<multistatus xmlns='DAV:' xmlns:CARD='urn:ietf:params:xml:ns:carddav' xmlns:CAL='urn:ietf:params:xml:ns:caldav'>" +
+                                "<response>" +
+                                "   <href>${PATH_CARDDAV + SUBPATH_ADDRESSBOOK}</href>" +
+                                "   <propstat><prop>" +
+                                properties +
+                                "   </prop></propstat>" +
+                                "   <status>HTTP/1.1 200 OK</status>" +
+                                "</response>" +
+                                "</multistatus>"
+                    )
+            }
+
+            return MockResponse().setResponseCode(404)
+        }
+
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/servicedetection/PrincipalsRefresherTest.kt

@@ -0,0 +1,233 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.servicedetection
+
+import at.bitfire.davdroid.db.AppDatabase
+import at.bitfire.davdroid.db.Collection
+import at.bitfire.davdroid.db.Principal
+import at.bitfire.davdroid.db.Service
+import at.bitfire.davdroid.network.HttpClientBuilder
+import at.bitfire.davdroid.settings.SettingsManager
+import dagger.hilt.android.testing.BindValue
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import io.mockk.impl.annotations.MockK
+import io.mockk.junit4.MockKRule
+import junit.framework.TestCase.assertEquals
+import okhttp3.OkHttpClient
+import okhttp3.mockwebserver.Dispatcher
+import okhttp3.mockwebserver.MockResponse
+import okhttp3.mockwebserver.MockWebServer
+import okhttp3.mockwebserver.RecordedRequest
+import org.junit.After
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import java.util.logging.Logger
+import javax.inject.Inject
+
+@HiltAndroidTest
+class PrincipalsRefresherTest {
+
+    @Inject
+    lateinit var db: AppDatabase
+
+    @Inject
+    lateinit var httpClientBuilder: HttpClientBuilder
+
+    @Inject
+    lateinit var logger: Logger
+
+    @Inject
+    lateinit var principalsRefresher: PrincipalsRefresher.Factory
+
+    @BindValue
+    @MockK(relaxed = true)
+    lateinit var settings: SettingsManager
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @get:Rule
+    val mockKRule = MockKRule(this)
+
+    private lateinit var client: OkHttpClient
+    private lateinit var mockServer: MockWebServer
+    private lateinit var service: Service
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+
+        // Start mock web server
+        mockServer = MockWebServer().apply {
+            dispatcher = TestDispatcher(logger)
+            start()
+        }
+
+        // build HTTP client
+        client = httpClientBuilder.build()
+
+        // insert test service
+        val serviceId = db.serviceDao().insertOrReplace(
+            Service(id = 0, accountName = "test", type = Service.TYPE_CARDDAV, principal = null)
+        )
+        service = db.serviceDao().get(serviceId)!!
+    }
+
+    @After
+    fun tearDown() {
+        mockServer.shutdown()
+    }
+
+
+    @Test
+    fun refreshPrincipals_inaccessiblePrincipal() {
+        // place principal without display name in db
+        val principalId = db.principalDao().insert(
+            Principal(
+                0,
+                service.id,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL_INACCESSIBLE"), // no trailing slash
+                null // no display name for now
+            )
+        )
+        // add an associated collection - as the principal is rightfully removed otherwise
+        db.collectionDao().insertOrUpdateByUrl(
+            Collection(
+                0,
+                service.id,
+                null,
+                principalId, // create association with principal
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"), // with trailing slash
+            )
+        )
+
+        // Refresh principals
+        principalsRefresher.create(service, client).refreshPrincipals()
+
+        // Check principal was not updated
+        val principals = db.principalDao().getByService(service.id)
+        assertEquals(1, principals.size)
+        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL_INACCESSIBLE"), principals[0].url)
+        assertEquals(null, principals[0].displayName)
+    }
+
+    @Test
+    fun refreshPrincipals_updatesPrincipal() {
+        // place principal without display name in db
+        val principalId = db.principalDao().insert(
+            Principal(
+                0,
+                service.id,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL"), // no trailing slash
+                null // no display name for now
+            )
+        )
+        // add an associated collection - as the principal is rightfully removed otherwise
+        db.collectionDao().insertOrUpdateByUrl(
+            Collection(
+                0,
+                service.id,
+                null,
+                principalId, // create association with principal
+                Collection.TYPE_ADDRESSBOOK,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK/"), // with trailing slash
+            )
+        )
+
+        // Refresh principals
+        principalsRefresher.create(service, client).refreshPrincipals()
+
+        // Check principal now got a display name
+        val principals = db.principalDao().getByService(service.id)
+        assertEquals(1, principals.size)
+        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL"), principals[0].url)
+        assertEquals("Mr. Wobbles", principals[0].displayName)
+    }
+
+    @Test
+    fun refreshPrincipals_deletesPrincipalsWithoutCollections() {
+        // place principal without collections in DB
+        db.principalDao().insert(
+            Principal(
+                0,
+                service.id,
+                mockServer.url("$PATH_CARDDAV$SUBPATH_PRINCIPAL_WITHOUT_COLLECTIONS/")
+            )
+        )
+
+        // Refresh principals - detecting it does not own collections
+        principalsRefresher.create(service, client).refreshPrincipals()
+
+        // Check principal was deleted
+        val principals = db.principalDao().getByService(service.id)
+        assertEquals(0, principals.size)
+    }
+
+
+    companion object {
+
+        private const val PATH_CARDDAV = "/carddav"
+
+        private const val SUBPATH_PRINCIPAL = "/principal"
+        private const val SUBPATH_PRINCIPAL_INACCESSIBLE = "/inaccessible-principal"
+        private const val SUBPATH_PRINCIPAL_WITHOUT_COLLECTIONS = "/principal2"
+        private const val SUBPATH_GROUPPRINCIPAL_0 = "/groups/0"
+        private const val SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL = "/addressbooks-homeset"
+        private const val SUBPATH_ADDRESSBOOK_HOMESET_EMPTY = "/addressbooks-homeset-empty"
+        private const val SUBPATH_ADDRESSBOOK = "/addressbooks/my-contacts"
+
+    }
+
+    class TestDispatcher(
+        private val logger: Logger
+    ) : Dispatcher() {
+
+        override fun dispatch(request: RecordedRequest): MockResponse {
+            val path = request.path!!.trimEnd('/')
+
+            if (request.method.equals("PROPFIND", true)) {
+                val properties = when (path) {
+
+                    PATH_CARDDAV + SUBPATH_PRINCIPAL ->
+                        "<resourcetype><principal/></resourcetype>" +
+                                "<displayname>Mr. Wobbles</displayname>" + "<CARD:addressbook-home-set>" + "   <href>${PATH_CARDDAV}${SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL}</href>" + "</CARD:addressbook-home-set>" + "<group-membership>" + "   <href>${PATH_CARDDAV}${SUBPATH_GROUPPRINCIPAL_0}</href>" +
+                                "</group-membership>"
+
+                    PATH_CARDDAV + SUBPATH_PRINCIPAL_WITHOUT_COLLECTIONS ->
+                        "<CARD:addressbook-home-set>" +
+                                "   <href>${PATH_CARDDAV}${SUBPATH_ADDRESSBOOK_HOMESET_EMPTY}</href>" +
+                                "</CARD:addressbook-home-set>" +
+                                "<displayname>Mr. Wobbles Jr.</displayname>"
+
+
+                    SUBPATH_ADDRESSBOOK_HOMESET_EMPTY -> ""
+
+                    else -> ""
+                }
+
+                logger.info("Queried: $path")
+                return MockResponse()
+                    .setResponseCode(207)
+                    .setBody(
+                        "<multistatus xmlns='DAV:' xmlns:CARD='urn:ietf:params:xml:ns:carddav' xmlns:CAL='urn:ietf:params:xml:ns:caldav'>" +
+                                "<response>" +
+                                "   <href>$path</href>" +
+                                "   <propstat><prop>" +
+                                properties +
+                                "   </prop></propstat>" +
+                                "</response>" +
+                                "</multistatus>"
+                    )
+            }
+
+            return MockResponse().setResponseCode(404)
+        }
+
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/servicedetection/ServiceRefresherTest.kt

@@ -0,0 +1,160 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.servicedetection
+
+import at.bitfire.davdroid.db.AppDatabase
+import at.bitfire.davdroid.db.Service
+import at.bitfire.davdroid.network.HttpClientBuilder
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import okhttp3.OkHttpClient
+import okhttp3.mockwebserver.Dispatcher
+import okhttp3.mockwebserver.MockResponse
+import okhttp3.mockwebserver.MockWebServer
+import okhttp3.mockwebserver.RecordedRequest
+import org.junit.After
+import org.junit.Assert.assertEquals
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import java.util.logging.Logger
+import javax.inject.Inject
+
+@HiltAndroidTest
+class ServiceRefresherTest {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @Inject
+    lateinit var db: AppDatabase
+
+    @Inject
+    lateinit var httpClientBuilder: HttpClientBuilder
+
+    @Inject
+    lateinit var logger: Logger
+
+    @Inject
+    lateinit var serviceRefresherFactory: ServiceRefresher.Factory
+
+    private lateinit var client: OkHttpClient
+    private lateinit var mockServer: MockWebServer
+    private lateinit var service: Service
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+
+        // Start mock web server
+        mockServer = MockWebServer().apply {
+            dispatcher = TestDispatcher(logger)
+            start()
+        }
+
+        // build HTTP client
+        client = httpClientBuilder.build()
+
+        // insert test service
+        val serviceId = db.serviceDao().insertOrReplace(
+            Service(id = 0, accountName = "test", type = Service.TYPE_CARDDAV, principal = null)
+        )
+        service = db.serviceDao().get(serviceId)!!
+    }
+
+    @After
+    fun tearDown() {
+        mockServer.shutdown()
+    }
+
+
+    @Test
+    fun testDiscoverHomesets() {
+        val baseUrl = mockServer.url(PATH_CARDDAV + SUBPATH_PRINCIPAL)
+
+        // Query home sets
+        serviceRefresherFactory.create(service, client)
+            .discoverHomesets(baseUrl)
+
+        // Check home set has been saved correctly to database
+        val savedHomesets = db.homeSetDao().getByService(service.id)
+        assertEquals(2, savedHomesets.size)
+
+        // Home set from current-user-principal
+        val personalHomeset = savedHomesets[1]
+        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL/"), personalHomeset.url)
+        assertEquals(service.id, personalHomeset.serviceId)
+        // personal should be true for homesets detected at first query of current-user-principal (Even if they occur in a group principal as well!!!)
+        assertEquals(true, personalHomeset.personal)
+
+        // Home set found in a group principal
+        val groupHomeset = savedHomesets[0]
+        assertEquals(mockServer.url("$PATH_CARDDAV$SUBPATH_ADDRESSBOOK_HOMESET_NON_PERSONAL/"), groupHomeset.url)
+        assertEquals(service.id, groupHomeset.serviceId)
+        // personal should be false for homesets not detected at the first query of current-user-principal (IE. in groups)
+        assertEquals(false, groupHomeset.personal)
+    }
+
+
+    companion object {
+        private const val PATH_CARDDAV = "/carddav"
+
+        private const val SUBPATH_PRINCIPAL = "/principal"
+        private const val SUBPATH_GROUPPRINCIPAL_0 = "/groups/0"
+        private const val SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL = "/addressbooks-homeset"
+        private const val SUBPATH_ADDRESSBOOK_HOMESET_NON_PERSONAL = "/addressbooks-homeset-non-personal"
+
+    }
+
+    class TestDispatcher(
+        private val logger: Logger
+    ) : Dispatcher() {
+
+        override fun dispatch(request: RecordedRequest): MockResponse {
+            val path = request.path!!.trimEnd('/')
+            logger.info("Query: ${request.method} on $path ")
+
+            if (request.method.equals("PROPFIND", true)) {
+                val properties = when (path) {
+                    PATH_CARDDAV + SUBPATH_PRINCIPAL ->
+                        "<resourcetype><principal/></resourcetype>" +
+                                "<displayname>Mr. Wobbles</displayname>" +
+                                "<CARD:addressbook-home-set>" +
+                                "   <href>${PATH_CARDDAV}${SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL}</href>" +
+                                "</CARD:addressbook-home-set>" +
+                                "<group-membership>" +
+                                "   <href>${PATH_CARDDAV}${SUBPATH_GROUPPRINCIPAL_0}</href>" +
+                                "</group-membership>"
+
+                    PATH_CARDDAV + SUBPATH_GROUPPRINCIPAL_0 ->
+                        "<resourcetype><principal/></resourcetype>" +
+                                "<displayname>All address books</displayname>" +
+                                "<CARD:addressbook-home-set>" +
+                                "   <href>${PATH_CARDDAV}${SUBPATH_ADDRESSBOOK_HOMESET_PERSONAL}</href>" +
+                                "   <href>${PATH_CARDDAV}${SUBPATH_ADDRESSBOOK_HOMESET_NON_PERSONAL}</href>" +
+                                "</CARD:addressbook-home-set>"
+
+                    else -> ""
+                }
+                return MockResponse()
+                    .setResponseCode(207)
+                    .setBody(
+                        "<multistatus xmlns='DAV:' xmlns:CARD='urn:ietf:params:xml:ns:carddav' xmlns:CAL='urn:ietf:params:xml:ns:caldav'>" +
+                                "<response>" +
+                                "   <href>$path</href>" +
+                                "   <propstat><prop>" +
+                                properties +
+                                "   </prop></propstat>" +
+                                "</response>" +
+                                "</multistatus>"
+                    )
+            }
+
+            return MockResponse().setResponseCode(404)
+        }
+
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/settings/migration/AccountSettingsMigration20Test.kt

@@ -127,16 +127,16 @@ class AccountSettingsMigration20Test {
                     Calendars.NAME to url,
                     Calendars.SYNC_EVENTS to 1
                 )
-            )!!
+            )!!.asSyncAdapter(account)
             try {
-                migration.migrateCalendars(account, calDavServiceId = 1)
+                migration.migrateCalendars(account, 1)
 
-                provider.query(uri.asSyncAdapter(account), arrayOf(Calendars._SYNC_ID), null, null, null)!!.use { cursor ->
+                provider.query(uri, arrayOf(Calendars._SYNC_ID), null, null, null)!!.use { cursor ->
                     cursor.moveToNext()
                     assertEquals(collectionId, cursor.getLongOrNull(0))
                 }
             } finally {
-                provider.delete(uri.asSyncAdapter(account), null, null)
+                provider.delete(uri, null, null)
             }
         }
     }

app/src/androidTest/kotlin/at/bitfire/davdroid/settings/migration/AccountSettingsMigration21Test.kt

@@ -0,0 +1,149 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.settings.migration
+
+import android.accounts.Account
+import android.content.ContentResolver
+import android.content.Context
+import android.content.SyncRequest
+import android.os.Bundle
+import android.provider.CalendarContract
+import androidx.test.filters.SdkSuppress
+import at.bitfire.davdroid.sync.account.TestAccount
+import dagger.hilt.android.qualifiers.ApplicationContext
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.first
+import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.withTimeout
+import org.junit.After
+import org.junit.AfterClass
+import org.junit.Assert.assertFalse
+import org.junit.Assume
+import org.junit.Before
+import org.junit.BeforeClass
+import org.junit.Rule
+import org.junit.Test
+import java.util.logging.Logger
+import javax.inject.Inject
+
+@HiltAndroidTest
+class AccountSettingsMigration21Test {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @Inject
+    lateinit var migration: AccountSettingsMigration21
+
+    @Inject
+    @ApplicationContext
+    lateinit var context: Context
+
+    @Inject
+    lateinit var logger: Logger
+
+    lateinit var account: Account
+    val authority = CalendarContract.AUTHORITY
+
+    private val inPendingState = MutableStateFlow(false)
+    private var statusChangeListener: Any? = null
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+
+        account = TestAccount.create()
+
+        // Enable sync globally and for the test account
+        ContentResolver.setIsSyncable(account, authority, 1)
+
+        // Start hot flow
+        registerSyncStateObserver()
+    }
+
+    @After
+    fun tearDown() {
+        unregisterSyncStateObserver()
+        TestAccount.remove(account)
+    }
+
+
+    @SdkSuppress(minSdkVersion = 34)
+    @Test
+    fun testCancelsSyncAndClearsPendingState() = runBlocking {
+        // Move into forever pending state
+        ContentResolver.requestSync(syncRequest())
+
+        // Wait until we are in forever pending state (with timeout)
+        withTimeout(10_000) {
+            inPendingState.first { it }
+        }
+
+        // Assume that we are now in the forever pending state (Skips test otherwise)
+        Assume.assumeTrue(ContentResolver.isSyncPending(account, authority))
+
+        // Run the migration which should cancel the forever pending sync for all accounts
+        migration.migrate(account)
+
+        // Wait for the state to change (with timeout)
+        withTimeout(10_000) {
+            inPendingState.first { !it }
+        }
+
+        // Check the sync is now not pending anymore
+        assertFalse(ContentResolver.isSyncPending(account, authority))
+    }
+
+
+    // helpers
+
+    private fun syncRequest() = SyncRequest.Builder()
+        .setSyncAdapter(account, authority)
+        .syncOnce()
+        .setExtras(Bundle())    // needed for Android 9
+        .setExpedited(true)     // sync request will be scheduled at the front of the sync request queue
+        .setManual(true)        // equivalent of setting both SYNC_EXTRAS_IGNORE_SETTINGS and SYNC_EXTRAS_IGNORE_BACKOFF
+        .build()
+
+    private fun registerSyncStateObserver() {
+        // listener pushes updates immediately when sync status changes
+        statusChangeListener = ContentResolver.addStatusChangeListener(
+            ContentResolver.SYNC_OBSERVER_TYPE_PENDING or ContentResolver.SYNC_OBSERVER_TYPE_ACTIVE
+        ) {
+            inPendingState.tryEmit(ContentResolver.isSyncPending(account, authority))
+        }
+
+        // Emit initial state
+        inPendingState.tryEmit(ContentResolver.isSyncPending(account, authority))
+    }
+
+    private fun unregisterSyncStateObserver() {
+        statusChangeListener?.let { ContentResolver.removeStatusChangeListener(it) }
+    }
+
+    companion object {
+
+        var globalAutoSyncBeforeTest = false
+
+        @BeforeClass
+        @JvmStatic
+        fun before() {
+            globalAutoSyncBeforeTest = ContentResolver.getMasterSyncAutomatically()
+
+            // We'll request syncs explicitly and with SYNC_EXTRAS_IGNORE_SETTINGS
+            ContentResolver.setMasterSyncAutomatically(false)
+        }
+
+        @AfterClass
+        @JvmStatic
+        fun after() {
+            ContentResolver.setMasterSyncAutomatically(globalAutoSyncBeforeTest)
+        }
+
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/AndroidSyncFrameworkTest.kt

@@ -0,0 +1,238 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.sync
+
+import android.accounts.Account
+import android.content.ContentResolver
+import android.content.SyncRequest
+import android.content.SyncStatusObserver
+import android.os.Bundle
+import android.provider.CalendarContract
+import androidx.test.filters.SdkSuppress
+import at.bitfire.davdroid.sync.account.TestAccount
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.withTimeout
+import org.junit.After
+import org.junit.AfterClass
+import org.junit.Assert.assertTrue
+import org.junit.Before
+import org.junit.BeforeClass
+import org.junit.Rule
+import org.junit.Test
+import java.util.Collections
+import java.util.LinkedList
+import java.util.logging.Logger
+import javax.inject.Inject
+import kotlin.time.Duration.Companion.seconds
+
+@HiltAndroidTest
+class AndroidSyncFrameworkTest: SyncStatusObserver {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @Inject
+    lateinit var logger: Logger
+
+    lateinit var account: Account
+    val authority = CalendarContract.AUTHORITY
+
+    private lateinit var stateChangeListener: Any
+    private val recordedStates = Collections.synchronizedList(LinkedList<State>())
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+
+        account = TestAccount.create()
+
+        // Enable sync globally and for the test account
+        ContentResolver.setIsSyncable(account, authority, 1)
+
+        // Remember states the sync framework reports as pairs of (sync pending, sync active).
+        recordedStates.clear()
+        onStatusChanged(0)      // record first entry (pending = false, active = false)
+        stateChangeListener = ContentResolver.addStatusChangeListener(
+            ContentResolver.SYNC_OBSERVER_TYPE_PENDING or ContentResolver.SYNC_OBSERVER_TYPE_ACTIVE,
+            this
+        )
+    }
+
+    @After
+    fun tearDown() {
+        ContentResolver.removeStatusChangeListener(stateChangeListener)
+        TestAccount.remove(account)
+    }
+
+
+    /**
+     * Correct behaviour of the sync framework on Android 13 and below.
+     * Pending state is correctly reflected
+     */
+    @SdkSuppress(maxSdkVersion = 33)
+    @Test
+    fun testVerifySyncAlwaysPending_correctBehaviour_android13() {
+        verifySyncStates(
+            listOf(
+                State(pending = false, active = false),                 // no sync pending or active
+                State(pending = true, active = false, optional = true), // sync becomes pending
+                State(pending = true, active = true),                   // ... and pending and active at the same time
+                State(pending = false, active = true),                  // ... and then only active
+                State(pending = false, active = false)                  // sync finished
+            )
+        )
+    }
+
+    /* SHOULD BE FIXED WITH https://github.com/bitfireAT/davx5-ose/issues/1748
+     * Wrong behaviour of the sync framework on Android 14+.
+     * Pending state stays true forever (after initial run), active state behaves correctly
+     */
+    /*@SdkSuppress(minSdkVersion = 34 /*, maxSdkVersion = 36 */)
+    @Test
+    fun testVerifySyncAlwaysPending_wrongBehaviour_android14() {
+        verifySyncStates(
+            listOf(
+                State(pending = false, active = false),                 // no sync pending or active
+                State(pending = true, active = false, optional = true), // sync becomes pending
+                State(pending = true, active = true),                   // ... and pending and active at the same time
+                State(pending = true, active = false)                   // ... and finishes, but stays pending
+            )
+        )
+    }*/
+
+
+    // helpers
+
+    private fun syncRequest() = SyncRequest.Builder()
+        .setSyncAdapter(account, authority)
+        .syncOnce()
+        .setExtras(Bundle())    // needed for Android 9
+        .setExpedited(true)     // sync request will be scheduled at the front of the sync request queue
+        .setManual(true)        // equivalent of setting both SYNC_EXTRAS_IGNORE_SETTINGS and SYNC_EXTRAS_IGNORE_BACKOFF
+        .build()
+
+    /**
+     * Verifies that the given expected states match the recorded states.
+     */
+    private fun verifySyncStates(expectedStates: List<State>) = runBlocking {
+        // Verify that last state is non-optional.
+        if (expectedStates.last().optional)
+            throw IllegalArgumentException("Last expected state must not be optional")
+
+        // We use runBlocking for these tests because it uses the default dispatcher
+        // which does not auto-advance virtual time and we need real system time to
+        // test the sync framework behavior.
+
+        ContentResolver.requestSync(syncRequest())
+
+        // Even though the always-pending-bug is present on Android 14+, the sync active
+        // state behaves correctly, so we can record the state changes as pairs (pending,
+        // active) and expect a certain sequence of state pairs to verify the presence or
+        // absence of the bug on different Android versions.
+        withTimeout(60.seconds) { // Usually takes less than 30 seconds
+            while (recordedStates.size < expectedStates.size) {
+                // verify already known states
+                if (recordedStates.isNotEmpty())
+                    assertStatesEqual(expectedStates, recordedStates, fullMatch = false)
+
+                delay(500) // avoid busy-waiting
+            }
+
+            assertStatesEqual(expectedStates, recordedStates, fullMatch = true)
+        }
+    }
+
+    private fun assertStatesEqual(expectedStates: List<State>, actualStates: List<State>, fullMatch: Boolean) {
+        assertTrue("Expected states=$expectedStates, actual=$actualStates", statesMatch(expectedStates, actualStates, fullMatch))
+    }
+
+    /**
+     * Checks whether [actualStates] have matching [expectedStates], under the condition
+     * that expected states with the [State.optional] flag can be skipped.
+     *
+     * Note: When [fullMatch] is not set, this method can return _true_ even if not all expected states are used.
+     *
+     * @param expectedStates    expected states (can include optional states which don't have to be present in actual states)
+     * @param actualStates      actual states
+     * @param fullMatch         whether all non-optional expected states must be present in actual states
+     */
+    private fun statesMatch(expectedStates: List<State>, actualStates: List<State>, fullMatch: Boolean): Boolean {
+        // iterate through entries
+        val expectedIterator = expectedStates.iterator()
+        for (actual in actualStates) {
+            if (!expectedIterator.hasNext())
+                return false
+            var expected = expectedIterator.next()
+
+            // skip optional expected entries if they don't match the actual entry
+            while (!actual.stateEquals(expected) && expected.optional) {
+                if (!expectedIterator.hasNext())
+                    return false
+                expected = expectedIterator.next()
+            }
+
+            // we now have a non-optional expected state and it must match
+            if (!actual.stateEquals(expected))
+                return false
+        }
+
+        // full match: all expected states must have been used
+        if (fullMatch && expectedIterator.hasNext())
+            return false
+
+        return true
+    }
+
+
+    // SyncStatusObserver implementation and data class
+
+    override fun onStatusChanged(which: Int) {
+        val state = State(
+            pending = ContentResolver.isSyncPending(account, authority),
+            active = ContentResolver.isSyncActive(account, authority)
+        )
+        synchronized(recordedStates) {
+            if (recordedStates.lastOrNull() != state) {
+                logger.info("$account syncState = $state")
+                recordedStates += state
+            }
+        }
+    }
+
+    data class State(
+        val pending: Boolean,
+        val active: Boolean,
+        val optional: Boolean = false
+    ) {
+        fun stateEquals(other: State) =
+            pending == other.pending && active == other.active
+    }
+
+
+    companion object {
+
+        var globalAutoSyncBeforeTest = false
+
+        @BeforeClass
+        @JvmStatic
+        fun before() {
+            globalAutoSyncBeforeTest = ContentResolver.getMasterSyncAutomatically()
+
+            // We'll request syncs explicitly and with SYNC_EXTRAS_IGNORE_SETTINGS
+            ContentResolver.setMasterSyncAutomatically(false)
+        }
+
+        @AfterClass
+        @JvmStatic
+        fun after() {
+            ContentResolver.setMasterSyncAutomatically(globalAutoSyncBeforeTest)
+        }
+
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/CalendarSyncManagerTest.kt

@@ -0,0 +1,151 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.sync
+
+import android.Manifest
+import android.accounts.Account
+import android.content.ContentProviderClient
+import android.content.Context
+import android.content.Entity
+import android.provider.CalendarContract
+import android.provider.CalendarContract.Calendars
+import android.provider.CalendarContract.Events
+import androidx.core.content.contentValuesOf
+import androidx.test.rule.GrantPermissionRule
+import at.bitfire.davdroid.resource.LocalCalendar
+import at.bitfire.davdroid.resource.LocalEvent
+import at.bitfire.davdroid.sync.account.TestAccount
+import at.bitfire.ical4android.util.MiscUtils.closeCompat
+import at.bitfire.synctools.storage.calendar.AndroidCalendar
+import at.bitfire.synctools.storage.calendar.AndroidCalendarProvider
+import at.bitfire.synctools.storage.calendar.EventAndExceptions
+import dagger.hilt.android.qualifiers.ApplicationContext
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import io.mockk.mockk
+import okio.Buffer
+import org.junit.After
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertTrue
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import javax.inject.Inject
+
+@HiltAndroidTest
+class CalendarSyncManagerTest {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @get:Rule
+    val permissionsRule = GrantPermissionRule.grant(
+        Manifest.permission.READ_CALENDAR, Manifest.permission.WRITE_CALENDAR
+    )
+
+    @Inject @ApplicationContext
+    lateinit var context: Context
+
+    @Inject
+    lateinit var localCalendarFactory: LocalCalendar.Factory
+
+    @Inject
+    lateinit var syncManagerFactory: CalendarSyncManager.Factory
+
+    lateinit var account: Account
+    lateinit var providerClient: ContentProviderClient
+    lateinit var androidCalendar: AndroidCalendar
+    lateinit var localCalendar: LocalCalendar
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+
+        account = TestAccount.create()
+        providerClient = context.contentResolver.acquireContentProviderClient(CalendarContract.AUTHORITY)!!
+
+        // create LocalCalendar
+        val androidCalendarProvider = AndroidCalendarProvider(account, providerClient)
+        androidCalendar = androidCalendarProvider.createAndGetCalendar(contentValuesOf(
+            Calendars.NAME to "Sample Calendar"
+        ))
+        localCalendar = localCalendarFactory.create(androidCalendar)
+    }
+
+    @After
+    fun tearDown() {
+        localCalendar.androidCalendar.delete()
+        providerClient.closeCompat()
+        TestAccount.remove(account)
+    }
+
+
+    @Test
+    fun test_generateUpload_existingUid() {
+        val result = syncManager().generateUpload(LocalEvent(
+            localCalendar.recurringCalendar,
+            EventAndExceptions(
+                main = Entity(contentValuesOf(
+                    Events._ID to 1,
+                    Events.CALENDAR_ID to androidCalendar.id,
+                    Events.DTSTART to System.currentTimeMillis(),
+                    Events.UID_2445 to "existing-uid"
+                )),
+                exceptions = emptyList()
+            )
+        ))
+
+        assertEquals("existing-uid.ics", result.suggestedFileName)
+
+        val iCal = Buffer().also {
+            result.requestBody.writeTo(it)
+        }.readString(Charsets.UTF_8)
+        assertTrue(iCal.contains("UID:existing-uid\r\n"))
+    }
+
+    @Test
+    fun generateUpload_noUid() {
+        val result = syncManager().generateUpload(LocalEvent(
+            localCalendar.recurringCalendar,
+            EventAndExceptions(
+                main = Entity(contentValuesOf(
+                    Events._ID to 2,
+                    Events.CALENDAR_ID to androidCalendar.id,
+                    Events.DTSTART to System.currentTimeMillis()
+                )),
+                exceptions = emptyList()
+            )
+        ))
+
+        assertTrue(result.suggestedFileName.matches(UUID_FILENAME_REGEX))
+        val uuid = result.suggestedFileName.removeSuffix(".ics")
+
+        val iCal = Buffer().also {
+            result.requestBody.writeTo(it)
+        }.readString(Charsets.UTF_8)
+        assertTrue(iCal.contains("UID:$uuid\r\n"))
+
+    }
+
+
+    // helpers
+
+    private fun syncManager() = syncManagerFactory.calendarSyncManager(
+        account = account,
+        httpClient = mockk(),
+        syncResult = mockk(),
+        localCalendar = mockk(),
+        collection = mockk(),
+        resync = mockk()
+    )
+
+
+    companion object {
+
+        val UUID_FILENAME_REGEX = "^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}\\.ics$".toRegex()
+
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/FakeSyncAdapter.kt

@@ -0,0 +1,51 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.sync
+
+import android.accounts.Account
+import android.content.AbstractThreadedSyncAdapter
+import android.content.ContentProviderClient
+import android.content.Context
+import android.content.SyncResult
+import android.os.Bundle
+import android.os.IBinder
+import at.bitfire.davdroid.sync.adapter.SyncAdapter
+import dagger.hilt.android.qualifiers.ApplicationContext
+import java.util.logging.Level
+import java.util.logging.Logger
+import javax.inject.Inject
+
+class FakeSyncAdapter @Inject constructor(
+    @ApplicationContext context: Context,
+    private val logger: Logger
+): AbstractThreadedSyncAdapter(context, true), SyncAdapter {
+
+    init {
+        logger.info("FakeSyncAdapter created")
+    }
+
+    override fun onPerformSync(account: Account, extras: Bundle, authority: String, provider: ContentProviderClient, syncResult: SyncResult) {
+        logger.log(
+            Level.INFO,
+            "onPerformSync(account=$account, extras=$extras, authority=$authority, syncResult=$syncResult)",
+            extras.keySet().map { key -> "extras[$key] = ${extras[key]}" }
+        )
+
+        // fake 5 sec sync
+        try {
+            Thread.sleep(5000)
+        } catch (_: InterruptedException) {
+            logger.info("onPerformSync($account) cancelled")
+        }
+
+        logger.info("onPerformSync($account) finished")
+    }
+
+
+    // SyncAdapter implementation and Hilt module
+
+    override fun getBinder(): IBinder = syncAdapterBinder
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/JtxSyncManagerTest.kt

@@ -4,13 +4,12 @@
 
 package at.bitfire.davdroid.sync
 
+import android.accounts.Account
 import android.content.ContentProviderClient
 import android.content.Context
-import androidx.test.rule.GrantPermissionRule
-import at.bitfire.davdroid.CatchExceptionsRule
 import at.bitfire.davdroid.db.Collection
 import at.bitfire.davdroid.db.Service
-import at.bitfire.davdroid.network.HttpClient
+import at.bitfire.davdroid.network.HttpClientBuilder
 import at.bitfire.davdroid.repository.DavServiceRepository
 import at.bitfire.davdroid.resource.LocalJtxCollection
 import at.bitfire.davdroid.resource.LocalJtxCollectionStore
@@ -18,6 +17,7 @@ import at.bitfire.davdroid.sync.account.TestAccount
 import at.bitfire.davdroid.util.PermissionUtils
 import at.bitfire.ical4android.TaskProvider
 import at.bitfire.ical4android.util.MiscUtils.closeCompat
+import at.bitfire.synctools.test.GrantPermissionOrSkipRule
 import at.techbee.jtx.JtxContract
 import dagger.hilt.android.qualifiers.ApplicationContext
 import dagger.hilt.android.testing.HiltAndroidRule
@@ -25,6 +25,7 @@ import dagger.hilt.android.testing.HiltAndroidTest
 import okhttp3.HttpUrl.Companion.toHttpUrl
 import org.junit.After
 import org.junit.Assert.assertEquals
+import org.junit.Assume.assumeNotNull
 import org.junit.Assume.assumeTrue
 import org.junit.Before
 import org.junit.Rule
@@ -45,7 +46,7 @@ class JtxSyncManagerTest {
     lateinit var context: Context
 
     @Inject
-    lateinit var httpClientBuilder: HttpClient.Builder
+    lateinit var httpClientBuilder: HttpClientBuilder
 
     @Inject
     lateinit var serviceRepository: DavServiceRepository
@@ -60,12 +61,9 @@ class JtxSyncManagerTest {
     val hiltRule = HiltAndroidRule(this)
 
     @get:Rule
-    val permissionRule = CatchExceptionsRule(
-        GrantPermissionRule.grant(*TaskProvider.PERMISSIONS_JTX),
-        SecurityException::class
-    )
+    val permissionRule = GrantPermissionOrSkipRule(TaskProvider.PERMISSIONS_JTX.toSet())
 
-    private val account = TestAccount.create()
+    lateinit var account: Account
 
     private lateinit var provider: ContentProviderClient
     private lateinit var syncManager: JtxSyncManager
@@ -79,7 +77,11 @@ class JtxSyncManagerTest {
         assumeTrue(PermissionUtils.havePermissions(context, TaskProvider.PERMISSIONS_JTX))
 
         // Acquire the jtx content provider
-        provider = context.contentResolver.acquireContentProviderClient(JtxContract.AUTHORITY)!!
+        val providerOrNull = context.contentResolver.acquireContentProviderClient(JtxContract.AUTHORITY)
+        assumeNotNull(providerOrNull)
+        provider = providerOrNull!!
+
+        account = TestAccount.create()
 
         // Create dummy dependencies
         val service = Service(0, account.name, Service.TYPE_CALDAV, null)
@@ -106,9 +108,12 @@ class JtxSyncManagerTest {
         if (this::localJtxCollection.isInitialized)
             localJtxCollectionStore.delete(localJtxCollection)
         serviceRepository.deleteAllBlocking()
+
         if (this::provider.isInitialized)
             provider.closeCompat()
-        TestAccount.remove(account)
+
+        if (this::account.isInitialized)
+            TestAccount.remove(account)
     }
 
 

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/LocalTestCollection.kt

@@ -4,8 +4,8 @@
 
 package at.bitfire.davdroid.sync
 
-import at.bitfire.davdroid.db.SyncState
 import at.bitfire.davdroid.resource.LocalCollection
+import at.bitfire.davdroid.resource.SyncState
 
 class LocalTestCollection(
     override val dbCollectionId: Long = 0L

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/LocalTestResource.kt

@@ -4,9 +4,11 @@
 
 package at.bitfire.davdroid.sync
 
+import android.content.Context
 import at.bitfire.davdroid.resource.LocalResource
+import java.util.Optional
 
-class LocalTestResource: LocalResource<Any> {
+class LocalTestResource: LocalResource {
 
     override val id: Long? = null
     override var fileName: String? = null
@@ -17,12 +19,10 @@ class LocalTestResource: LocalResource<Any> {
     var deleted = false
     var dirty = false
 
-    override fun prepareForUpload() = "generated-file.txt"
-
-    override fun clearDirty(fileName: String?, eTag: String?, scheduleTag: String?) {
+    override fun clearDirty(fileName: Optional<String>, eTag: String?, scheduleTag: String?) {
         dirty = false
-        if (fileName != null)
-            this.fileName = fileName
+        if (fileName.isPresent)
+            this.fileName = fileName.get()
         this.eTag = eTag
         this.scheduleTag = scheduleTag
     }
@@ -31,9 +31,14 @@ class LocalTestResource: LocalResource<Any> {
         this.flags = flags
     }
 
-    override fun add() = throw NotImplementedError()
-    override fun update(data: Any) = throw NotImplementedError()
-    override fun delete() = throw NotImplementedError()
+    override fun updateUid(uid: String) { /* no-op */ }
+    override fun updateSequence(sequence: Int) = throw NotImplementedError()
+
+    override fun deleteLocal() = throw NotImplementedError()
     override fun resetDeleted() = throw NotImplementedError()
 
+    override fun getDebugSummary() = "Test Resource"
+
+    override fun getViewUri(context: Context) = null
+
 }

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/ResourceRetrieverTest.kt

@@ -0,0 +1,135 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.sync
+
+import android.accounts.Account
+import at.bitfire.davdroid.settings.AccountSettings
+import at.bitfire.davdroid.settings.Credentials
+import at.bitfire.davdroid.sync.account.TestAccount
+import at.bitfire.davdroid.util.SensitiveString.Companion.toSensitiveString
+import dagger.hilt.android.testing.HiltAndroidRule
+import dagger.hilt.android.testing.HiltAndroidTest
+import io.ktor.http.HttpHeaders
+import kotlinx.coroutines.test.runTest
+import okhttp3.mockwebserver.MockResponse
+import okhttp3.mockwebserver.MockWebServer
+import org.junit.After
+import org.junit.Assert.assertArrayEquals
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNull
+import org.junit.Before
+import org.junit.Rule
+import org.junit.Test
+import java.net.InetAddress
+import javax.inject.Inject
+
+@HiltAndroidTest
+class ResourceRetrieverTest {
+
+    @get:Rule
+    val hiltRule = HiltAndroidRule(this)
+
+    @Inject
+    lateinit var accountSettingsFactory: AccountSettings.Factory
+
+    @Inject
+    lateinit var resourceRetrieverFactory: ResourceRetriever.Factory
+
+    lateinit var account: Account
+    lateinit var server: MockWebServer
+
+    @Before
+    fun setUp() {
+        hiltRule.inject()
+        server = MockWebServer().apply {
+            start()
+        }
+
+        account = TestAccount.create()
+
+        // add credentials to test account so that we can check whether they have been sent
+        val settings = accountSettingsFactory.create(account)
+        settings.credentials(Credentials("test", "test".toSensitiveString()))
+    }
+
+    @After
+    fun tearDown() {
+        TestAccount.remove(account)
+        server.close()
+    }
+
+
+    @Test
+    fun testRetrieve_DataUri() = runTest {
+        val downloader = resourceRetrieverFactory.create(account, "example.com")
+        val result = downloader.retrieve("data:image/png;base64,dGVzdA==")
+        assertArrayEquals("test".toByteArray(), result)
+    }
+
+    @Test
+    fun testRetrieve_DataUri_Invalid() = runTest {
+        val downloader = resourceRetrieverFactory.create(account, "example.com")
+        val result = downloader.retrieve("data:;INVALID,INVALID")
+        assertNull(result)
+    }
+
+    @Test
+    fun testRetrieve_ExternalDomain() = runTest {
+        val baseUrl = server.url("/")
+        val localhostIp = InetAddress.getByName(baseUrl.host).hostAddress!!
+
+        // URL should be http://localhost, replace with http://127.0.0.1 to have other domain
+        val baseUrlIp = baseUrl.newBuilder()
+            .host(localhostIp)
+            .build()
+
+        server.enqueue(MockResponse()
+            .setResponseCode(200)
+            .setBody("TEST"))
+
+        val downloader = resourceRetrieverFactory.create(account, baseUrl.host)
+        val result = downloader.retrieve(baseUrlIp.toString())
+
+        // authentication was NOT sent because request is not for original domain
+        val sentAuth = server.takeRequest().getHeader(HttpHeaders.Authorization)
+        assertNull(sentAuth)
+
+        // and result is OK
+        assertArrayEquals("TEST".toByteArray(), result)
+    }
+
+    @Test
+    fun testRetrieve_FtpUrl() = runTest {
+        val downloader = resourceRetrieverFactory.create(account, "example.com")
+        val result = downloader.retrieve("ftp://example.com/photo.jpg")
+        assertNull(result)
+    }
+
+    @Test
+    fun testRetrieve_RelativeHttpsUrl() = runTest {
+        val downloader = resourceRetrieverFactory.create(account, "example.com")
+        val result = downloader.retrieve("https:photo.jpg")
+        assertNull(result)
+    }
+
+    @Test
+    fun testRetrieve_SameDomain() = runTest {
+        server.enqueue(MockResponse()
+            .setResponseCode(200)
+            .setBody("TEST"))
+
+        val baseUrl = server.url("/")
+        val downloader = resourceRetrieverFactory.create(account, baseUrl.host)
+        val result = downloader.retrieve(baseUrl.toString())
+
+        // authentication was sent
+        val sentAuth = server.takeRequest().getHeader(HttpHeaders.Authorization)
+        assertEquals("Basic dGVzdDp0ZXN0", sentAuth)
+
+        // and result is OK
+        assertArrayEquals("TEST".toByteArray(), result)
+    }
+
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/SyncAdapterImplTest.kt

@@ -5,6 +5,7 @@
 package at.bitfire.davdroid.sync
 
 import android.accounts.Account
+import android.content.ContentResolver
 import android.content.Context
 import android.content.SyncResult
 import android.os.Bundle
@@ -13,17 +14,17 @@ import androidx.hilt.work.HiltWorkerFactory
 import androidx.work.WorkInfo
 import androidx.work.WorkManager
 import at.bitfire.davdroid.TestUtils
-import at.bitfire.davdroid.repository.DavCollectionRepository
-import at.bitfire.davdroid.repository.DavServiceRepository
-import at.bitfire.davdroid.settings.AccountSettings
 import at.bitfire.davdroid.sync.account.TestAccount
+import at.bitfire.davdroid.sync.adapter.SyncAdapterImpl
 import at.bitfire.davdroid.sync.worker.SyncWorkerManager
 import dagger.hilt.android.qualifiers.ApplicationContext
+import dagger.hilt.android.testing.BindValue
 import dagger.hilt.android.testing.HiltAndroidRule
 import dagger.hilt.android.testing.HiltAndroidTest
 import io.mockk.Awaits
 import io.mockk.coEvery
 import io.mockk.every
+import io.mockk.impl.annotations.MockK
 import io.mockk.junit4.MockKRule
 import io.mockk.just
 import io.mockk.mockk
@@ -39,36 +40,12 @@ import org.junit.After
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
-import org.junit.rules.Timeout
-import java.util.logging.Logger
 import javax.inject.Inject
+import javax.inject.Provider
 import kotlin.coroutines.cancellation.CancellationException
 
 @HiltAndroidTest
-class SyncAdapterServicesTest {
-
-    lateinit var account: Account
-
-    @Inject
-    lateinit var accountSettingsFactory: AccountSettings.Factory
-
-    @Inject
-    lateinit var collectionRepository: DavCollectionRepository
-
-    @Inject @ApplicationContext
-    lateinit var context: Context
-
-    @Inject
-    lateinit var logger: Logger
-
-    @Inject
-    lateinit var serviceRepository: DavServiceRepository
-
-    @Inject
-    lateinit var syncConditionsFactory: SyncConditions.Factory
-
-    @Inject
-    lateinit var workerFactory: HiltWorkerFactory
+class SyncAdapterImplTest {
 
     @get:Rule
     val hiltRule = HiltAndroidRule(this)
@@ -76,10 +53,21 @@ class SyncAdapterServicesTest {
     @get:Rule
     val mockkRule = MockKRule(this)
 
-    // test methods should run quickly and not wait 60 seconds for a sync timeout or something like that
-    @get:Rule
-    val timeoutRule: Timeout = Timeout.seconds(5)
+    @Inject @ApplicationContext
+    lateinit var context: Context
 
+    @Inject
+    lateinit var syncAdapterImplProvider: Provider<SyncAdapterImpl>
+
+    @BindValue @MockK
+    lateinit var syncWorkerManager: SyncWorkerManager
+
+    @Inject
+    lateinit var workerFactory: HiltWorkerFactory
+
+    lateinit var account: Account
+
+    private var masterSyncStateBeforeTest = ContentResolver.getMasterSyncAutomatically()
 
     @Before
     fun setUp() {
@@ -87,33 +75,23 @@ class SyncAdapterServicesTest {
         TestUtils.setUpWorkManager(context, workerFactory)
 
         account = TestAccount.create()
+
+        ContentResolver.setMasterSyncAutomatically(true)
+        ContentResolver.setSyncAutomatically(account, CalendarContract.AUTHORITY, true)
+        ContentResolver.setIsSyncable(account, CalendarContract.AUTHORITY, 1)
     }
 
     @After
     fun tearDown() {
+        ContentResolver.setMasterSyncAutomatically(masterSyncStateBeforeTest)
         TestAccount.remove(account)
     }
 
 
-    private fun syncAdapter(
-        syncWorkerManager: SyncWorkerManager
-    ): SyncAdapterService.SyncAdapter =
-        SyncAdapterService.SyncAdapter(
-            accountSettingsFactory = accountSettingsFactory,
-            collectionRepository = collectionRepository,
-            serviceRepository = serviceRepository,
-            context = context,
-            logger = logger,
-            syncConditionsFactory = syncConditionsFactory,
-            syncWorkerManager = syncWorkerManager
-        )
-
-
     @Test
     fun testSyncAdapter_onPerformSync_cancellation() = runTest {
-        val syncWorkerManager = mockk<SyncWorkerManager>()
-        val syncAdapter = syncAdapter(syncWorkerManager = syncWorkerManager)
         val workManager = WorkManager.getInstance(context)
+        val syncAdapter = syncAdapterImplProvider.get()
 
         mockkObject(workManager) {
             // don't actually create a worker
@@ -136,9 +114,8 @@ class SyncAdapterServicesTest {
 
     @Test
     fun testSyncAdapter_onPerformSync_returnsAfterTimeout() {
-        val syncWorkerManager = mockk<SyncWorkerManager>()
-        val syncAdapter = syncAdapter(syncWorkerManager = syncWorkerManager)
         val workManager = WorkManager.getInstance(context)
+        val syncAdapter = syncAdapterImplProvider.get()
 
         mockkObject(workManager) {
             // don't actually create a worker
@@ -158,9 +135,8 @@ class SyncAdapterServicesTest {
 
     @Test
     fun testSyncAdapter_onPerformSync_runsInTime() {
-        val syncWorkerManager = mockk<SyncWorkerManager>()
-        val syncAdapter = syncAdapter(syncWorkerManager = syncWorkerManager)
         val workManager = WorkManager.getInstance(context)
+        val syncAdapter = syncAdapterImplProvider.get()
 
         mockkObject(workManager) {
             // don't actually create a worker
@@ -179,4 +155,4 @@ class SyncAdapterServicesTest {
         }
     }
 
-}
+}

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/SyncManagerTest.kt

@@ -8,16 +8,16 @@ import android.accounts.Account
 import android.content.Context
 import androidx.core.app.NotificationManagerCompat
 import androidx.hilt.work.HiltWorkerFactory
-import at.bitfire.dav4jvm.PropStat
-import at.bitfire.dav4jvm.Response
-import at.bitfire.dav4jvm.Response.HrefRelation
+import at.bitfire.dav4jvm.okhttp.PropStat
+import at.bitfire.dav4jvm.okhttp.Response
+import at.bitfire.dav4jvm.okhttp.Response.HrefRelation
 import at.bitfire.dav4jvm.property.webdav.GetETag
 import at.bitfire.davdroid.TestUtils
 import at.bitfire.davdroid.TestUtils.assertWithin
 import at.bitfire.davdroid.db.Collection
-import at.bitfire.davdroid.db.SyncState
-import at.bitfire.davdroid.network.HttpClient
+import at.bitfire.davdroid.network.HttpClientBuilder
 import at.bitfire.davdroid.repository.DavSyncStatsRepository
+import at.bitfire.davdroid.resource.SyncState
 import at.bitfire.davdroid.settings.AccountSettings
 import at.bitfire.davdroid.sync.account.TestAccount
 import dagger.hilt.android.qualifiers.ApplicationContext
@@ -59,7 +59,7 @@ class SyncManagerTest {
     lateinit var context: Context
 
     @Inject
-    lateinit var httpClientBuilder: HttpClient.Builder
+    lateinit var httpClientBuilder: HttpClientBuilder
 
     @Inject
     lateinit var syncManagerFactory: TestSyncManager.Factory

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/SyncerTest.kt

@@ -189,12 +189,12 @@ class SyncerTest {
         override val authority: String
             get() = throw NotImplementedError()
 
-        override fun acquireContentProvider(): ContentProviderClient? {
+        override fun acquireContentProvider(throwOnMissingPermissions: Boolean): ContentProviderClient? {
             throw NotImplementedError()
         }
 
         override fun create(
-            provider: ContentProviderClient,
+            client: ContentProviderClient,
             fromCollection: Collection
         ): LocalTestCollection? {
             throw NotImplementedError()
@@ -202,13 +202,13 @@ class SyncerTest {
 
         override fun getAll(
             account: Account,
-            provider: ContentProviderClient
+            client: ContentProviderClient
         ): List<LocalTestCollection> {
             throw NotImplementedError()
         }
 
         override fun update(
-            provider: ContentProviderClient,
+            client: ContentProviderClient,
             localCollection: LocalTestCollection,
             fromCollection: Collection
         ) {
@@ -219,7 +219,7 @@ class SyncerTest {
             throw NotImplementedError()
         }
 
-        override fun updateAccount(oldAccount: Account, newAccount: Account) {
+        override fun updateAccount(oldAccount: Account, newAccount: Account, client: ContentProviderClient?) {
             throw NotImplementedError()
         }
 

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/TestSyncManager.kt

@@ -5,28 +5,28 @@
 package at.bitfire.davdroid.sync
 
 import android.accounts.Account
-import at.bitfire.dav4jvm.DavCollection
-import at.bitfire.dav4jvm.MultiResponseCallback
-import at.bitfire.dav4jvm.Response
+import at.bitfire.dav4jvm.okhttp.DavCollection
+import at.bitfire.dav4jvm.okhttp.MultiResponseCallback
+import at.bitfire.dav4jvm.okhttp.Response
+import at.bitfire.dav4jvm.property.caldav.CalDAV
 import at.bitfire.dav4jvm.property.caldav.GetCTag
 import at.bitfire.davdroid.db.Collection
-import at.bitfire.davdroid.db.SyncState
 import at.bitfire.davdroid.di.SyncDispatcher
-import at.bitfire.davdroid.network.HttpClient
 import at.bitfire.davdroid.resource.LocalResource
+import at.bitfire.davdroid.resource.SyncState
 import at.bitfire.davdroid.util.DavUtils.lastSegment
 import dagger.assisted.Assisted
 import dagger.assisted.AssistedFactory
 import dagger.assisted.AssistedInject
 import kotlinx.coroutines.CoroutineDispatcher
 import okhttp3.HttpUrl
-import okhttp3.RequestBody
+import okhttp3.OkHttpClient
 import okhttp3.RequestBody.Companion.toRequestBody
 import org.junit.Assert.assertEquals
 
 class TestSyncManager @AssistedInject constructor(
     @Assisted account: Account,
-    @Assisted httpClient: HttpClient,
+    @Assisted httpClient: OkHttpClient,
     @Assisted syncResult: SyncResult,
     @Assisted localCollection: LocalTestCollection,
     @Assisted collection: Collection,
@@ -46,7 +46,7 @@ class TestSyncManager @AssistedInject constructor(
     interface Factory {
         fun create(
             account: Account,
-            httpClient: HttpClient,
+            httpClient: OkHttpClient,
             syncResult: SyncResult,
             localCollection: LocalTestCollection,
             collection: Collection
@@ -54,7 +54,7 @@ class TestSyncManager @AssistedInject constructor(
     }
 
     override fun prepare(): Boolean {
-        davCollection = DavCollection(httpClient.okHttpClient, collection.url)
+        davCollection = DavCollection(httpClient, collection.url)
         return true
     }
 
@@ -65,7 +65,7 @@ class TestSyncManager @AssistedInject constructor(
         didQueryCapabilities = true
 
         var cTag: SyncState? = null
-        davCollection.propfind(0, GetCTag.NAME) { response, rel ->
+        davCollection.propfind(0, CalDAV.GetCTag) { response, rel ->
             if (rel == Response.HrefRelation.SELF)
                 response[GetCTag::class.java]?.cTag?.let {
                     cTag = SyncState(SyncState.Type.CTAG, it)
@@ -76,9 +76,13 @@ class TestSyncManager @AssistedInject constructor(
     }
 
     var didGenerateUpload = false
-    override fun generateUpload(resource: LocalTestResource): RequestBody {
+    override fun generateUpload(resource: LocalTestResource): GeneratedResource {
         didGenerateUpload = true
-        return resource.toString().toRequestBody()
+        return GeneratedResource(
+            suggestedFileName = resource.fileName ?: "generated-file.txt",
+            requestBody = resource.toString().toRequestBody(),
+            onSuccessContext = GeneratedResource.OnSuccessContext()
+        )
     }
 
     override fun syncAlgorithm() = SyncAlgorithm.PROPFIND_REPORT

app/src/androidTest/kotlin/at/bitfire/davdroid/sync/account/TestAccount.kt

@@ -8,6 +8,8 @@ import android.accounts.AccountManager
 import androidx.test.platform.app.InstrumentationRegistry
 import at.bitfire.davdroid.R
 import at.bitfire.davdroid.settings.AccountSettings
+import at.bitfire.davdroid.sync.account.TestAccount.remove
+import org.junit.Assert.assertEquals
 import org.junit.Assert.assertTrue
 
 object TestAccount {
@@ -19,9 +21,9 @@ object TestAccount {
      *
      * Remove it with [remove].
      */
-    fun create(version: Int = AccountSettings.CURRENT_VERSION): Account {
+    fun create(version: Int = AccountSettings.CURRENT_VERSION, accountName: String = "Test Account"): Account {
         val accountType = targetContext.getString(R.string.account_type)
-        val account = Account("Test Account", accountType)
+        val account = Account(accountName, accountType)
 
         val initialData = AccountSettings.initialUserData(null)
         initialData.putString(AccountSettings.KEY_SETTINGS_VERSION, version.toString())
@@ -30,6 +32,16 @@ object TestAccount {
         return account
     }
 
+    /**
+     * Renames a test account in a blocking way (usually what you want in tests)
+     */
+    fun rename(account: Account, newName: String): Account {
+        val am = AccountManager.get(targetContext)
+        val newAccount = am.renameAccount(account, newName, null, null).result
+        assertEquals(newName, newAccount.name)
+        return newAccount
+    }
+
     /**
      * Removes a test account, usually in the `@After` tearDown of a test.
      */

app/src/androidTest/kotlin/at/bitfire/davdroid/ui/DebugInfoActivityTest.kt

@@ -19,7 +19,7 @@ class DebugInfoActivityTest {
         val expected = StringBuilder(DebugInfoActivity.IntentBuilder.MAX_ELEMENT_SIZE)
         expected.append(String(ByteArray(DebugInfoActivity.IntentBuilder.MAX_ELEMENT_SIZE - 3) { a }))
         expected.append("...")
-        assertEquals(expected.toString(), intent.getStringExtra("localResource"))
+        assertEquals(expected.toString(), intent.getStringExtra(DebugInfoActivity.EXTRA_LOCAL_RESOURCE_SUMMARY))
     }
 
     @Test

app/src/androidTest/kotlin/at/bitfire/davdroid/ui/setup/LoginActivityTest.kt

@@ -21,7 +21,7 @@ class LoginActivityTest {
         val loginInfo = LoginActivity.loginInfoFromIntent(intent)
         assertEquals("https://example.com/nextcloud", loginInfo.baseUri.toString())
         assertEquals("user", loginInfo.credentials!!.username)
-        assertEquals("password", loginInfo.credentials.password?.concatToString())
+        assertEquals("password", loginInfo.credentials.password?.asString())
     }
 
     @Test
@@ -34,7 +34,7 @@ class LoginActivityTest {
         val loginInfo = LoginActivity.loginInfoFromIntent(intent)
         assertEquals("https://example.com:444/nextcloud", loginInfo.baseUri.toString())
         assertEquals("user", loginInfo.credentials!!.username)
-        assertEquals("password", loginInfo.credentials.password?.concatToString())
+        assertEquals("password", loginInfo.credentials.password?.asString())
     }
 
     @Test
@@ -43,7 +43,7 @@ class LoginActivityTest {
         val loginInfo = LoginActivity.loginInfoFromIntent(intent)
         assertEquals("https://example.com/path", loginInfo.baseUri.toString())
         assertEquals("user", loginInfo.credentials!!.username)
-        assertEquals("password", loginInfo.credentials.password?.concatToString())
+        assertEquals("password", loginInfo.credentials.password?.asString())
     }
 
     @Test
@@ -52,7 +52,7 @@ class LoginActivityTest {
         val loginInfo = LoginActivity.loginInfoFromIntent(intent)
         assertEquals("https://example.com:0/path", loginInfo.baseUri.toString())
         assertEquals("user", loginInfo.credentials!!.username)
-        assertEquals("password", loginInfo.credentials.password?.concatToString())
+        assertEquals("password", loginInfo.credentials.password?.asString())
     }
 
     @Test
@@ -61,7 +61,7 @@ class LoginActivityTest {
         val loginInfo = LoginActivity.loginInfoFromIntent(intent)
         assertEquals(null, loginInfo.baseUri)
         assertEquals("user@example.com", loginInfo.credentials!!.username)
-        assertEquals(null, loginInfo.credentials.password?.concatToString())
+        assertEquals(null, loginInfo.credentials.password?.asString())
     }
     
 }

app/src/androidTest/kotlin/at/bitfire/davdroid/webdav/CredentialsStoreTest.kt

@@ -4,7 +4,8 @@
 
 package at.bitfire.davdroid.webdav
 
-import at.bitfire.davdroid.db.Credentials
+import at.bitfire.davdroid.settings.Credentials
+import at.bitfire.davdroid.util.SensitiveString.Companion.toSensitiveString
 import dagger.hilt.android.testing.HiltAndroidRule
 import dagger.hilt.android.testing.HiltAndroidTest
 import org.junit.Assert.assertEquals
@@ -30,8 +31,8 @@ class CredentialsStoreTest {
 
     @Test
     fun testSetGetDelete() {
-        store.setCredentials(0, Credentials(username = "myname", password = "12345".toCharArray()))
-        assertEquals(Credentials(username = "myname", password = "12345".toCharArray()), store.getCredentials(0))
+        store.setCredentials(0, Credentials(username = "myname", password = "12345".toSensitiveString()))
+        assertEquals(Credentials(username = "myname", password = "12345".toSensitiveString()), store.getCredentials(0))
 
         store.setCredentials(0, null)
         assertNull(store.getCredentials(0))

app/src/androidTest/kotlin/at/bitfire/davdroid/webdav/WebDavMountRepositoryTest.kt

@@ -6,11 +6,11 @@ package at.bitfire.davdroid.webdav
 
 import dagger.hilt.android.testing.HiltAndroidRule
 import dagger.hilt.android.testing.HiltAndroidTest
+import junit.framework.TestCase.assertEquals
 import kotlinx.coroutines.test.runTest
 import okhttp3.mockwebserver.MockResponse
 import okhttp3.mockwebserver.MockWebServer
-import org.junit.Assert.assertFalse
-import org.junit.Assert.assertTrue
+import org.junit.Assert.assertNull
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
@@ -36,7 +36,7 @@ class WebDavMountRepositoryTest {
     @Test
     fun testHasWebDav_NoDavHeader() = runTest {
         web.enqueue(MockResponse().setResponseCode(200))
-        assertFalse(repository.hasWebDav(url, null))
+        assertNull(repository.hasWebDav(url, null))
     }
 
     @Test
@@ -44,7 +44,7 @@ class WebDavMountRepositoryTest {
         web.enqueue(MockResponse()
             .setResponseCode(200)
             .addHeader("DAV: 1"))
-        assertTrue(repository.hasWebDav(url, null))
+        assertEquals(url, repository.hasWebDav(url, null))
     }
 
     @Test
@@ -52,7 +52,7 @@ class WebDavMountRepositoryTest {
         web.enqueue(MockResponse()
             .setResponseCode(200)
             .addHeader("DAV: 1, 2"))
-        assertTrue(repository.hasWebDav(url, null))
+        assertEquals(url,repository.hasWebDav(url, null))
     }
 
     @Test
@@ -60,7 +60,7 @@ class WebDavMountRepositoryTest {
         web.enqueue(MockResponse()
             .setResponseCode(200)
             .addHeader("DAV: 1, 3"))
-        assertTrue(repository.hasWebDav(url, null))
+        assertEquals(url,repository.hasWebDav(url, null))
     }
 
 }

app/src/androidTest/kotlin/at/bitfire/davdroid/webdav/operation/QueryChildDocumentsOperationTest.kt

@@ -2,20 +2,21 @@
  * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
  */
 
-package at.bitfire.davdroid.webdav
+package at.bitfire.davdroid.webdav.operation
 
 import android.content.Context
 import android.security.NetworkSecurityPolicy
 import at.bitfire.davdroid.db.AppDatabase
 import at.bitfire.davdroid.db.WebDavDocument
 import at.bitfire.davdroid.db.WebDavMount
-import at.bitfire.davdroid.network.HttpClient
+import at.bitfire.davdroid.network.HttpClientBuilder
 import dagger.hilt.android.qualifiers.ApplicationContext
 import dagger.hilt.android.testing.HiltAndroidRule
 import dagger.hilt.android.testing.HiltAndroidTest
 import io.mockk.junit4.MockKRule
+import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.test.runTest
-import okhttp3.CookieJar
+import okhttp3.OkHttpClient
 import okhttp3.mockwebserver.Dispatcher
 import okhttp3.mockwebserver.MockResponse
 import okhttp3.mockwebserver.MockWebServer
@@ -30,29 +31,7 @@ import java.util.logging.Logger
 import javax.inject.Inject
 
 @HiltAndroidTest
-class DavDocumentsProviderTest {
-
-    companion object {
-        private const val PATH_WEBDAV_ROOT = "/webdav"
-    }
-
-    @Inject @ApplicationContext
-    lateinit var context: Context
-
-    @Inject
-    lateinit var credentialsStore: CredentialsStore
-    
-    @Inject
-    lateinit var davDocumentsActorFactory: DavDocumentsProvider.DavDocumentsActor.Factory
-
-    @Inject
-    lateinit var httpClientBuilder: HttpClient.Builder
-    
-    @Inject
-    lateinit var db: AppDatabase
-
-    @Inject
-    lateinit var testDispatcher: TestDispatcher
+class QueryChildDocumentsOperationTest {
 
     @get:Rule
     val hiltRule = HiltAndroidRule(this)
@@ -60,13 +39,32 @@ class DavDocumentsProviderTest {
     @get:Rule
     val mockkRule = MockKRule(this)
 
+    @Inject @ApplicationContext
+    lateinit var context: Context
+
+    @Inject
+    lateinit var db: AppDatabase
+
+    @Inject
+    lateinit var operation: QueryChildDocumentsOperation
+
+    @Inject
+    lateinit var httpClientBuilder: HttpClientBuilder
+
+    @Inject
+    lateinit var testDispatcher: TestDispatcher
+
     private lateinit var server: MockWebServer
-    private lateinit var client: HttpClient
+    private lateinit var client: OkHttpClient
+
+    private lateinit var mount: WebDavMount
+    private lateinit var rootDocument: WebDavDocument
 
     @Before
     fun setUp() {
         hiltRule.inject()
 
+        // create server and client
         server = MockWebServer().apply {
             dispatcher = testDispatcher
             start()
@@ -76,50 +74,48 @@ class DavDocumentsProviderTest {
 
         // mock server delivers HTTP without encryption
         assertTrue(NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted)
+
+        // create WebDAV mount and root document in DB
+        runBlocking {
+            val mountId = db.webDavMountDao().insert(WebDavMount(0, "Cat food storage", server.url(PATH_WEBDAV_ROOT)))
+            mount = db.webDavMountDao().getById(mountId)
+            rootDocument = db.webDavDocumentDao().getOrCreateRoot(mount)
+        }
     }
 
     @After
     fun tearDown() {
-        client.close()
         server.shutdown()
+
+        runBlocking {
+            db.webDavMountDao().deleteAsync(mount)
+        }
     }
 
 
     @Test
     fun testDoQueryChildren_insert() = runTest {
-        // Create parent and root in database
-        val id = db.webDavMountDao().insert(WebDavMount(0, "Cat food storage", server.url(PATH_WEBDAV_ROOT)))
-        val webDavMount = db.webDavMountDao().getById(id)
-        val parent = db.webDavDocumentDao().getOrCreateRoot(webDavMount)
-
         // Query
-        val actor = davDocumentsActorFactory.create(
-            cookieStore = mutableMapOf<Long, CookieJar>(),
-            credentialsStore = credentialsStore
-        )
-        actor.queryChildren(parent)
+        operation.queryChildren(rootDocument)
 
         // Assert new children were inserted into db
-        assertEquals(3, db.webDavDocumentDao().getChildren(parent.id).size)
-        assertEquals("Library", db.webDavDocumentDao().getChildren(parent.id)[0].displayName)
-        assertEquals("MeowMeow_Cats.docx", db.webDavDocumentDao().getChildren(parent.id)[1].displayName)
-        assertEquals("Secret_Document.pages", db.webDavDocumentDao().getChildren(parent.id)[2].displayName)
+        assertEquals(3, db.webDavDocumentDao().getChildren(rootDocument.id).size)
+        assertEquals("Library", db.webDavDocumentDao().getChildren(rootDocument.id)[0].displayName)
+        assertEquals("MeowMeow_Cats.docx", db.webDavDocumentDao().getChildren(rootDocument.id)[1].displayName)
+        assertEquals("Secret_Document.pages", db.webDavDocumentDao().getChildren(rootDocument.id)[2].displayName)
     }
 
     @Test
     fun testDoQueryChildren_update() = runTest {
         // Create parent and root in database
-        val mountId = db.webDavMountDao().insert(WebDavMount(0, "Cat food storage", server.url(PATH_WEBDAV_ROOT)))
-        val webDavMount = db.webDavMountDao().getById(mountId)
-        val parent = db.webDavDocumentDao().getOrCreateRoot(webDavMount)
-        assertEquals("Cat food storage", db.webDavDocumentDao().get(parent.id)!!.displayName)
+        assertEquals("Cat food storage", db.webDavDocumentDao().get(rootDocument.id)!!.displayName)
 
         // Create a folder
         val folderId = db.webDavDocumentDao().insert(
             WebDavDocument(
                 0,
-                mountId,
-                parent.id,
+                mount.id,
+                rootDocument.id,
                 "My_Books",
                 true,
                 "My Books",
@@ -129,38 +125,25 @@ class DavDocumentsProviderTest {
         assertEquals("My Books", db.webDavDocumentDao().get(folderId)!!.displayName)
 
         // Query - should update the parent displayname and folder name
-        val actor = davDocumentsActorFactory.create(
-            cookieStore = mutableMapOf<Long, CookieJar>(),
-            credentialsStore = credentialsStore
-        )
-        actor.queryChildren(parent)
+        operation.queryChildren(rootDocument)
 
         // Assert parent and children were updated in database
-        assertEquals("Cats WebDAV", db.webDavDocumentDao().get(parent.id)!!.displayName)
-        assertEquals("Library", db.webDavDocumentDao().getChildren(parent.id)[0].name)
-        assertEquals("Library", db.webDavDocumentDao().getChildren(parent.id)[0].displayName)
+        assertEquals("Cats WebDAV", db.webDavDocumentDao().get(rootDocument.id)!!.displayName)
+        assertEquals("Library", db.webDavDocumentDao().getChildren(rootDocument.id)[0].name)
+        assertEquals("Library", db.webDavDocumentDao().getChildren(rootDocument.id)[0].displayName)
 
     }
 
     @Test
     fun testDoQueryChildren_delete() = runTest {
-        // Create parent and root in database
-        val mountId = db.webDavMountDao().insert(WebDavMount(0, "Cat food storage", server.url(PATH_WEBDAV_ROOT)))
-        val webDavMount = db.webDavMountDao().getById(mountId)
-        val parent = db.webDavDocumentDao().getOrCreateRoot(webDavMount)
-
         // Create a folder
         val folderId = db.webDavDocumentDao().insert(
-            WebDavDocument(0, mountId, parent.id, "deleteme", true, "Should be deleted")
+            WebDavDocument(0, mount.id, rootDocument.id, "deleteme", true, "Should be deleted")
         )
         assertEquals("deleteme", db.webDavDocumentDao().get(folderId)!!.name)
 
         // Query - discovers serverside deletion
-        val actor = davDocumentsActorFactory.create(
-            cookieStore = mutableMapOf<Long, CookieJar>(),
-            credentialsStore = credentialsStore
-        )
-        actor.queryChildren(parent)
+        operation.queryChildren(rootDocument)
 
         // Assert folder got deleted
         assertEquals(null, db.webDavDocumentDao().get(folderId))
@@ -168,26 +151,17 @@ class DavDocumentsProviderTest {
 
     @Test
     fun testDoQueryChildren_updateTwoDirectoriesSimultaneously() = runTest {
-        // Create root in database
-        val mountId = db.webDavMountDao().insert(WebDavMount(0, "Cat food storage", server.url(PATH_WEBDAV_ROOT)))
-        val webDavMount = db.webDavMountDao().getById(mountId)
-        val root = db.webDavDocumentDao().getOrCreateRoot(webDavMount)
-
         // Create two directories
-        val parent1Id = db.webDavDocumentDao().insert(WebDavDocument(0, mountId, root.id, "parent1", true))
-        val parent2Id = db.webDavDocumentDao().insert(WebDavDocument(0, mountId, root.id, "parent2", true))
+        val parent1Id = db.webDavDocumentDao().insert(WebDavDocument(0, mount.id, rootDocument.id, "parent1", true))
+        val parent2Id = db.webDavDocumentDao().insert(WebDavDocument(0, mount.id, rootDocument.id, "parent2", true))
         val parent1 = db.webDavDocumentDao().get(parent1Id)!!
         val parent2 = db.webDavDocumentDao().get(parent2Id)!!
         assertEquals("parent1", parent1.name)
         assertEquals("parent2", parent2.name)
 
         // Query - find children of two nodes simultaneously
-        val actor = davDocumentsActorFactory.create(
-            cookieStore = mutableMapOf<Long, CookieJar>(),
-            credentialsStore = credentialsStore
-        )
-        actor.queryChildren(parent1)
-        actor.queryChildren(parent2)
+        operation.queryChildren(parent1)
+        operation.queryChildren(parent2)
 
         // Assert the two folders names have changed
         assertEquals("childOne.txt", db.webDavDocumentDao().getChildren(parent1Id)[0].name)
@@ -215,7 +189,7 @@ class DavDocumentsProviderTest {
                     PATH_WEBDAV_ROOT to arrayOf(
                         Resource("",
                             "<resourcetype><collection/></resourcetype>" +
-                            "<displayname>Cats WebDAV</displayname>"
+                                    "<displayname>Cats WebDAV</displayname>"
                         ),
                         Resource("Secret_Document.pages",
                             "<displayname>Secret_Document.pages</displayname>",
@@ -225,7 +199,7 @@ class DavDocumentsProviderTest {
                         ),
                         Resource("Library",
                             "<resourcetype><collection/></resourcetype>" +
-                            "<displayname>Library</displayname>"
+                                    "<displayname>Library</displayname>"
                         )
                     ),
 
@@ -244,15 +218,15 @@ class DavDocumentsProviderTest {
                 val responses = propsMap[requestPath]?.joinToString { resource ->
                     "<response><href>$requestPath/${resource.name}</href><propstat><prop>" +
                             resource.props +
-                    "</prop></propstat></response>"
+                            "</prop></propstat></response>"
                 }
 
                 val multistatus =
                     "<multistatus xmlns='DAV:' " +
-                        "xmlns:CARD='urn:ietf:params:xml:ns:carddav' " +
-                        "xmlns:CAL='urn:ietf:params:xml:ns:caldav'>" +
-                        responses +
-                    "</multistatus>"
+                            "xmlns:CARD='urn:ietf:params:xml:ns:carddav' " +
+                            "xmlns:CAL='urn:ietf:params:xml:ns:caldav'>" +
+                            responses +
+                            "</multistatus>"
 
                 logger.info("Response: $multistatus")
                 return MockResponse()
@@ -265,4 +239,9 @@ class DavDocumentsProviderTest {
 
     }
 
+
+    companion object {
+        private const val PATH_WEBDAV_ROOT = "/webdav"
+    }
+
 }

app/src/main/AndroidManifest.xml

@@ -53,11 +53,19 @@
         tools:ignore="UnusedAttribute"
         android:supportsRtl="true">
 
-        <!-- required for Hilt/WorkManager integration -->
+        <!-- Required for Hilt/WorkManager integration. See
+        - https://developer.android.com/develop/background-work/background-tasks/persistent/configuration/custom-configuration#remove-default
+        - https://developer.android.com/training/dependency-injection/hilt-jetpack#workmanager
+        However, we must not disable AndroidX startup completely, as it's needed by other libraries like okhttp. -->
         <provider
             android:name="androidx.startup.InitializationProvider"
             android:authorities="${applicationId}.androidx-startup"
-            tools:node="remove">
+            android:exported="false"
+            tools:node="merge">
+            <meta-data
+                android:name="androidx.work.WorkManagerInitializer"
+                android:value="androidx.startup"
+                tools:node="remove" />
         </provider>
 
         <!-- Remove the node added by AppAuth (remove only from net.openid.appauth library, not from our flavor manifest files) -->
@@ -92,7 +100,7 @@
         <activity
             android:name=".ui.DebugInfoActivity"
             android:parentActivityName=".ui.AppSettingsActivity"
-            android:exported="true"
+            android:exported="false"
             android:label="@string/debug_info_title">
             <intent-filter>
                 <action android:name="android.intent.action.BUG_REPORT"/>
@@ -178,7 +186,7 @@
                 android:resource="@xml/account_authenticator"/>
         </service>
         <service
-            android:name=".sync.CalendarsSyncAdapterService"
+            android:name=".sync.adapter.CalendarsSyncAdapterService"
             android:exported="true"
             tools:ignore="ExportedService">
             <intent-filter>
@@ -189,7 +197,7 @@
                 android:resource="@xml/sync_calendars"/>
         </service>
         <service
-            android:name=".sync.JtxSyncAdapterService"
+            android:name=".sync.adapter.JtxSyncAdapterService"
             android:exported="true"
             tools:ignore="ExportedService">
             <intent-filter>
@@ -200,7 +208,7 @@
                 android:resource="@xml/sync_notes"/>
         </service>
         <service
-            android:name=".sync.OpenTasksSyncAdapterService"
+            android:name=".sync.adapter.OpenTasksSyncAdapterService"
             android:exported="true"
             tools:ignore="ExportedService">
             <intent-filter>
@@ -211,7 +219,7 @@
                 android:resource="@xml/sync_opentasks"/>
         </service>
         <service
-            android:name=".sync.TasksOrgSyncAdapterService"
+            android:name=".sync.adapter.TasksOrgSyncAdapterService"
             android:exported="true"
             tools:ignore="ExportedService">
             <intent-filter>
@@ -246,7 +254,7 @@
                 android:resource="@xml/account_authenticator_address_book"/>
         </service>
         <service
-            android:name=".sync.ContactsSyncAdapterService"
+            android:name=".sync.adapter.ContactsSyncAdapterService"
             android:exported="true"
             tools:ignore="ExportedService">
             <intent-filter>

app/src/main/kotlin/at/bitfire/davdroid/App.kt

@@ -7,13 +7,14 @@ package at.bitfire.davdroid
 import android.app.Application
 import androidx.hilt.work.HiltWorkerFactory
 import androidx.work.Configuration
+import at.bitfire.davdroid.di.DefaultDispatcher
 import at.bitfire.davdroid.log.LogManager
 import at.bitfire.davdroid.startup.StartupPlugin
 import at.bitfire.davdroid.sync.account.AccountsCleanupWorker
 import at.bitfire.davdroid.ui.UiUtils
 import dagger.hilt.android.HiltAndroidApp
+import kotlinx.coroutines.CoroutineDispatcher
 import kotlinx.coroutines.DelicateCoroutinesApi
-import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.GlobalScope
 import kotlinx.coroutines.launch
 import java.util.logging.Logger
@@ -31,6 +32,10 @@ class App: Application(), Configuration.Provider {
     @Inject
     lateinit var logManager: LogManager
 
+    @Inject
+    @DefaultDispatcher
+    lateinit var defaultDispatcher: CoroutineDispatcher
+
     @Inject
     lateinit var plugins: Set<@JvmSuppressWildcards StartupPlugin>
 
@@ -60,7 +65,7 @@ class App: Application(), Configuration.Provider {
 
         // don't block UI for some background checks
         @OptIn(DelicateCoroutinesApi::class)
-        GlobalScope.launch(Dispatchers.Default) {
+        GlobalScope.launch(defaultDispatcher) {
             // clean up orphaned accounts in DB from time to time
             AccountsCleanupWorker.enable(this@App)
 

app/src/main/kotlin/at/bitfire/davdroid/Constants.kt

@@ -3,8 +3,8 @@
  */
 package at.bitfire.davdroid
 
-import android.net.Uri
-import androidx.core.net.toUri
+import at.bitfire.synctools.icalendar.ical4jVersion
+import ezvcard.Ezvcard
 
 /**
  * Brand-specific constants like (non-theme) colors, homepage URLs etc.
@@ -13,48 +13,10 @@ object Constants {
 
     const val DAVDROID_GREEN_RGBA = 0xFF8bc34a.toInt()
 
-    val HOMEPAGE_URL = "https://www.davx5.com".toUri()
-    const val HOMEPAGE_PATH_FAQ = "faq"
-    const val HOMEPAGE_PATH_FAQ_SYNC_NOT_RUN = "synchronization-is-not-run-as-expected"
-    const val HOMEPAGE_PATH_FAQ_LOCATION_PERMISSION = "wifi-ssid-restriction-location-permission"
-    const val HOMEPAGE_PATH_OPEN_SOURCE = "donate"
-    const val HOMEPAGE_PATH_PRIVACY = "privacy"
-    const val HOMEPAGE_PATH_TESTED_SERVICES = "tested-with"
 
-    val MANUAL_URL = "https://manual.davx5.com".toUri()
+    // product IDs for iCalendar/vCard
 
-    const val MANUAL_PATH_ACCOUNTS_COLLECTIONS = "accounts_collections.html"
-    const val MANUAL_FRAGMENT_SERVICE_DISCOVERY = "how-does-service-discovery-work"
-
-    const val MANUAL_PATH_INTRODUCTION = "introduction.html"
-    const val MANUAL_FRAGMENT_AUTHENTICATION_METHODS = "authentication-methods"
-
-    const val MANUAL_PATH_SETTINGS = "settings.html"
-    const val MANUAL_FRAGMENT_APP_SETTINGS = "app-wide-settings"
-    const val MANUAL_FRAGMENT_ACCOUNT_SETTINGS = "account-settings"
-
-    const val MANUAL_PATH_WEBDAV_PUSH = "webdav_push.html"
-    const val MANUAL_PATH_WEBDAV_MOUNTS = "webdav_mounts.html"
-
-    val COMMUNITY_URL = "https://github.com/bitfireAT/davx5-ose/discussions".toUri()
-
-    val FEDIVERSE_HANDLE = "@davx5app@fosstodon.org"
-    val FEDIVERSE_URL = "https://fosstodon.org/@davx5app".toUri()
-
-    /**
-     * Appends query parameters for anonymized usage statistics (app ID, version).
-     * Can be used by the called Website to get an idea of which versions etc. are currently used.
-     *
-     * @param context   optional info about from where the URL was opened (like a specific Activity)
-     */
-    fun Uri.Builder.withStatParams(context: String? = null): Uri.Builder {
-        appendQueryParameter("pk_campaign", BuildConfig.APPLICATION_ID)
-        appendQueryParameter("app-version", BuildConfig.VERSION_NAME)
-
-        if (context != null)
-            appendQueryParameter("pk_kwd", context)
-
-        return this
-    }
+    val iCalProdId = "DAVx5/${BuildConfig.VERSION_NAME} ical4j/$ical4jVersion"
+    const val vCardProdId = "+//IDN bitfire.at//DAVx5/${BuildConfig.VERSION_NAME} ez-vcard/${Ezvcard.VERSION}"
 
 }

app/src/main/kotlin/at/bitfire/davdroid/db/AppDatabase.kt

@@ -35,6 +35,13 @@ import dagger.hilt.components.SingletonComponent
 import java.io.Writer
 import javax.inject.Singleton
 
+/**
+ * The app database. Managed via android jetpack room. Room provides an abstraction
+ * layer over SQLite.
+ *
+ * Note: In SQLite PRAGMA foreign_keys is off by default. Room activates it for
+ * production (non-test) databases.
+ */
 @Database(entities = [
     Service::class,
     HomeSet::class,

app/src/main/kotlin/at/bitfire/davdroid/db/Collection.kt

@@ -10,8 +10,9 @@ import androidx.room.Entity
 import androidx.room.ForeignKey
 import androidx.room.Index
 import androidx.room.PrimaryKey
-import at.bitfire.dav4jvm.Response
-import at.bitfire.dav4jvm.UrlUtils
+import at.bitfire.dav4jvm.okhttp.Response
+import at.bitfire.dav4jvm.okhttp.UrlUtils
+import at.bitfire.dav4jvm.property.caldav.CalDAV
 import at.bitfire.dav4jvm.property.caldav.CalendarColor
 import at.bitfire.dav4jvm.property.caldav.CalendarDescription
 import at.bitfire.dav4jvm.property.caldav.CalendarTimezone
@@ -19,6 +20,7 @@ import at.bitfire.dav4jvm.property.caldav.CalendarTimezoneId
 import at.bitfire.dav4jvm.property.caldav.Source
 import at.bitfire.dav4jvm.property.caldav.SupportedCalendarComponentSet
 import at.bitfire.dav4jvm.property.carddav.AddressbookDescription
+import at.bitfire.dav4jvm.property.carddav.CardDAV
 import at.bitfire.dav4jvm.property.push.PushTransports
 import at.bitfire.dav4jvm.property.push.Topic
 import at.bitfire.dav4jvm.property.push.WebPush
@@ -166,9 +168,9 @@ data class Collection(
             val url = UrlUtils.withTrailingSlash(dav.href)
             val type: String = dav[ResourceType::class.java]?.let { resourceType ->
                 when {
-                    resourceType.types.contains(ResourceType.ADDRESSBOOK) -> TYPE_ADDRESSBOOK
-                    resourceType.types.contains(ResourceType.CALENDAR)    -> TYPE_CALENDAR
-                    resourceType.types.contains(ResourceType.SUBSCRIBED)  -> TYPE_WEBCAL
+                    resourceType.types.contains(CardDAV.Addressbook) -> TYPE_ADDRESSBOOK
+                    resourceType.types.contains(CalDAV.Calendar)     -> TYPE_CALENDAR
+                    resourceType.types.contains(CalDAV.Subscribed)   -> TYPE_WEBCAL
                     else -> null
                 }
             } ?: return null

app/src/main/kotlin/at/bitfire/davdroid/db/CollectionDao.kt

@@ -38,6 +38,10 @@ interface CollectionDao {
     @Query("SELECT * FROM collection WHERE pushTopic=:topic AND sync")
     suspend fun getSyncableByPushTopic(topic: String): Collection?
 
+    @Suppress("unused")     // for build variant
+    @Query("SELECT * FROM collection WHERE sync")
+    fun getSyncCollections(): List<Collection>
+
     @Query("SELECT pushVapidKey FROM collection WHERE serviceId=:serviceId AND pushVapidKey IS NOT NULL LIMIT 1")
     suspend fun getFirstVapidKey(serviceId: Long): String?
 

app/src/main/kotlin/at/bitfire/davdroid/db/Converters.kt

@@ -14,7 +14,7 @@ class Converters {
 
     @TypeConverter
     fun httpUrlToString(url: HttpUrl?) =
-            url?.toString()
+        url?.toString()
 
     @TypeConverter
     fun mediaTypeToString(mediaType: MediaType?) =

app/src/main/kotlin/at/bitfire/davdroid/db/Credentials.kt

@@ -1,58 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid.db
-
-import net.openid.appauth.AuthState
-
-data class Credentials(
-    val username: String? = null,
-    val password: CharArray? = null,
-
-    val certificateAlias: String? = null,
-
-    val authState: AuthState? = null
-) {
-
-    override fun toString(): String {
-        val s = mutableListOf<String>()
-
-        if (username != null)
-            s += "userName=$username"
-        if (password != null)
-            s += "password=*****"
-
-        if (certificateAlias != null)
-            s += "certificateAlias=$certificateAlias"
-
-        if (authState != null)
-            s += "authState=${authState.jsonSerializeString()}"
-
-        return "Credentials(" + s.joinToString(", ") + ")"
-    }
-
-
-    override fun equals(other: Any?): Boolean {
-        if (this === other) return true
-        if (javaClass != other?.javaClass) return false
-
-        other as Credentials
-
-        if (username != other.username) return false
-        if (!password.contentEquals(other.password)) return false
-        if (certificateAlias != other.certificateAlias) return false
-        if (authState != other.authState) return false
-
-        return true
-    }
-
-    override fun hashCode(): Int {
-        var result = username?.hashCode() ?: 0
-        result = 31 * result + (password?.contentHashCode() ?: 0)
-        result = 31 * result + (certificateAlias?.hashCode() ?: 0)
-        result = 31 * result + (authState?.hashCode() ?: 0)
-        return result
-    }
-
-}

app/src/main/kotlin/at/bitfire/davdroid/db/HomeSetDao.kt

@@ -8,6 +8,7 @@ import androidx.room.Dao
 import androidx.room.Delete
 import androidx.room.Insert
 import androidx.room.Query
+import androidx.room.Transaction
 import androidx.room.Update
 import kotlinx.coroutines.flow.Flow
 
@@ -35,6 +36,24 @@ interface HomeSetDao {
     @Update
     fun update(homeset: HomeSet)
 
+    /**
+     * If a homeset with the given service ID and URL already exists, it is updated with the other fields.
+     * Otherwise, a new homeset is inserted.
+     *
+     * This method preserves the primary key, as opposed to using "@Insert(onConflict = OnConflictStrategy.REPLACE)"
+     * which will create a new row with incremented ID and thus breaks entity relationships!
+     *
+     * @param homeSet   home set to insert/update
+     *
+     * @return ID of the row that has been inserted or updated. -1 If the insert fails due to other reasons.
+     */
+    @Transaction
+    fun insertOrUpdateByUrlBlocking(homeSet: HomeSet): Long =
+        getByUrl(homeSet.serviceId, homeSet.url.toString())?.let { existingHomeset ->
+            update(homeSet.copy(id = existingHomeset.id))
+            existingHomeset.id
+        } ?: insert(homeSet)
+
     @Delete
     fun delete(homeset: HomeSet)
 

app/src/main/kotlin/at/bitfire/davdroid/db/Principal.kt

@@ -8,10 +8,11 @@ import androidx.room.Entity
 import androidx.room.ForeignKey
 import androidx.room.Index
 import androidx.room.PrimaryKey
-import at.bitfire.dav4jvm.Response
-import at.bitfire.dav4jvm.UrlUtils
+import at.bitfire.dav4jvm.okhttp.Response
+import at.bitfire.dav4jvm.okhttp.UrlUtils
 import at.bitfire.dav4jvm.property.webdav.DisplayName
 import at.bitfire.dav4jvm.property.webdav.ResourceType
+import at.bitfire.dav4jvm.property.webdav.WebDAV
 import at.bitfire.davdroid.util.trimToNull
 import okhttp3.HttpUrl
 
@@ -46,7 +47,7 @@ data class Principal(
         fun fromDavResponse(serviceId: Long, dav: Response): Principal? {
             // Check if response is a principal
             val resourceType = dav[ResourceType::class.java] ?: return null
-            if (!resourceType.types.contains(ResourceType.PRINCIPAL))
+            if (!resourceType.types.contains(WebDAV.Principal))
                 return null
 
             // Try getting the display name of the principal

app/src/main/kotlin/at/bitfire/davdroid/db/PrincipalDao.kt

@@ -48,11 +48,20 @@ interface PrincipalDao {
      * @param principal Principal to be inserted or updated
      * @return ID of the newly inserted or already existing principal
      */
-    fun insertOrUpdate(serviceId: Long, principal: Principal): Long =
-        getByUrl(serviceId, principal.url)?.let { oldPrincipal ->
-            if (principal.displayName != oldPrincipal.displayName)
-                update(principal.copy(id = oldPrincipal.id))
-            return oldPrincipal.id
-        } ?: insert(principal)
+    fun insertOrUpdate(serviceId: Long, principal: Principal): Long {
+        // Try to get existing principal by URL
+        val oldPrincipal = getByUrl(serviceId, principal.url)
+
+        // Insert new principal if not existing
+        if (oldPrincipal == null)
+            return insert(principal)
+
+        // Otherwise update the existing principal
+        if (principal.displayName != oldPrincipal.displayName)
+            update(principal.copy(id = oldPrincipal.id))
+
+        // In any case return the id of the principal
+        return oldPrincipal.id
+    }
 
 }

app/src/main/kotlin/at/bitfire/davdroid/log/LogFileHandler.kt

@@ -12,9 +12,11 @@ import androidx.core.app.NotificationCompat
 import androidx.core.app.NotificationManagerCompat
 import androidx.core.app.TaskStackBuilder
 import at.bitfire.davdroid.R
+import at.bitfire.davdroid.log.LogFileHandler.Companion.debugDir
 import at.bitfire.davdroid.ui.AppSettingsActivity
 import at.bitfire.davdroid.ui.DebugInfoActivity
 import at.bitfire.davdroid.ui.NotificationRegistry
+import at.bitfire.synctools.log.PlainTextFormatter
 import dagger.hilt.android.qualifiers.ApplicationContext
 import java.io.Closeable
 import java.io.File

app/src/main/kotlin/at/bitfire/davdroid/log/LogManager.kt

@@ -8,6 +8,7 @@ import android.content.Context
 import android.util.Log
 import at.bitfire.davdroid.BuildConfig
 import at.bitfire.davdroid.repository.PreferenceRepository
+import at.bitfire.synctools.log.LogcatHandler
 import dagger.hilt.android.qualifiers.ApplicationContext
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
@@ -38,6 +39,10 @@ import javax.inject.Singleton
  *
  * When using the global logger, the class name of the logging calls will still be logged, so there's
  * no need to always get a separate logger for each class (only if the class wants to customize it).
+ *
+ * Note about choosing log levels: records with [Level.FINE] or higher will always be printed to adb logs
+ * (regardless of whether verbose logging is active). Records with a lower level will only be
+ * printed to adb logs when verbose logging is active.
  */
 @Singleton
 class LogManager @Inject constructor(
@@ -78,8 +83,11 @@ class LogManager @Inject constructor(
 
         // root logger: set default log level and always log to logcat
         val rootLogger = Logger.getLogger("")
-        rootLogger.level = if (logVerbose) Level.ALL else Level.INFO
-        rootLogger.addHandler(LogcatHandler())
+        rootLogger.level = if (logVerbose)
+            Level.ALL       // include everything (including HTTP interceptor logs) in verbose logs
+        else
+            Level.FINE      // include detailed information like content provider operations in non-verbose logs
+        rootLogger.addHandler(LogcatHandler(BuildConfig.APPLICATION_ID))
 
         // log to file, if requested
         if (logToFile)

app/src/main/kotlin/at/bitfire/davdroid/log/LogcatHandler.kt

@@ -1,52 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid.log
-
-import android.os.Build
-import android.util.Log
-import at.bitfire.davdroid.BuildConfig
-import com.google.common.base.Ascii
-import java.util.logging.Handler
-import java.util.logging.Level
-import java.util.logging.LogRecord
-
-/**
- * Logging handler that logs to Android logcat.
- */
-internal class LogcatHandler: Handler() {
-
-    init {
-        formatter = PlainTextFormatter.LOGCAT
-    }
-
-    override fun publish(r: LogRecord) {
-        val level = r.level.intValue()
-        val text = formatter.format(r)
-
-        // get class name that calls the logger (or fall back to package name)
-        val className = if (r.sourceClassName != null)
-            PlainTextFormatter.shortClassName(r.sourceClassName)
-        else
-            BuildConfig.APPLICATION_ID
-
-        // truncate class name to 23 characters on Android <8, see Log documentation
-        val tag = if (Build.VERSION.SDK_INT < Build.VERSION_CODES.O)
-            Ascii.truncate(className, 23, "")
-        else
-            className
-
-        when {
-            level >= Level.SEVERE.intValue()  -> Log.e(tag, text, r.thrown)
-            level >= Level.WARNING.intValue() -> Log.w(tag, text, r.thrown)
-            level >= Level.CONFIG.intValue()  -> Log.i(tag, text, r.thrown)
-            level >= Level.FINER.intValue()   -> Log.d(tag, text, r.thrown)
-            else                              -> Log.v(tag, text, r.thrown)
-        }
-    }
-
-    override fun flush() {}
-    override fun close() {}
-
-}

app/src/main/kotlin/at/bitfire/davdroid/log/PlainTextFormatter.kt

@@ -1,111 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid.log
-
-import com.google.common.base.Ascii
-import java.io.PrintWriter
-import java.io.StringWriter
-import java.text.SimpleDateFormat
-import java.util.Date
-import java.util.Locale
-import java.util.logging.Formatter
-import java.util.logging.LogRecord
-
-class PlainTextFormatter(
-    private val withTime: Boolean,
-    private val withSource: Boolean,
-    private val padSource: Int = 30,
-    private val withException: Boolean,
-    private val lineSeparator: String?
-): Formatter() {
-
-    companion object {
-
-        /**
-         * Formatter intended for logcat output.
-         */
-        val LOGCAT = PlainTextFormatter(
-            withTime = false,
-            withSource = false,
-            withException = false,
-            lineSeparator = null
-        )
-
-        /**
-         * Formatter intended for file output.
-         */
-        val DEFAULT = PlainTextFormatter(
-            withTime = true,
-            withSource = true,
-            withException = true,
-            lineSeparator = System.lineSeparator()
-        )
-
-        /**
-         * Maximum length of a log line (estimate).
-         */
-        const val MAX_LENGTH = 10000
-
-        fun shortClassName(className: String) = className
-            .replace(Regex("^at\\.bitfire\\.(dav|cert4an|dav4an|ical4an|vcard4an)droid\\."), ".")
-            .replace(Regex("\\$.*$"), "")
-
-        private fun stackTrace(ex: Throwable): String {
-            val writer = StringWriter()
-            ex.printStackTrace(PrintWriter(writer))
-            return writer.toString()
-        }
-
-    }
-
-    private val timeFormat = SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.ROOT)
-
-
-    override fun format(r: LogRecord): String {
-        val builder = StringBuilder()
-
-        if (withTime)
-            builder .append(timeFormat.format(Date(r.millis)))
-                    .append(" ").append(r.threadID).append(" ")
-
-        if (withSource && r.sourceClassName != null) {
-            val className = shortClassName(r.sourceClassName)
-            if (className != r.loggerName) {
-                val classNameColumn = "[$className] ".padEnd(padSource)
-                builder.append(classNameColumn)
-            }
-        }
-
-        builder.append(truncate(r.message))
-
-        if (withException && r.thrown != null) {
-            val indentedStackTrace = stackTrace(r.thrown)
-                .replace("\n", "\n\t")
-                .removeSuffix("\t")
-            builder.append("\n\tEXCEPTION ").append(indentedStackTrace)
-        }
-
-        r.parameters?.let {
-            for ((idx, param) in it.withIndex()) {
-                builder.append("\n\tPARAMETER #").append(idx + 1).append(" = ")
-
-                val valStr = if (param == null)
-                    "(null)"
-                else
-                    truncate(param.toString())
-                builder.append(valStr)
-            }
-        }
-
-        if (lineSeparator != null)
-            builder.append(lineSeparator)
-
-        return builder.toString()
-    }
-
-    private fun truncate(s: String) =
-        Ascii.truncate(s, MAX_LENGTH, "[…]")
-
-}

app/src/main/kotlin/at/bitfire/davdroid/log/StringHandler.kt

@@ -4,6 +4,7 @@
 
 package at.bitfire.davdroid.log
 
+import at.bitfire.synctools.log.PlainTextFormatter
 import com.google.common.base.Ascii
 import java.util.logging.Handler
 import java.util.logging.LogRecord

app/src/main/kotlin/at/bitfire/davdroid/network/BearerAuthInterceptor.kt

@@ -1,72 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid.network
-
-import kotlinx.coroutines.CancellationException
-import kotlinx.coroutines.CompletableDeferred
-import kotlinx.coroutines.runBlocking
-import net.openid.appauth.AuthState
-import net.openid.appauth.AuthorizationException
-import net.openid.appauth.AuthorizationService
-import okhttp3.Interceptor
-import okhttp3.Response
-import java.util.logging.Level
-import java.util.logging.Logger
-
-/**
- * Sends an OAuth Bearer token authorization as described in RFC 6750.
- */
-class BearerAuthInterceptor(
-    private val accessToken: String
-): Interceptor {
-
-    companion object {
-
-        val logger: Logger
-            get() = Logger.getGlobal()
-
-        fun fromAuthState(authService: AuthorizationService, authState: AuthState, callback: AuthStateUpdateCallback? = null): BearerAuthInterceptor? {
-            return runBlocking {
-                val accessTokenFuture = CompletableDeferred<String>()
-
-                authState.performActionWithFreshTokens(authService) { accessToken: String?, _: String?, ex: AuthorizationException? ->
-                    if (accessToken != null) {
-                        // persist updated AuthState
-                        callback?.onUpdate(authState)
-
-                        // emit access token
-                        accessTokenFuture.complete(accessToken)
-                    }
-                    else {
-                        logger.log(Level.WARNING, "Couldn't obtain access token", ex)
-                        accessTokenFuture.cancel()
-                    }
-                }
-
-                // return value
-                try {
-                    BearerAuthInterceptor(accessTokenFuture.await())
-                } catch (ignored: CancellationException) {
-                    null
-                }
-            }
-        }
-
-    }
-
-    override fun intercept(chain: Interceptor.Chain): Response {
-        logger.finer("Authenticating request with access token")
-        val rq = chain.request().newBuilder()
-            .header("Authorization", "Bearer $accessToken")
-            .build()
-        return chain.proceed(rq)
-    }
-
-
-    fun interface AuthStateUpdateCallback {
-        fun onUpdate(authState: AuthState)
-    }
-
-}

app/src/main/kotlin/at/bitfire/davdroid/network/ClientCertKeyManager.kt

@@ -6,22 +6,31 @@ package at.bitfire.davdroid.network
 
 import android.content.Context
 import android.security.KeyChain
+import android.security.KeyChainException
 import dagger.assisted.Assisted
 import dagger.assisted.AssistedFactory
 import dagger.assisted.AssistedInject
 import dagger.hilt.android.qualifiers.ApplicationContext
 import java.net.Socket
 import java.security.Principal
+import java.security.PrivateKey
+import java.security.cert.X509Certificate
+import java.util.logging.Level
+import java.util.logging.Logger
 import javax.net.ssl.X509ExtendedKeyManager
 
 /**
- * KeyManager that provides a client certificate and private key from the Android KeyChain.
+ * KeyManager that provides a client certificate and private key from the Android [KeyChain].
  *
- * @throws IllegalArgumentException if the alias doesn't exist or is not accessible
+ * Requests for certificates / private keys for other aliases than the specified one
+ * will be ignored.
+ *
+ * @param alias     alias of the desired certificate / private key
  */
 class ClientCertKeyManager @AssistedInject constructor(
     @Assisted private val alias: String,
-    @ApplicationContext private val context: Context
+    @ApplicationContext private val context: Context,
+    private val logger: Logger
 ): X509ExtendedKeyManager() {
 
     @AssistedFactory
@@ -29,19 +38,42 @@ class ClientCertKeyManager @AssistedInject constructor(
         fun create(alias: String): ClientCertKeyManager
     }
 
-    val certs = KeyChain.getCertificateChain(context, alias) ?: throw IllegalArgumentException("Alias doesn't exist or not accessible: $alias")
-    val key = KeyChain.getPrivateKey(context, alias) ?: throw IllegalArgumentException("Alias doesn't exist or not accessible: $alias")
-
     override fun getServerAliases(p0: String?, p1: Array<out Principal>?): Array<String>? = null
     override fun chooseServerAlias(p0: String?, p1: Array<out Principal>?, p2: Socket?) = null
 
     override fun getClientAliases(p0: String?, p1: Array<out Principal>?) = arrayOf(alias)
     override fun chooseClientAlias(p0: Array<out String>?, p1: Array<out Principal>?, p2: Socket?) = alias
 
-    override fun getCertificateChain(forAlias: String?) =
-        certs.takeIf { forAlias == alias }
+    override fun getCertificateChain(forAlias: String): Array<X509Certificate>? {
+        if (forAlias != alias)
+            return null
 
-    override fun getPrivateKey(forAlias: String?) =
-        key.takeIf { forAlias == alias }
+        return try {
+            KeyChain.getCertificateChain(context, alias).also { result ->
+                if (result == null)
+                    logger.warning("Couldn't obtain certificate chain for alias $alias")
+            }
+        } catch (e: KeyChainException) {
+            // Android <Q throws an exception instead of returning null
+            logger.log(Level.WARNING, "Couldn't obtain certificate chain for alias $alias", e)
+            null
+        }
+    }
+
+    override fun getPrivateKey(forAlias: String): PrivateKey? {
+        if (forAlias != alias)
+            return null
+
+        return try {
+            KeyChain.getPrivateKey(context, alias).also { result ->
+                if (result == null)
+                    logger.log(Level.WARNING, "Couldn't obtain private key for alias $alias")
+            }
+        } catch (e: KeyChainException) {
+            // Android <Q throws an exception instead of returning null
+            logger.log(Level.WARNING, "Couldn't obtain private key for alias $alias", e)
+            null
+        }
+    }
 
 }

app/src/main/kotlin/at/bitfire/davdroid/network/ConscryptIntegration.kt

@@ -0,0 +1,52 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.network
+
+import androidx.annotation.VisibleForTesting
+import org.conscrypt.Conscrypt
+import java.security.Security
+import java.util.logging.Logger
+import javax.net.ssl.SSLContext
+
+/**
+ * Integration with the Conscrypt library that provides recent TLS versions and ciphers,
+ * regardless of the device Android version.
+ */
+class ConscryptIntegration {
+
+    private val logger
+        get() = Logger.getLogger(javaClass.name)
+
+    private var initialized = false
+
+    /**
+     * Loads and initializes Conscrypt (if not already done). Safe to be called multiple times.
+     */
+    fun initialize() {
+        synchronized(ConscryptIntegration::javaClass) {
+            if (initialized)
+                return
+
+            if (Conscrypt.isAvailable() && !conscryptInstalled()) {
+                // install Conscrypt as most preferred provider
+                Security.insertProviderAt(Conscrypt.newProvider(), 1)
+
+                val version = Conscrypt.version()
+                logger.info("Using Conscrypt/${version.major()}.${version.minor()}.${version.patch()} for TLS")
+
+                val engine = SSLContext.getDefault().createSSLEngine()
+                logger.info("Enabled protocols: ${engine.enabledProtocols.joinToString(", ")}")
+                logger.info("Enabled ciphers: ${engine.enabledCipherSuites.joinToString(", ")}")
+            }
+
+            initialized = true
+        }
+    }
+
+    @VisibleForTesting
+    internal fun conscryptInstalled() =
+        Security.getProviders().any { Conscrypt.isConscrypt(it) }
+
+}

app/src/main/kotlin/at/bitfire/davdroid/network/HttpClient.kt

@@ -1,311 +0,0 @@
-/*
- * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
- */
-
-package at.bitfire.davdroid.network
-
-import android.accounts.Account
-import android.content.Context
-import androidx.annotation.WorkerThread
-import at.bitfire.cert4android.CustomCertManager
-import at.bitfire.dav4jvm.BasicDigestAuthHandler
-import at.bitfire.dav4jvm.UrlUtils
-import at.bitfire.davdroid.db.Credentials
-import at.bitfire.davdroid.di.IoDispatcher
-import at.bitfire.davdroid.settings.AccountSettings
-import at.bitfire.davdroid.settings.Settings
-import at.bitfire.davdroid.settings.SettingsManager
-import at.bitfire.davdroid.ui.ForegroundTracker
-import com.google.common.net.HttpHeaders
-import dagger.hilt.android.qualifiers.ApplicationContext
-import kotlinx.coroutines.CoroutineDispatcher
-import kotlinx.coroutines.withContext
-import net.openid.appauth.AuthState
-import net.openid.appauth.AuthorizationService
-import okhttp3.Authenticator
-import okhttp3.Cache
-import okhttp3.ConnectionSpec
-import okhttp3.CookieJar
-import okhttp3.Interceptor
-import okhttp3.OkHttpClient
-import okhttp3.Protocol
-import okhttp3.brotli.BrotliInterceptor
-import okhttp3.internal.tls.OkHostnameVerifier
-import okhttp3.logging.HttpLoggingInterceptor
-import java.io.File
-import java.net.InetSocketAddress
-import java.net.Proxy
-import java.util.concurrent.TimeUnit
-import java.util.logging.Level
-import java.util.logging.Logger
-import javax.inject.Inject
-import javax.inject.Provider
-import javax.net.ssl.KeyManager
-import javax.net.ssl.SSLContext
-
-class HttpClient(
-    val okHttpClient: OkHttpClient,
-    private val authorizationService: AuthorizationService? = null
-): AutoCloseable {
-
-    override fun close() {
-        authorizationService?.dispose()
-        okHttpClient.cache?.close()
-    }
-
-
-    // builder
-
-    /**
-     * Builder for the [HttpClient].
-     *
-     * **Attention:** If the builder is injected, it shouldn't be used from multiple locations to generate different clients because then
-     * there's only one [Builder] object and setting properties from one location would influence the others.
-     *
-     * To generate multiple clients, inject and use `Provider<HttpClient.Builder>` instead.
-     */
-    class Builder @Inject constructor(
-        private val accountSettingsFactory: AccountSettings.Factory,
-        private val authorizationServiceProvider: Provider<AuthorizationService>,
-        @ApplicationContext private val context: Context,
-        defaultLogger: Logger,
-        @IoDispatcher private val ioDispatcher: CoroutineDispatcher,
-        private val keyManagerFactory: ClientCertKeyManager.Factory,
-        private val settingsManager: SettingsManager
-    ) {
-
-        // property setters/getters
-
-        private var logger: Logger = defaultLogger
-        fun setLogger(logger: Logger): Builder {
-            this.logger = logger
-            return this
-        }
-
-        private var loggerInterceptorLevel: HttpLoggingInterceptor.Level = HttpLoggingInterceptor.Level.BODY
-        fun loggerInterceptorLevel(level: HttpLoggingInterceptor.Level): Builder {
-            loggerInterceptorLevel = level
-            return this
-        }
-
-        // default cookie store for non-persistent cookies (some services like Horde use cookies for session tracking)
-        private var cookieStore: CookieJar = MemoryCookieStore()
-        fun setCookieStore(cookieStore: CookieJar): Builder {
-            this.cookieStore = cookieStore
-            return this
-        }
-
-        private var authenticationInterceptor: Interceptor? = null
-        private var authenticator: Authenticator? = null
-        private var authorizationService: AuthorizationService? = null
-        private var certificateAlias: String? = null
-        fun authenticate(host: String?, credentials: Credentials, authStateCallback: BearerAuthInterceptor.AuthStateUpdateCallback? = null): Builder {
-            if (credentials.authState != null) {
-                // OAuth
-                val authService = authorizationServiceProvider.get()
-                authenticationInterceptor = BearerAuthInterceptor.fromAuthState(authService, credentials.authState, authStateCallback)
-                authorizationService = authService
-
-            } else if (credentials.username != null && credentials.password != null) {
-                // basic/digest auth
-                val authHandler = BasicDigestAuthHandler(
-                    domain = UrlUtils.hostToDomain(host),
-                    username = credentials.username,
-                    password = credentials.password,
-                    insecurePreemptive = true
-                )
-                authenticationInterceptor = authHandler
-                authenticator = authHandler
-            }
-
-            // client certificate
-            if (credentials.certificateAlias != null)
-                certificateAlias = credentials.certificateAlias
-
-            return this
-        }
-
-        private var followRedirects = false
-        fun followRedirects(follow: Boolean): Builder {
-            followRedirects = follow
-            return this
-        }
-
-        private var cache: Cache? = null
-        @Suppress("unused")
-        fun withDiskCache(maxSize: Long = 10*1024*1024): Builder {
-            for (dir in arrayOf(context.externalCacheDir, context.cacheDir).filterNotNull()) {
-                if (dir.exists() && dir.canWrite()) {
-                    val cacheDir = File(dir, "HttpClient")
-                    cacheDir.mkdir()
-                    logger.fine("Using disk cache: $cacheDir")
-                    cache = Cache(cacheDir, maxSize)
-                    break
-                }
-            }
-            return this
-        }
-
-
-        // convenience builders from other classes
-
-        /**
-         * Takes authentication (basic/digest or OAuth and client certificate) from a given account.
-         *
-         * **Must not be run on main thread, because it creates [AccountSettings]!** Use [fromAccountAsync] if possible.
-         *
-         * @param account   the account to take authentication from
-         * @param onlyHost  if set: only authenticate for this host name
-         *
-         * @throws at.bitfire.davdroid.sync.account.InvalidAccountException     when the account doesn't exist
-         */
-        @WorkerThread
-        fun fromAccount(account: Account, onlyHost: String? = null): Builder {
-            val accountSettings = accountSettingsFactory.create(account)
-            authenticate(
-                host = onlyHost,
-                credentials = accountSettings.credentials(),
-                authStateCallback = { authState: AuthState ->
-                    accountSettings.credentials(Credentials(authState = authState))
-                }
-            )
-            return this
-        }
-
-        /**
-         * Same as [fromAccount], but can be called on any thread.
-         *
-         * @throws at.bitfire.davdroid.sync.account.InvalidAccountException     when the account doesn't exist
-         */
-        suspend fun fromAccountAsync(account: Account, onlyHost: String? = null): Builder = withContext(ioDispatcher) {
-            fromAccount(account, onlyHost)
-        }
-
-
-        // actual builder
-
-        fun build(): HttpClient {
-            val okBuilder = OkHttpClient.Builder()
-                // Set timeouts. According to [AbstractThreadedSyncAdapter], when there is no network
-                // traffic within a minute, a sync will be cancelled.
-                .connectTimeout(15, TimeUnit.SECONDS)
-                .writeTimeout(30, TimeUnit.SECONDS)
-                .readTimeout(120, TimeUnit.SECONDS)
-                .pingInterval(45, TimeUnit.SECONDS)     // avoid cancellation because of missing traffic; only works for HTTP/2
-
-                // don't allow redirects by default because it would break PROPFIND handling
-                .followRedirects(followRedirects)
-
-                // add User-Agent to every request
-                .addInterceptor(UserAgentInterceptor)
-
-                // connection-private cookie store
-                .cookieJar(cookieStore)
-
-                // allow cleartext and TLS 1.2+
-                .connectionSpecs(listOf(
-                    ConnectionSpec.CLEARTEXT,
-                    ConnectionSpec.MODERN_TLS
-                ))
-
-                // offer Brotli and gzip compression (can be disabled per request with `Accept-Encoding: identity`)
-                .addInterceptor(BrotliInterceptor)
-
-                // add cache, if requested
-                .cache(cache)
-
-            // app-wide custom proxy support
-            buildProxy(okBuilder)
-
-            // add authentication
-            buildAuthentication(okBuilder)
-
-            // add network logging, if requested
-            if (logger.isLoggable(Level.FINEST)) {
-                val loggingInterceptor = HttpLoggingInterceptor { message -> logger.finest(message) }
-                loggingInterceptor.redactHeader(HttpHeaders.AUTHORIZATION)
-                loggingInterceptor.redactHeader(HttpHeaders.COOKIE)
-                loggingInterceptor.redactHeader(HttpHeaders.SET_COOKIE)
-                loggingInterceptor.redactHeader(HttpHeaders.SET_COOKIE2)
-                loggingInterceptor.level = loggerInterceptorLevel
-                okBuilder.addNetworkInterceptor(loggingInterceptor)
-            }
-
-            return HttpClient(
-                okHttpClient = okBuilder.build(),
-                authorizationService = authorizationService
-            )
-        }
-
-        private fun buildAuthentication(okBuilder: OkHttpClient.Builder) {
-            // basic/digest auth and OAuth
-            authenticationInterceptor?.let { okBuilder.addInterceptor(it) }
-            authenticator?.let { okBuilder.authenticator(it) }
-
-            // client certificate
-            val keyManager: KeyManager? = certificateAlias?.let { alias ->
-                try {
-                    val manager = keyManagerFactory.create(alias)
-                    logger.fine("Using certificate $alias for authentication")
-
-                    // HTTP/2 doesn't support client certificates (yet)
-                    // see https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-04
-                    okBuilder.protocols(listOf(Protocol.HTTP_1_1))
-
-                    manager
-                } catch (e: IllegalArgumentException) {
-                    logger.log(Level.SEVERE, "Couldn't create KeyManager for certificate $alias", e)
-                    null
-                }
-            }
-
-            // cert4android integration
-            val certManager = CustomCertManager(
-                context = context,
-                trustSystemCerts = !settingsManager.getBoolean(Settings.DISTRUST_SYSTEM_CERTIFICATES),
-                appInForeground = if (/* davx5-ose */ true)
-                    ForegroundTracker.inForeground  // interactive mode
-                else
-                    null                            // non-interactive mode
-            )
-
-            val sslContext = SSLContext.getInstance("TLS")
-            sslContext.init(
-                /* km = */ if (keyManager != null) arrayOf(keyManager) else null,
-                /* tm = */ arrayOf(certManager),
-                /* random = */ null
-            )
-            okBuilder
-                .sslSocketFactory(sslContext.socketFactory, certManager)
-                .hostnameVerifier(certManager.HostnameVerifier(OkHostnameVerifier))
-        }
-
-        private fun buildProxy(okBuilder: OkHttpClient.Builder) {
-            try {
-                val proxyTypeValue = settingsManager.getInt(Settings.PROXY_TYPE)
-                if (proxyTypeValue != Settings.PROXY_TYPE_SYSTEM) {
-                    // we set our own proxy
-                    val address by lazy {           // lazy because not required for PROXY_TYPE_NONE
-                        InetSocketAddress(
-                            settingsManager.getString(Settings.PROXY_HOST),
-                            settingsManager.getInt(Settings.PROXY_PORT)
-                        )
-                    }
-                    val proxy =
-                        when (proxyTypeValue) {
-                            Settings.PROXY_TYPE_NONE -> Proxy.NO_PROXY
-                            Settings.PROXY_TYPE_HTTP -> Proxy(Proxy.Type.HTTP, address)
-                            Settings.PROXY_TYPE_SOCKS -> Proxy(Proxy.Type.SOCKS, address)
-                            else -> throw IllegalArgumentException("Invalid proxy type")
-                        }
-                    okBuilder.proxy(proxy)
-                    logger.log(Level.INFO, "Using proxy setting", proxy)
-                }
-            } catch (e: Exception) {
-                logger.log(Level.SEVERE, "Can't set proxy, ignoring", e)
-            }
-        }
-
-    }
-
-}

app/src/main/kotlin/at/bitfire/davdroid/network/HttpClientBuilder.kt

@@ -0,0 +1,419 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.network
+
+import android.accounts.Account
+import android.content.Context
+import androidx.annotation.WorkerThread
+import at.bitfire.cert4android.CustomCertManager
+import at.bitfire.cert4android.CustomCertStore
+import at.bitfire.dav4jvm.okhttp.BasicDigestAuthHandler
+import at.bitfire.dav4jvm.okhttp.UrlUtils
+import at.bitfire.davdroid.BuildConfig
+import at.bitfire.davdroid.di.IoDispatcher
+import at.bitfire.davdroid.settings.AccountSettings
+import at.bitfire.davdroid.settings.Credentials
+import at.bitfire.davdroid.settings.Settings
+import at.bitfire.davdroid.settings.SettingsManager
+import at.bitfire.davdroid.ui.ForegroundTracker
+import com.google.common.net.HttpHeaders
+import com.google.errorprone.annotations.MustBeClosed
+import dagger.hilt.android.qualifiers.ApplicationContext
+import io.ktor.client.HttpClient
+import io.ktor.client.engine.okhttp.OkHttp
+import io.ktor.client.plugins.contentnegotiation.ContentNegotiation
+import io.ktor.serialization.kotlinx.json.json
+import kotlinx.coroutines.CoroutineDispatcher
+import kotlinx.coroutines.withContext
+import net.openid.appauth.AuthState
+import okhttp3.Authenticator
+import okhttp3.ConnectionSpec
+import okhttp3.CookieJar
+import okhttp3.Interceptor
+import okhttp3.OkHttpClient
+import okhttp3.Protocol
+import okhttp3.brotli.BrotliInterceptor
+import okhttp3.internal.tls.OkHostnameVerifier
+import okhttp3.logging.HttpLoggingInterceptor
+import java.net.InetSocketAddress
+import java.net.Proxy
+import java.security.KeyStore
+import java.util.concurrent.TimeUnit
+import java.util.logging.Level
+import java.util.logging.Logger
+import javax.inject.Inject
+import javax.net.ssl.HostnameVerifier
+import javax.net.ssl.KeyManager
+import javax.net.ssl.SSLContext
+import javax.net.ssl.TrustManagerFactory
+import javax.net.ssl.X509TrustManager
+
+/**
+ * Builder for the HTTP client.
+ *
+ * **Attention:** If the builder is injected, it shouldn't be used from multiple locations to generate different clients because then
+ * there's only one [HttpClientBuilder] object and setting properties from one location would influence the others.
+ *
+ * To generate multiple clients, inject and use `Provider<HttpClientBuilder>` instead.
+ */
+class HttpClientBuilder @Inject constructor(
+    private val accountSettingsFactory: AccountSettings.Factory,
+    @ApplicationContext private val context: Context,
+    defaultLogger: Logger,
+    @IoDispatcher private val ioDispatcher: CoroutineDispatcher,
+    private val keyManagerFactory: ClientCertKeyManager.Factory,
+    private val oAuthInterceptorFactory: OAuthInterceptor.Factory,
+    private val settingsManager: SettingsManager
+) {
+
+    companion object {
+        init {
+            // make sure Conscrypt is available when the HttpClientBuilder class is loaded the first time
+            ConscryptIntegration().initialize()
+        }
+
+        /**
+         * According to [OkHttpClient] documentation, [OkHttpClient]s should be shared, which allows it to use a
+         * shared connection and thread pool.
+         *
+         * We need custom settings for each actual client, but we can use a shared client as a base. This also
+         * enables sharing resources like connection and thread pool.
+         *
+         * The shared client is available for the lifetime of the application and must not be shut down or
+         * closed (which is not necessary, according to its documentation).
+         */
+        val sharedOkHttpClient = OkHttpClient.Builder()
+            .connectTimeout(15, TimeUnit.SECONDS)
+            .writeTimeout(30, TimeUnit.SECONDS)
+            .readTimeout(120, TimeUnit.SECONDS)
+            .pingInterval(45, TimeUnit.SECONDS)     // avoid cancellation because of missing traffic; only works for HTTP/2
+            .build()
+    }
+
+    /**
+     * Flag to prevent multiple [build] calls
+     */
+    var alreadyBuilt = false
+
+    // property setters/getters
+
+    private var logger: Logger = defaultLogger
+    fun setLogger(logger: Logger): HttpClientBuilder {
+        this.logger = logger
+        return this
+    }
+
+    private var loggerInterceptorLevel: HttpLoggingInterceptor.Level = HttpLoggingInterceptor.Level.BODY
+
+    fun loggerInterceptorLevel(level: HttpLoggingInterceptor.Level): HttpClientBuilder {
+        loggerInterceptorLevel = level
+        return this
+    }
+
+    // default cookie store for non-persistent cookies (some services like Horde use cookies for session tracking)
+    private var cookieStore: CookieJar = MemoryCookieStore()
+
+    fun setCookieStore(cookieStore: CookieJar): HttpClientBuilder {
+        this.cookieStore = cookieStore
+        return this
+    }
+
+    private var authenticationInterceptor: Interceptor? = null
+    private var authenticator: Authenticator? = null
+    private var certificateAlias: String? = null
+
+    fun authenticate(domain: String?, getCredentials: () -> Credentials, updateAuthState: ((AuthState) -> Unit)? = null): HttpClientBuilder {
+        val credentials = getCredentials()
+        if (credentials.authState != null) {
+            // OAuth
+            authenticationInterceptor = oAuthInterceptorFactory.create(
+                readAuthState = {
+                    // We don't use the "credentials" object from above because it may contain an outdated access token
+                    // when readAuthState is called. Instead, we fetch the up-to-date auth-state.
+                    getCredentials().authState
+                },
+                writeAuthState = { authState ->
+                    updateAuthState?.invoke(authState)
+                }
+
+            )
+
+        } else if (credentials.username != null && credentials.password != null) {
+            // basic/digest auth
+            val authHandler = BasicDigestAuthHandler(
+                domain = domain,
+                username = credentials.username,
+                password = credentials.password.asCharArray(),
+                insecurePreemptive = true
+            )
+            authenticationInterceptor = authHandler
+            authenticator = authHandler
+        }
+
+        // client certificate
+        if (credentials.certificateAlias != null)
+            certificateAlias = credentials.certificateAlias
+
+        return this
+    }
+
+    private var followRedirects = false
+
+    fun followRedirects(follow: Boolean): HttpClientBuilder {
+        followRedirects = follow
+        return this
+    }
+
+
+    // convenience builders from other classes
+
+    /**
+     * Takes authentication (basic/digest or OAuth and client certificate) from a given account.
+     *
+     * **Must not be run on main thread, because it creates [AccountSettings]!** Use [fromAccountAsync] if possible.
+     *
+     * @param account       the account to take authentication from
+     * @param authDomain    (optional) Send credentials only for the hosts of the given domain. Can be:
+     *
+     * - a full host name (`caldav.example.com`): then credentials are only sent for the domain of that host name (`example.com`), or
+     * - a domain name (`example.com`): then credentials are only sent for the given domain, or
+     * - or _null_: then credentials are always sent, regardless of the resource host name.
+     *
+     * @throws at.bitfire.davdroid.sync.account.InvalidAccountException     when the account doesn't exist
+     */
+    @WorkerThread
+    fun fromAccount(account: Account, authDomain: String? = null): HttpClientBuilder {
+        val accountSettings = accountSettingsFactory.create(account)
+        authenticate(
+            domain = UrlUtils.hostToDomain(authDomain),
+            getCredentials = {
+                accountSettings.credentials()
+            },
+            updateAuthState = { authState ->
+                accountSettings.updateAuthState(authState)
+            }
+        )
+        return this
+    }
+
+    /**
+     * Same as [fromAccount], but can be called on any thread.
+     *
+     * @throws at.bitfire.davdroid.sync.account.InvalidAccountException     when the account doesn't exist
+     */
+    suspend fun fromAccountAsync(account: Account, onlyHost: String? = null): HttpClientBuilder = withContext(ioDispatcher) {
+        fromAccount(account, onlyHost)
+    }
+
+
+    // okhttp builder
+
+    /**
+     * Builds an [OkHttpClient] with the configured settings.
+     *
+     * [build] or [buildKtor] is usually called only once because multiple calls indicate this wrong usage pattern:
+     *
+     * ```
+     * val builder = HttpClientBuilder(/*injected*/)
+     * val client1 = builder.configure().build()
+     * val client2 = builder.configureOtherwise().build()
+     * ```
+     *
+     * However in this case the configuration of `client1` is still in `builder` and would be reused for `client2`,
+     * which is usually not desired.
+     *
+     * Closing/shutting down the client is not necessary.
+     */
+    fun build(): OkHttpClient {
+        if (alreadyBuilt)
+            logger.warning("build() should only be called once; use Provider<HttpClientBuilder> instead")
+
+        val builder = sharedOkHttpClient.newBuilder()
+        configureOkHttp(builder)
+
+        alreadyBuilt = true
+        return builder.build()
+    }
+
+    private fun configureOkHttp(builder: OkHttpClient.Builder) {
+        // don't allow redirects by default because it would break PROPFIND handling
+        builder.followRedirects(followRedirects)
+
+        // add User-Agent to every request
+        builder.addInterceptor(UserAgentInterceptor)
+
+        // connection-private cookie store
+        builder.cookieJar(cookieStore)
+
+        // offer Brotli and gzip compression (can be disabled per request with `Accept-Encoding: identity`)
+        builder.addInterceptor(BrotliInterceptor)
+
+        // app-wide custom proxy support
+        buildProxy(builder)
+
+        // add connection security (including client certificates) and authentication
+        buildConnectionSecurity(builder)
+        buildAuthentication(builder)
+
+        // add network logging, if requested
+        if (logger.isLoggable(Level.FINEST)) {
+            val loggingInterceptor = HttpLoggingInterceptor { message -> logger.finest(message) }
+            loggingInterceptor.redactHeader(HttpHeaders.AUTHORIZATION)
+            loggingInterceptor.redactHeader(HttpHeaders.COOKIE)
+            loggingInterceptor.redactHeader(HttpHeaders.SET_COOKIE)
+            loggingInterceptor.redactHeader(HttpHeaders.SET_COOKIE2)
+            loggingInterceptor.level = loggerInterceptorLevel
+            builder.addNetworkInterceptor(loggingInterceptor)
+        }
+    }
+
+    private fun buildAuthentication(okBuilder: OkHttpClient.Builder) {
+        // basic/digest auth and OAuth
+        authenticationInterceptor?.let { okBuilder.addInterceptor(it) }
+        authenticator?.let { okBuilder.authenticator(it) }
+    }
+
+    private fun buildConnectionSecurity(okBuilder: OkHttpClient.Builder) {
+        // allow cleartext and TLS 1.2+
+        okBuilder.connectionSpecs(listOf(
+            ConnectionSpec.CLEARTEXT,
+            ConnectionSpec.MODERN_TLS
+        ))
+
+        // client certificate
+        val clientKeyManager: KeyManager? = certificateAlias?.let { alias ->
+            try {
+                val manager = keyManagerFactory.create(alias)
+                logger.fine("Using certificate $alias for authentication")
+
+                // HTTP/2 doesn't support client certificates (yet)
+                // see https://datatracker.ietf.org/doc/draft-ietf-httpbis-secondary-server-certs/
+                okBuilder.protocols(listOf(Protocol.HTTP_1_1))
+
+                manager
+            } catch (e: IllegalArgumentException) {
+                logger.log(Level.SEVERE, "Couldn't create KeyManager for certificate $alias", e)
+                null
+            }
+        }
+
+        // select trust manager and hostname verifier depending on whether custom certificates are allowed
+        val customTrustManager: X509TrustManager?
+        val customHostnameVerifier: HostnameVerifier?
+
+        if (BuildConfig.allowCustomCerts) {
+            // use cert4android for custom certificate handling
+            customTrustManager = CustomCertManager(
+                certStore = CustomCertStore.getInstance(context),
+                trustSystemCerts = !settingsManager.getBoolean(Settings.DISTRUST_SYSTEM_CERTIFICATES),
+                appInForeground = ForegroundTracker.inForeground
+            )
+            // allow users to accept certificates with wrong host names
+            customHostnameVerifier = customTrustManager.HostnameVerifier(OkHostnameVerifier)
+
+        } else {
+            // no custom certificates, use default trust manager and hostname verifier
+            customTrustManager = null
+            customHostnameVerifier = null
+        }
+
+        // change settings only if we have at least only one custom component
+        if (clientKeyManager != null || customTrustManager != null) {
+            val trustManager = customTrustManager ?: defaultTrustManager()
+
+            // use trust manager and client key manager (if defined) for TLS connections
+            val sslContext = SSLContext.getInstance("TLS")
+            sslContext.init(
+                /* km = */ if (clientKeyManager != null) arrayOf(clientKeyManager) else null,
+                /* tm = */ arrayOf(trustManager),
+                /* random = */ null
+            )
+            okBuilder.sslSocketFactory(sslContext.socketFactory, trustManager)
+        }
+
+        // also add the custom hostname verifier (if defined)
+        if (customHostnameVerifier != null)
+            okBuilder.hostnameVerifier(customHostnameVerifier)
+    }
+
+    private fun defaultTrustManager(): X509TrustManager {
+        val factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+        factory.init(null as KeyStore?)
+        return factory.trustManagers.filterIsInstance<X509TrustManager>().first()
+    }
+
+    private fun buildProxy(okBuilder: OkHttpClient.Builder) {
+        try {
+            val proxyTypeValue = settingsManager.getInt(Settings.PROXY_TYPE)
+            if (proxyTypeValue != Settings.PROXY_TYPE_SYSTEM) {
+                // we set our own proxy
+                val address by lazy {           // lazy because not required for PROXY_TYPE_NONE
+                    InetSocketAddress(
+                        settingsManager.getString(Settings.PROXY_HOST),
+                        settingsManager.getInt(Settings.PROXY_PORT)
+                    )
+                }
+                val proxy =
+                    when (proxyTypeValue) {
+                        Settings.PROXY_TYPE_NONE -> Proxy.NO_PROXY
+                        Settings.PROXY_TYPE_HTTP -> Proxy(Proxy.Type.HTTP, address)
+                        Settings.PROXY_TYPE_SOCKS -> Proxy(Proxy.Type.SOCKS, address)
+                        else -> throw IllegalArgumentException("Invalid proxy type")
+                    }
+                okBuilder.proxy(proxy)
+                logger.log(Level.INFO, "Using proxy setting", proxy)
+            }
+        } catch (e: Exception) {
+            logger.log(Level.SEVERE, "Can't set proxy, ignoring", e)
+        }
+    }
+
+
+    // Ktor builder
+
+    /**
+     * Builds a Ktor [HttpClient] with the configured settings.
+     *
+     * [buildKtor] or [build] must be called only once because multiple calls indicate this wrong usage pattern:
+     *
+     * ```
+     * val builder = HttpClientBuilder(/*injected*/)
+     * val client1 = builder.configure().buildKtor()
+     * val client2 = builder.configureOtherwise().buildKtor()
+     * ```
+     *
+     * However in this case the configuration of `client1` is still in `builder` and would be reused for `client2`,
+     * which is usually not desired.
+     *
+     * @return the new HttpClient (with [OkHttp] engine) which **must be closed by the caller**
+     */
+    @MustBeClosed
+    fun buildKtor(): HttpClient {
+        if (alreadyBuilt)
+            logger.warning("buildKtor() should only be called once; use Provider<HttpClientBuilder> instead")
+
+        val client = HttpClient(OkHttp) {
+            // Ktor-level configuration here
+
+            // automatically convert JSON from/into data classes (if requested in respective code)
+            install(ContentNegotiation) {
+                json()
+            }
+
+            engine {
+                // okhttp engine configuration here
+
+                config {
+                    // OkHttpClient.Builder configuration here
+                    configureOkHttp(this)
+                }
+            }
+        }
+
+        alreadyBuilt = true
+        return client
+    }
+
+}

app/src/main/kotlin/at/bitfire/davdroid/network/NextcloudLoginFlow.kt

@@ -4,26 +4,28 @@
 
 package at.bitfire.davdroid.network
 
-import at.bitfire.dav4jvm.exception.DavException
-import at.bitfire.dav4jvm.exception.HttpException
-import at.bitfire.davdroid.db.Credentials
+import androidx.annotation.VisibleForTesting
+import at.bitfire.dav4jvm.ktor.exception.HttpException
+import at.bitfire.davdroid.settings.Credentials
 import at.bitfire.davdroid.ui.setup.LoginInfo
+import at.bitfire.davdroid.util.SensitiveString.Companion.toSensitiveString
 import at.bitfire.davdroid.util.withTrailingSlash
 import at.bitfire.vcard4android.GroupMethod
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.runInterruptible
-import kotlinx.coroutines.withContext
-import okhttp3.HttpUrl
-import okhttp3.HttpUrl.Companion.toHttpUrl
-import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
-import okhttp3.MediaType.Companion.toMediaType
-import okhttp3.Request
-import okhttp3.RequestBody
-import okhttp3.RequestBody.Companion.toRequestBody
-import org.json.JSONObject
-import java.net.HttpURLConnection
+import io.ktor.client.HttpClient
+import io.ktor.client.call.body
+import io.ktor.client.request.post
+import io.ktor.client.request.setBody
+import io.ktor.http.ContentType
+import io.ktor.http.URLBuilder
+import io.ktor.http.Url
+import io.ktor.http.appendPathSegments
+import io.ktor.http.contentType
+import io.ktor.http.isSuccess
+import io.ktor.http.path
+import kotlinx.serialization.Serializable
 import java.net.URI
 import javax.inject.Inject
+import javax.inject.Provider
 
 /**
  * Implements Nextcloud Login Flow v2.
@@ -31,8 +33,133 @@ import javax.inject.Inject
  * See https://docs.nextcloud.com/server/latest/developer_manual/client_apis/LoginFlow/index.html#login-flow-v2
  */
 class NextcloudLoginFlow @Inject constructor(
-    httpClientBuilder: HttpClient.Builder
-): AutoCloseable {
+    private val httpClientBuilder: Provider<HttpClientBuilder>
+) {
+
+    // Login flow state
+    var pollUrl: Url? = null
+    var token: String? = null
+
+    /**
+     * Starts Nextcloud Login Flow v2.
+     *
+     * @param baseUrl   Nextcloud login flow or base URL
+     *
+     * @return URL that should be opened in the browser (login screen)
+     *
+     * @throws HttpException on non-successful HTTP status
+     */
+    suspend fun start(baseUrl: Url): Url {
+        // reset fields in case something goes wrong
+        pollUrl = null
+        token = null
+
+        // POST to login flow URL in order to receive endpoint data
+        createClient().use { client ->
+            val result = client.post(loginFlowUrl(baseUrl))
+            if (!result.status.isSuccess())
+                throw HttpException.fromResponse(result)
+
+            // save endpoint data for polling
+            val endpointData: EndpointData = result.body()
+            pollUrl = Url(endpointData.poll.endpoint)
+            token = endpointData.poll.token
+
+            return Url(endpointData.login)
+        }
+    }
+
+    @VisibleForTesting
+    internal fun loginFlowUrl(baseUrl: Url): Url {
+        return when {
+            // already a Login Flow v2 URL
+            baseUrl.encodedPath.endsWith(FLOW_V2_PATH) ->
+                baseUrl
+
+            // Login Flow v1 URL, rewrite to v2
+            baseUrl.encodedPath.endsWith(FLOW_V1_PATH) -> {
+                // drop "[index.php/login]/flow" from the end and append "/v2"
+                val v2Segments = baseUrl.segments.dropLast(1) + "v2"
+                val builder = URLBuilder(baseUrl)
+                builder.path(*v2Segments.toTypedArray())
+                builder.build()
+            }
+
+            // other URL, make it a Login Flow v2 URL
+            else ->
+                URLBuilder(baseUrl)
+                    .appendPathSegments(FLOW_V2_PATH.split('/'))
+                    .build()
+        }
+    }
+
+    /**
+     * Retrieves login info from the polling endpoint using [pollUrl]/[token].
+     *
+     * @throws HttpException on non-successful HTTP status
+     */
+    suspend fun fetchLoginInfo(): LoginInfo {
+        val pollUrl = pollUrl ?: throw IllegalArgumentException("Missing pollUrl")
+        val token = token ?: throw IllegalArgumentException("Missing token")
+
+        // send HTTP request to request server, login name and app password
+        createClient().use { client ->
+            val result = client.post(pollUrl) {
+                contentType(ContentType.Application.FormUrlEncoded)
+                setBody("token=$token")
+            }
+            if (!result.status.isSuccess())
+                throw HttpException.fromResponse(result)
+
+            // make sure server URL ends with a slash so that DAV_PATH can be appended
+            val loginData: LoginData = result.body()
+            val serverUrl = loginData.server.withTrailingSlash()
+
+            return LoginInfo(
+                baseUri = URI(serverUrl).resolve(DAV_PATH),
+                credentials = Credentials(
+                    username = loginData.loginName,
+                    password = loginData.appPassword.toSensitiveString()
+                ),
+                suggestedGroupMethod = GroupMethod.CATEGORIES
+            )
+        }
+    }
+
+    /**
+     * Creates a Ktor HTTP client that follows redirects.
+     */
+    private fun createClient(): HttpClient =
+        httpClientBuilder.get()
+            .followRedirects(true)
+            .buildKtor()
+
+
+    /**
+     * Represents the JSON response that is returned on the first call to `/login/v2`.
+     */
+    @Serializable
+    private data class EndpointData(
+        val poll: Poll,
+        val login: String
+    ) {
+        @Serializable
+        data class Poll(
+            val token: String,
+            val endpoint: String
+        )
+    }
+
+    /**
+     * Represents the JSON response that is returned by the polling endpoint.
+     */
+    @Serializable
+    private data class LoginData(
+        val server: String,
+        val loginName: String,
+        val appPassword: String
+    )
+
 
     companion object {
         const val FLOW_V1_PATH = "index.php/login/flow"
@@ -42,99 +169,4 @@ class NextcloudLoginFlow @Inject constructor(
         const val DAV_PATH = "remote.php/dav"
     }
 
-    val httpClient = httpClientBuilder
-        .build()
-
-    override fun close() {
-        httpClient.close()
-    }
-
-
-    // Login flow state
-    var loginUrl: HttpUrl? = null
-    var pollUrl: HttpUrl? = null
-    var token: String? = null
-
-
-    suspend fun initiate(baseUrl: HttpUrl): HttpUrl? {
-        loginUrl = null
-        pollUrl = null
-        token = null
-
-        val json = postForJson(initiateUrl(baseUrl), "".toRequestBody())
-
-        loginUrl = json.getString("login").toHttpUrlOrNull()
-        json.getJSONObject("poll").let { poll ->
-            pollUrl = poll.getString("endpoint").toHttpUrl()
-            token = poll.getString("token")
-        }
-
-        return loginUrl
-    }
-
-    fun initiateUrl(baseUrl: HttpUrl): HttpUrl {
-        val path = baseUrl.encodedPath
-
-        if (path.endsWith(FLOW_V2_PATH))
-            // already a Login Flow v2 URL
-            return baseUrl
-
-        if (path.endsWith(FLOW_V1_PATH))
-            // Login Flow v1 URL, rewrite to v2
-            return baseUrl.newBuilder()
-                .encodedPath(path.replace(FLOW_V1_PATH, FLOW_V2_PATH))
-                .build()
-
-        // other URL, make it a Login Flow v2 URL
-        return baseUrl.newBuilder()
-            .addPathSegments(FLOW_V2_PATH)
-            .build()
-    }
-
-
-    suspend fun fetchLoginInfo(): LoginInfo {
-        val pollUrl = pollUrl ?: throw IllegalArgumentException("Missing pollUrl")
-        val token = token ?: throw IllegalArgumentException("Missing token")
-
-        // send HTTP request to request server, login name and app password
-        val json = postForJson(pollUrl, "token=$token".toRequestBody("application/x-www-form-urlencoded".toMediaType()))
-
-        // make sure server URL ends with a slash so that DAV_PATH can be appended
-        val serverUrl = json.getString("server").withTrailingSlash()
-
-        return LoginInfo(
-            baseUri = URI(serverUrl).resolve(DAV_PATH),
-            credentials = Credentials(
-                username = json.getString("loginName"),
-                password = json.getString("appPassword").toCharArray()
-            ),
-            suggestedGroupMethod = GroupMethod.CATEGORIES
-        )
-    }
-
-
-    private suspend fun postForJson(url: HttpUrl, requestBody: RequestBody): JSONObject = withContext(Dispatchers.IO) {
-        val postRq = Request.Builder()
-            .url(url)
-            .post(requestBody)
-            .build()
-        val response = runInterruptible {
-            httpClient.okHttpClient.newCall(postRq).execute()
-        }
-
-        if (response.code != HttpURLConnection.HTTP_OK)
-            throw HttpException(response)
-
-        response.body?.use { body ->
-            val mimeType = body.contentType() ?: throw DavException("Login Flow response without MIME type")
-            if (mimeType.type != "application" || mimeType.subtype != "json")
-                throw DavException("Invalid Login Flow response (not JSON)")
-
-            // decode JSON
-            return@withContext JSONObject(body.string())
-        }
-
-        throw DavException("Invalid Login Flow response (no body)")
-    }
-
 }

app/src/main/kotlin/at/bitfire/davdroid/network/OAuthIntegration.kt

@@ -9,19 +9,14 @@ import android.content.Intent
 import androidx.activity.result.contract.ActivityResultContract
 import androidx.core.net.toUri
 import at.bitfire.davdroid.BuildConfig
-import at.bitfire.davdroid.db.Credentials
 import at.bitfire.davdroid.network.OAuthIntegration.redirectUri
 import kotlinx.coroutines.CompletableDeferred
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.withContext
 import net.openid.appauth.AuthState
 import net.openid.appauth.AuthorizationException
 import net.openid.appauth.AuthorizationRequest
 import net.openid.appauth.AuthorizationResponse
 import net.openid.appauth.AuthorizationService
-import net.openid.appauth.AuthorizationServiceConfiguration
 import net.openid.appauth.TokenResponse
-import java.util.Locale
 
 /**
  * Integration with OpenID AppAuth (Android)
@@ -38,42 +33,20 @@ object OAuthIntegration {
      * @param authService   authorization service
      * @param authResponse  response from the server (coming over the Intent from the browser / [AuthorizationContract])
      */
-    suspend fun authenticate(authService: AuthorizationService, authResponse: AuthorizationResponse): Credentials {
+    suspend fun authenticate(authService: AuthorizationService, authResponse: AuthorizationResponse): AuthState {
         val authState = AuthState(authResponse, null)       // authorization code must not be stored; exchange it to refresh token
-        val credentials = CompletableDeferred<Credentials>()
+        val authStateFuture = CompletableDeferred<AuthState>()
 
-        withContext(Dispatchers.IO) {
-            authService.performTokenRequest(authResponse.createTokenExchangeRequest()) { tokenResponse: TokenResponse?, refreshTokenException: AuthorizationException? ->
-                if (tokenResponse != null) {
-                    // success, save authState (= refresh token)
-                    authState.update(tokenResponse, refreshTokenException)
-                    credentials.complete(Credentials(authState = authState))
-                } else if (refreshTokenException != null)
-                    credentials.completeExceptionally(refreshTokenException)
-            }
+        authService.performTokenRequest(authResponse.createTokenExchangeRequest()) { tokenResponse: TokenResponse?, refreshTokenException: AuthorizationException? ->
+            if (tokenResponse != null) {
+                // success, save authState (= refresh token)
+                authState.update(tokenResponse, refreshTokenException)
+                authStateFuture.complete(authState)
+            } else if (refreshTokenException != null)
+                authStateFuture.completeExceptionally(refreshTokenException)
         }
 
-        return credentials.await()
-    }
-
-    /**
-     * Creates a new authorization request from a known configuration. Typically used to re-authorize
-     * from a given configuration.
-     *
-     * @param authConfig    current authorization config that shall be replaced
-     * @return authorization request, or `null` if the current config doesn't contain a known provider
-     */
-    fun newAuthorizeRequest(authConfig: AuthorizationServiceConfiguration): AuthorizationRequest? {
-        val authHost = authConfig.authorizationEndpoint.host.toString()
-        val locale = Locale.getDefault().toLanguageTag()
-
-        // If more OAuth providers become added, this should be rewritten so that all providers
-        // are checked automatically.
-        return when {
-            authHost.contains("fastmail.com") -> OAuthFastmail.signIn(null, locale)
-            authHost.contains("google.com") -> OAuthGoogle.signIn(null, null, locale)
-            else -> return null
-        }
+        return authStateFuture.await()
     }
 
 

app/src/main/kotlin/at/bitfire/davdroid/network/OAuthInterceptor.kt

@@ -0,0 +1,106 @@
+/*
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ */
+
+package at.bitfire.davdroid.network
+
+import at.bitfire.davdroid.BuildConfig
+import dagger.assisted.Assisted
+import dagger.assisted.AssistedFactory
+import dagger.assisted.AssistedInject
+import net.openid.appauth.AuthState
+import net.openid.appauth.AuthorizationException
+import net.openid.appauth.AuthorizationService
+import okhttp3.Interceptor
+import okhttp3.Response
+import java.util.concurrent.CompletableFuture
+import java.util.concurrent.CompletionException
+import java.util.logging.Level
+import java.util.logging.Logger
+import javax.inject.Provider
+
+/**
+ * Sends an OAuth Bearer token authorization as described in RFC 6750.
+ *
+ * @param readAuthState     callback that fetches an up-to-date authorization state
+ * @param writeAuthState    callback that persists a new authorization state
+ */
+class OAuthInterceptor @AssistedInject constructor(
+    @Assisted private val readAuthState: () -> AuthState?,
+    @Assisted private val writeAuthState: (AuthState) -> Unit,
+    private val authServiceProvider: Provider<AuthorizationService>,
+    private val logger: Logger
+): Interceptor {
+
+    @AssistedFactory
+    interface Factory {
+        fun create(readAuthState: () -> AuthState?, writeAuthState: (AuthState) -> Unit): OAuthInterceptor
+    }
+
+
+    override fun intercept(chain: Interceptor.Chain): Response {
+        val rq = chain.request().newBuilder()
+
+        /** Syntax for the "Authorization" header [RFC 6750 2.1]:
+         *
+         *      b64token    = 1*( ALPHA / DIGIT /
+         *                        "-" / "." / "_" / "~" / "+" / "/" ) *"="
+         *      credentials = "Bearer" 1*SP b64token
+         */
+
+        val accessToken = provideAccessToken()
+        if (accessToken != null)
+            rq.header("Authorization", "Bearer $accessToken")
+        else
+            logger.severe("No access token available, won't authenticate")
+
+        return chain.proceed(rq.build())
+    }
+
+    /**
+     * Provides a fresh access token for authorization. Uses the current one if it's still valid,
+     * or requests a new one if necessary.
+     *
+     * This method is synchronized / thread-safe so that it can be called for multiple HTTP requests at the same time.
+     *
+     * @return access token or `null` if no valid access token is available (usually because of an error during refresh)
+     */
+    fun provideAccessToken(): String? = synchronized(javaClass) {
+        // if possible, use cached access token
+        val authState = readAuthState() ?: return null
+
+        if (authState.isAuthorized && authState.accessToken != null && !authState.needsTokenRefresh) {
+            if (BuildConfig.DEBUG)      // log sensitive information (refresh/access token) only in debug builds
+                logger.log(Level.FINEST, "Using cached AuthState", authState.jsonSerializeString())
+            return authState.accessToken
+        }
+
+        // request fresh access token
+        logger.fine("Requesting fresh access token")
+        val accessTokenFuture = CompletableFuture<String>()
+        val authService = authServiceProvider.get()
+        try {
+            authState.performActionWithFreshTokens(authService) { accessToken: String?, _: String?, ex: AuthorizationException? ->
+                // appauth internally fetches the new token over HttpURLConnection in an AsyncTask
+                if (BuildConfig.DEBUG)
+                    logger.log(Level.FINEST, "Got new AuthState", authState.jsonSerializeString())
+
+                // persist updated AuthState
+                writeAuthState(authState)
+
+                if (ex != null)
+                    accessTokenFuture.completeExceptionally(ex)
+                else if (accessToken != null)
+                    accessTokenFuture.complete(accessToken)
+            }
+
+            accessTokenFuture.join()
+        } catch (e: CompletionException) {
+            logger.log(Level.SEVERE, "Couldn't obtain access token", e.cause)
+            null
+        } finally {
+            authService.dispose()
+        }
+    }
+
+}

app/src/main/kotlin/at/bitfire/davdroid/network/OAuthModule.kt

@@ -19,6 +19,12 @@ import java.net.URL
 @InstallIn(SingletonComponent::class)
 object OAuthModule {
 
+    /**
+     * Make sure to call [AuthorizationService.dispose] when obtaining an instance.
+     *
+     * Creating an instance is expensive (involves CustomTabsManager), so don't create an
+     * instance if not necessary (use Provider/Lazy).
+     */
     @Provides
     fun authorizationService(@ApplicationContext context: Context): AuthorizationService =
         AuthorizationService(context,

app/src/main/kotlin/at/bitfire/davdroid/push/PushMessageHandler.kt

@@ -7,6 +7,7 @@ package at.bitfire.davdroid.push
 import androidx.annotation.VisibleForTesting
 import at.bitfire.dav4jvm.XmlReader
 import at.bitfire.dav4jvm.XmlUtils
+import at.bitfire.dav4jvm.property.push.WebDAVPush
 import at.bitfire.davdroid.db.Collection.Companion.TYPE_ADDRESSBOOK
 import at.bitfire.davdroid.repository.AccountRepository
 import at.bitfire.davdroid.repository.DavCollectionRepository
@@ -105,7 +106,7 @@ class PushMessageHandler @Inject constructor(
         try {
             parser.setInput(StringReader(message))
 
-            XmlReader(parser).processTag(DavPushMessage.NAME) {
+            XmlReader(parser).processTag(WebDAVPush.PushMessage) {
                 val pushMessage = DavPushMessage.Factory.create(parser)
                 topic = pushMessage.topic?.topic
             }

app/src/main/kotlin/at/bitfire/davdroid/push/PushRegistrationManager.kt

@@ -11,22 +11,17 @@ import androidx.work.ExistingPeriodicWorkPolicy
 import androidx.work.NetworkType
 import androidx.work.PeriodicWorkRequest
 import androidx.work.WorkManager
-import at.bitfire.dav4jvm.DavCollection
-import at.bitfire.dav4jvm.DavResource
 import at.bitfire.dav4jvm.HttpUtils
 import at.bitfire.dav4jvm.XmlUtils
 import at.bitfire.dav4jvm.XmlUtils.insertTag
-import at.bitfire.dav4jvm.exception.DavException
-import at.bitfire.dav4jvm.property.push.AuthSecret
-import at.bitfire.dav4jvm.property.push.PushRegister
-import at.bitfire.dav4jvm.property.push.PushResource
-import at.bitfire.dav4jvm.property.push.Subscription
-import at.bitfire.dav4jvm.property.push.SubscriptionPublicKey
-import at.bitfire.dav4jvm.property.push.WebPushSubscription
+import at.bitfire.dav4jvm.okhttp.DavCollection
+import at.bitfire.dav4jvm.okhttp.DavResource
+import at.bitfire.dav4jvm.okhttp.exception.DavException
+import at.bitfire.dav4jvm.property.push.WebDAVPush
 import at.bitfire.davdroid.db.Collection
 import at.bitfire.davdroid.db.Service
 import at.bitfire.davdroid.di.IoDispatcher
-import at.bitfire.davdroid.network.HttpClient
+import at.bitfire.davdroid.network.HttpClientBuilder
 import at.bitfire.davdroid.push.PushRegistrationManager.Companion.mutex
 import at.bitfire.davdroid.repository.AccountRepository
 import at.bitfire.davdroid.repository.DavCollectionRepository
@@ -41,6 +36,7 @@ import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import okhttp3.HttpUrl
 import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
+import okhttp3.OkHttpClient
 import okhttp3.RequestBody.Companion.toRequestBody
 import org.unifiedpush.android.connector.UnifiedPush
 import org.unifiedpush.android.connector.data.PushEndpoint
@@ -65,7 +61,7 @@ class PushRegistrationManager @Inject constructor(
     private val accountRepository: Lazy<AccountRepository>,
     private val collectionRepository: DavCollectionRepository,
     @ApplicationContext private val context: Context,
-    private val httpClientBuilder: Provider<HttpClient.Builder>,
+    private val httpClientBuilder: Provider<HttpClientBuilder>,
     @IoDispatcher private val ioDispatcher: CoroutineDispatcher,
     private val logger: Logger,
     private val serviceRepository: DavServiceRepository
@@ -180,25 +176,23 @@ class PushRegistrationManager @Inject constructor(
             return
 
         val account = accountRepository.get().fromName(service.accountName)
-        httpClientBuilder.get()
+        val httpClient = httpClientBuilder.get()
             .fromAccountAsync(account)
             .build()
-            .use { httpClient ->
-                for (collection in subscribeTo)
-                    try {
-                        val expires = collection.pushSubscriptionExpires
-                        // calculate next run time, but use the duplicate interval for safety (times are not exact)
-                        val nextRun = Instant.now() + Duration.ofDays(2 * WORKER_INTERVAL_DAYS)
-                        if (expires != null && expires >= nextRun.epochSecond)
-                            logger.fine("Push subscription for ${collection.url} is still valid until ${collection.pushSubscriptionExpires}")
-                        else {
-                            // no existing subscription or expiring soon
-                            logger.fine("Registering push subscription for ${collection.url}")
-                            subscribe(httpClient, collection, endpoint)
-                        }
-                    } catch (e: Exception) {
-                        logger.log(Level.WARNING, "Couldn't register subscription at CalDAV/CardDAV server", e)
-                    }
+        for (collection in subscribeTo)
+            try {
+                val expires = collection.pushSubscriptionExpires
+                // calculate next run time, but use the duplicate interval for safety (times are not exact)
+                val nextRun = Instant.now() + Duration.ofDays(2 * WORKER_INTERVAL_DAYS)
+                if (expires != null && expires >= nextRun.epochSecond)
+                    logger.fine("Push subscription for ${collection.url} is still valid until ${collection.pushSubscriptionExpires}")
+                else {
+                    // no existing subscription or expiring soon
+                    logger.fine("Registering push subscription for ${collection.url}")
+                    subscribe(httpClient, collection, endpoint)
+                }
+            } catch (e: Exception) {
+                logger.log(Level.WARNING, "Couldn't register subscription at CalDAV/CardDAV server", e)
             }
     }
 
@@ -230,7 +224,7 @@ class PushRegistrationManager @Inject constructor(
      * @param collection    collection to subscribe to
      * @param endpoint      subscription to register
      */
-    private suspend fun subscribe(httpClient: HttpClient, collection: Collection, endpoint: PushEndpoint) {
+    private suspend fun subscribe(httpClient: OkHttpClient, collection: Collection, endpoint: PushEndpoint) {
         // requested expiration time: 3 days
         val requestedExpiration = Instant.now() + Duration.ofDays(3)
 
@@ -238,26 +232,26 @@ class PushRegistrationManager @Inject constructor(
         val writer = StringWriter()
         serializer.setOutput(writer)
         serializer.startDocument("UTF-8", true)
-        serializer.insertTag(PushRegister.NAME) {
-            serializer.insertTag(Subscription.NAME) {
+        serializer.insertTag(WebDAVPush.PushRegister) {
+            serializer.insertTag(WebDAVPush.Subscription) {
                 // subscription URL
-                serializer.insertTag(WebPushSubscription.NAME) {
-                    serializer.insertTag(PushResource.NAME) {
+                serializer.insertTag(WebDAVPush.WebPushSubscription) {
+                    serializer.insertTag(WebDAVPush.PushResource) {
                         text(endpoint.url)
                     }
                     endpoint.pubKeySet?.let { pubKeySet ->
-                        serializer.insertTag(SubscriptionPublicKey.NAME) {
+                        serializer.insertTag(WebDAVPush.SubscriptionPublicKey) {
                             attribute(null, "type", "p256dh")
                             text(pubKeySet.pubKey)
                         }
-                        serializer.insertTag(AuthSecret.NAME) {
+                        serializer.insertTag(WebDAVPush.AuthSecret) {
                             text(pubKeySet.auth)
                         }
                     }
                 }
             }
             // requested expiration
-            serializer.insertTag(PushRegister.EXPIRES) {
+            serializer.insertTag(WebDAVPush.Expires) {
                 text(HttpUtils.formatDate(requestedExpiration))
             }
         }
@@ -265,7 +259,7 @@ class PushRegistrationManager @Inject constructor(
 
         runInterruptible(ioDispatcher) {
             val xml = writer.toString().toRequestBody(DavResource.MIME_XML)
-            DavCollection(httpClient.okHttpClient, collection.url).post(xml) { response ->
+            DavCollection(httpClient, collection.url).post(xml) { response ->
                 if (response.isSuccessful) {
                     // update subscription URL and expiration in DB
                     val subscriptionUrl = response.header("Location")
@@ -294,22 +288,20 @@ class PushRegistrationManager @Inject constructor(
             return
 
         val account = accountRepository.get().fromName(service.accountName)
-        httpClientBuilder.get()
+        val httpClient = httpClientBuilder.get()
             .fromAccountAsync(account)
             .build()
-            .use { httpClient ->
-                for (collection in from)
-                    collection.pushSubscription?.toHttpUrlOrNull()?.let { url ->
-                        logger.info("Unsubscribing Push from ${collection.url}")
-                        unsubscribe(httpClient, collection, url)
-                    }
+        for (collection in from)
+            collection.pushSubscription?.toHttpUrlOrNull()?.let { url ->
+                logger.info("Unsubscribing Push from ${collection.url}")
+                unsubscribe(httpClient, collection, url)
             }
     }
 
-    private suspend fun unsubscribe(httpClient: HttpClient, collection: Collection, url: HttpUrl) {
+    private suspend fun unsubscribe(httpClient: OkHttpClient, collection: Collection, url: HttpUrl) {
         try {
             runInterruptible(ioDispatcher) {
-                DavResource(httpClient.okHttpClient, url).delete {
+                DavResource(httpClient, url).delete {
                     // deleted
                 }
             }

app/src/main/kotlin/at/bitfire/davdroid/repository/AccountRepository.kt

@@ -8,16 +8,18 @@ import android.accounts.Account
 import android.accounts.AccountManager
 import android.accounts.OnAccountsUpdateListener
 import android.content.Context
+import androidx.annotation.WorkerThread
 import at.bitfire.davdroid.R
-import at.bitfire.davdroid.db.Credentials
 import at.bitfire.davdroid.db.HomeSet
 import at.bitfire.davdroid.db.Service
 import at.bitfire.davdroid.db.ServiceType
+import at.bitfire.davdroid.di.DefaultDispatcher
 import at.bitfire.davdroid.resource.LocalAddressBookStore
 import at.bitfire.davdroid.resource.LocalCalendarStore
 import at.bitfire.davdroid.servicedetection.DavResourceFinder
 import at.bitfire.davdroid.servicedetection.RefreshCollectionsWorker
 import at.bitfire.davdroid.settings.AccountSettings
+import at.bitfire.davdroid.settings.Credentials
 import at.bitfire.davdroid.sync.AutomaticSyncManager
 import at.bitfire.davdroid.sync.SyncDataType
 import at.bitfire.davdroid.sync.TasksAppManager
@@ -28,7 +30,7 @@ import at.bitfire.davdroid.sync.worker.SyncWorkerManager
 import at.bitfire.vcard4android.GroupMethod
 import dagger.Lazy
 import dagger.hilt.android.qualifiers.ApplicationContext
-import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.CoroutineDispatcher
 import kotlinx.coroutines.channels.awaitClose
 import kotlinx.coroutines.flow.callbackFlow
 import kotlinx.coroutines.withContext
@@ -47,6 +49,7 @@ class AccountRepository @Inject constructor(
     private val automaticSyncManager: Lazy<AutomaticSyncManager>,
     @ApplicationContext private val context: Context,
     private val collectionRepository: DavCollectionRepository,
+    @DefaultDispatcher private val defaultDispatcher: CoroutineDispatcher,
     private val homeSetRepository: DavHomeSetRepository,
     private val localCalendarStore: Lazy<LocalCalendarStore>,
     private val localAddressBookStore: Lazy<LocalAddressBookStore>,
@@ -70,6 +73,7 @@ class AccountRepository @Inject constructor(
      *
      * @return account if account creation was successful; null otherwise (for instance because an account with this name already exists)
      */
+    @WorkerThread
     fun createBlocking(accountName: String, credentials: Credentials?, config: DavResourceFinder.Configuration, groupMethod: GroupMethod): Account? {
         val account = fromName(accountName)
 
@@ -153,7 +157,7 @@ class AccountRepository @Inject constructor(
         val listener = OnAccountsUpdateListener { accounts ->
             trySend(accounts.filter { it.type == accountType }.toSet())
         }
-        withContext(Dispatchers.Default) {  // causes disk I/O
+        withContext(defaultDispatcher) {  // causes disk I/O
             accountManager.addOnAccountsUpdatedListener(listener, null, true)
         }
 
@@ -165,7 +169,7 @@ class AccountRepository @Inject constructor(
     /**
      * Renames an account.
      *
-     * **Not**: It is highly advised to re-sync the account after renaming in order to restore
+     * **Note**: It is highly advised to re-sync the account after renaming in order to restore
      * a consistent state.
      *
      * @param oldName current name of the account
@@ -175,7 +179,7 @@ class AccountRepository @Inject constructor(
      * @throws IllegalArgumentException if the new account name already exists
      * @throws Exception (or sub-classes) on other errors
      */
-    suspend fun rename(oldName: String, newName: String) {
+    suspend fun rename(oldName: String, newName: String): Unit = withContext(defaultDispatcher) {
         val oldAccount = fromName(oldName)
         val newAccount = fromName(newName)
 
@@ -197,13 +201,10 @@ class AccountRepository @Inject constructor(
             // rename account (also moves AccountSettings)
             val future = accountManager.renameAccount(oldAccount, newName, null, null)
 
-            // wait for operation to complete
-            withContext(Dispatchers.Default) {
-                // blocks calling thread
-                val newNameFromApi: Account = future.result
-                if (newNameFromApi.name != newName)
-                    throw IllegalStateException("renameAccount returned ${newNameFromApi.name} instead of $newName")
-            }
+            // wait for operation to complete (blocks calling thread)
+            val newNameFromApi: Account = future.result
+            if (newNameFromApi.name != newName)
+                throw IllegalStateException("renameAccount returned ${newNameFromApi.name} instead of $newName")
 
             // account renamed, cancel maybe running synchronization of old account
             syncWorkerManager.get().cancelAllWork(oldAccount)
@@ -217,22 +218,27 @@ class AccountRepository @Inject constructor(
 
             try {
                 // update address books
-                localAddressBookStore.get().updateAccount(oldAccount, newAccount)
+                localAddressBookStore.get().updateAccount(oldAccount, newAccount, null)
             } catch (e: Exception) {
                 logger.log(Level.WARNING, "Couldn't change address books to renamed account", e)
             }
 
             try {
                 // update calendar events
-                localCalendarStore.get().updateAccount(oldAccount, newAccount)
+                val store = localCalendarStore.get()
+                store.acquireContentProvider(true)?.use { client ->
+                    store.updateAccount(oldAccount, newAccount, client)
+                }
             } catch (e: Exception) {
                 logger.log(Level.WARNING, "Couldn't change calendars to renamed account", e)
             }
 
             try {
                 // update account_name of local tasks
-                val dataStore = tasksAppManager.get().getDataStore()
-                dataStore?.updateAccount(oldAccount, newAccount)
+                val store = tasksAppManager.get().getDataStore()
+                store?.acquireContentProvider(true)?.use { client ->
+                    store.updateAccount(oldAccount, newAccount, client)
+                }
             } catch (e: Exception) {
                 logger.log(Level.WARNING, "Couldn't change task lists to renamed account", e)
             }

app/src/main/kotlin/at/bitfire/davdroid/repository/DavCollectionRepository.kt

@@ -6,34 +6,25 @@ package at.bitfire.davdroid.repository
 
 import android.accounts.Account
 import android.content.Context
-import at.bitfire.dav4jvm.DavResource
 import at.bitfire.dav4jvm.XmlUtils
 import at.bitfire.dav4jvm.XmlUtils.insertTag
-import at.bitfire.dav4jvm.exception.GoneException
-import at.bitfire.dav4jvm.exception.HttpException
-import at.bitfire.dav4jvm.exception.NotFoundException
-import at.bitfire.dav4jvm.property.caldav.CalendarColor
-import at.bitfire.dav4jvm.property.caldav.CalendarDescription
-import at.bitfire.dav4jvm.property.caldav.CalendarTimezone
-import at.bitfire.dav4jvm.property.caldav.CalendarTimezoneId
-import at.bitfire.dav4jvm.property.caldav.NS_CALDAV
-import at.bitfire.dav4jvm.property.caldav.SupportedCalendarComponentSet
-import at.bitfire.dav4jvm.property.carddav.AddressbookDescription
-import at.bitfire.dav4jvm.property.carddav.NS_CARDDAV
-import at.bitfire.dav4jvm.property.webdav.DisplayName
-import at.bitfire.dav4jvm.property.webdav.NS_WEBDAV
-import at.bitfire.dav4jvm.property.webdav.ResourceType
+import at.bitfire.dav4jvm.okhttp.DavResource
+import at.bitfire.dav4jvm.okhttp.exception.GoneException
+import at.bitfire.dav4jvm.okhttp.exception.HttpException
+import at.bitfire.dav4jvm.okhttp.exception.NotFoundException
+import at.bitfire.dav4jvm.property.caldav.CalDAV
+import at.bitfire.dav4jvm.property.carddav.CardDAV
+import at.bitfire.dav4jvm.property.webdav.WebDAV
+import at.bitfire.davdroid.Constants
 import at.bitfire.davdroid.R
 import at.bitfire.davdroid.db.AppDatabase
 import at.bitfire.davdroid.db.Collection
 import at.bitfire.davdroid.db.CollectionType
 import at.bitfire.davdroid.db.HomeSet
 import at.bitfire.davdroid.di.IoDispatcher
-import at.bitfire.davdroid.network.HttpClient
+import at.bitfire.davdroid.network.HttpClientBuilder
 import at.bitfire.davdroid.servicedetection.RefreshCollectionsWorker
 import at.bitfire.davdroid.util.DavUtils
-import at.bitfire.ical4android.ICalendar
-import at.bitfire.ical4android.util.DateUtils
 import dagger.hilt.android.qualifiers.ApplicationContext
 import kotlinx.coroutines.CoroutineDispatcher
 import kotlinx.coroutines.runInterruptible
@@ -42,7 +33,9 @@ import net.fortuna.ical4j.model.Component
 import net.fortuna.ical4j.model.ComponentList
 import net.fortuna.ical4j.model.Property
 import net.fortuna.ical4j.model.PropertyList
+import net.fortuna.ical4j.model.TimeZoneRegistryFactory
 import net.fortuna.ical4j.model.component.VTimeZone
+import net.fortuna.ical4j.model.property.ProdId
 import net.fortuna.ical4j.model.property.Version
 import okhttp3.HttpUrl
 import java.io.StringWriter
@@ -58,7 +51,7 @@ class DavCollectionRepository @Inject constructor(
     @ApplicationContext private val context: Context,
     private val db: AppDatabase,
     private val logger: Logger,
-    private val httpClientBuilder: Provider<HttpClient.Builder>,
+    private val httpClientBuilder: Provider<HttpClientBuilder>,
     @IoDispatcher private val ioDispatcher: CoroutineDispatcher,
     private val serviceRepository: DavServiceRepository
 ) {
@@ -172,21 +165,20 @@ class DavCollectionRepository @Inject constructor(
         val service = serviceRepository.getBlocking(collection.serviceId) ?: throw IllegalArgumentException("Service not found")
         val account = Account(service.accountName, context.getString(R.string.account_type))
 
-        httpClientBuilder.get().fromAccount(account).build().use { httpClient ->
-            runInterruptible(ioDispatcher) {
-                try {
-                    DavResource(httpClient.okHttpClient, collection.url).delete {
-                        // success, otherwise an exception would have been thrown → delete locally, too
-                        delete(collection)
-                    }
-                } catch (e: HttpException) {
-                    if (e is NotFoundException || e is GoneException) {
-                        // HTTP 404 Not Found or 410 Gone (collection is not there anymore) -> delete locally, too
-                        logger.info("Collection ${collection.url} not found on server, deleting locally")
-                        delete(collection)
-                    } else
-                        throw e
+        val httpClient = httpClientBuilder.get().fromAccount(account).build()
+        runInterruptible(ioDispatcher) {
+            try {
+                DavResource(httpClient, collection.url).delete {
+                    // success, otherwise an exception would have been thrown → delete locally, too
+                    delete(collection)
                 }
+            } catch (e: HttpException) {
+                if (e is NotFoundException || e is GoneException) {
+                    // HTTP 404 Not Found or 410 Gone (collection is not there anymore) -> delete locally, too
+                    logger.info("Collection ${collection.url} not found on server, deleting locally")
+                    delete(collection)
+                } else
+                    throw e
             }
         }
     }
@@ -228,7 +220,7 @@ class DavCollectionRepository @Inject constructor(
      *
      * @param newCollection Collection to be inserted or updated
      */
-    fun insertOrUpdateByUrlAndRememberFlags(newCollection: Collection) {
+    fun insertOrUpdateByUrlRememberSync(newCollection: Collection) {
         db.runInTransaction {
             // remember locally set flags
             val oldCollection = dao.getByServiceAndUrl(newCollection.serviceId, newCollection.url.toString())
@@ -250,11 +242,15 @@ class DavCollectionRepository @Inject constructor(
         dao.insertOrUpdateByUrl(collection)
     }
 
-    fun pageByServiceAndType(serviceId: Long, @CollectionType type: String) =
-        dao.pageByServiceAndType(serviceId, type)
-
-    fun pagePersonalByServiceAndType(serviceId: Long, @CollectionType type: String) =
-        dao.pagePersonalByServiceAndType(serviceId, type)
+    /**
+     * Returns paging source to retrieve collections for given service, of given collection type and
+     * depending on whether they are considered personal or not (see [HomeSet.personal]).
+     */
+    fun pageByServiceAndType(serviceId: Long, @CollectionType type: String, onlyPersonal: Boolean) =
+        if (onlyPersonal)
+            dao.pagePersonalByServiceAndType(serviceId, type)
+        else
+            dao.pageByServiceAndType(serviceId, type)
 
     /**
      * Sets the flag for whether read-only should be enforced on the local collection
@@ -289,19 +285,17 @@ class DavCollectionRepository @Inject constructor(
     // helpers
 
     private suspend fun createOnServer(account: Account, url: HttpUrl, method: String, xmlBody: String) {
-        httpClientBuilder.get()
+        val httpClient = httpClientBuilder.get()
             .fromAccount(account)
             .build()
-            .use { httpClient ->
-                runInterruptible(ioDispatcher) {
-                    DavResource(httpClient.okHttpClient, url).mkCol(
-                        xmlBody = xmlBody,
-                        method = method
-                    ) {
-                        // success, otherwise an exception would have been thrown
-                    }
-                }
+        runInterruptible(ioDispatcher) {
+            DavResource(httpClient, url).mkCol(
+                xmlBody = xmlBody,
+                method = method
+            ) {
+                // success, otherwise an exception would have been thrown
             }
+        }
     }
 
     private fun generateMkColXml(
@@ -320,27 +314,27 @@ class DavCollectionRepository @Inject constructor(
             setOutput(writer)
 
             startDocument("UTF-8", null)
-            setPrefix("", NS_WEBDAV)
-            setPrefix("CAL", NS_CALDAV)
-            setPrefix("CARD", NS_CARDDAV)
+            setPrefix("", WebDAV.NS_WEBDAV)
+            setPrefix("CAL", CalDAV.NS_CALDAV)
+            setPrefix("CARD", CardDAV.NS_CARDDAV)
 
             if (addressBook)
-                startTag(NS_WEBDAV, "mkcol")
+                startTag(WebDAV.NS_WEBDAV, "mkcol")
             else
-                startTag(NS_CALDAV, "mkcalendar")
+                startTag(CalDAV.NS_CALDAV, "mkcalendar")
 
-            insertTag(DavResource.SET) {
-                insertTag(DavResource.PROP) {
-                    insertTag(ResourceType.NAME) {
-                        insertTag(ResourceType.COLLECTION)
+            insertTag(WebDAV.Set) {
+                insertTag(WebDAV.Prop) {
+                    insertTag(WebDAV.ResourceType) {
+                        insertTag(WebDAV.Collection)
                         if (addressBook)
-                            insertTag(ResourceType.ADDRESSBOOK)
+                            insertTag(CardDAV.Addressbook)
                         else
-                            insertTag(ResourceType.CALENDAR)
+                            insertTag(CalDAV.Calendar)
                     }
 
                     displayName?.let {
-                        insertTag(DisplayName.NAME) {
+                        insertTag(WebDAV.DisplayName) {
                             text(it)
                         }
                     }
@@ -348,7 +342,7 @@ class DavCollectionRepository @Inject constructor(
                     if (addressBook) {
                         // addressbook-specific properties
                         description?.let {
-                            insertTag(AddressbookDescription.NAME) {
+                            insertTag(CardDAV.AddressbookDescription) {
                                 text(it)
                             }
                         }
@@ -356,27 +350,27 @@ class DavCollectionRepository @Inject constructor(
                     } else {
                         // calendar-specific properties
                         description?.let {
-                            insertTag(CalendarDescription.NAME) {
+                            insertTag(CalDAV.CalendarDescription) {
                                 text(it)
                             }
                         }
                         color?.let {
-                            insertTag(CalendarColor.NAME) {
+                            insertTag(CalDAV.CalendarColor) {
                                 text(DavUtils.ARGBtoCalDAVColor(it))
                             }
                         }
                         timezoneId?.let { id ->
-                            insertTag(CalendarTimezoneId.NAME) {
+                            insertTag(CalDAV.CalendarTimezoneId) {
                                 text(id)
                             }
                             getVTimeZone(id)?.let { vTimezone ->
-                                insertTag(CalendarTimezone.NAME) {
+                                insertTag(CalDAV.CalendarTimezone) {
                                     text(
                                         // spec requires "an iCalendar object with exactly one VTIMEZONE component"
                                         Calendar(
                                             PropertyList<Property>().apply {
-                                                add(ICalendar.prodId)
                                                 add(Version.VERSION_2_0)
+                                                add(ProdId(Constants.iCalProdId))
                                             },
                                             ComponentList(
                                                 listOf(vTimezone)
@@ -388,19 +382,19 @@ class DavCollectionRepository @Inject constructor(
                         }
 
                         if (!supportsVEVENT || !supportsVTODO || !supportsVJOURNAL) {
-                            insertTag(SupportedCalendarComponentSet.NAME) {
+                            insertTag(CalDAV.SupportedCalendarComponentSet) {
                                 // Only if there's at least one not explicitly supported calendar component set,
                                 // otherwise don't include the property, which means "supports everything".
                                 if (supportsVEVENT)
-                                    insertTag(SupportedCalendarComponentSet.COMP) {
+                                    insertTag(CalDAV.Comp) {
                                         attribute(null, "name", Component.VEVENT)
                                     }
                                 if (supportsVTODO)
-                                    insertTag(SupportedCalendarComponentSet.COMP) {
+                                    insertTag(CalDAV.Comp) {
                                         attribute(null, "name", Component.VTODO)
                                     }
                                 if (supportsVJOURNAL)
-                                    insertTag(SupportedCalendarComponentSet.COMP) {
+                                    insertTag(CalDAV.Comp) {
                                         attribute(null, "name", Component.VJOURNAL)
                                     }
                             }
@@ -409,14 +403,17 @@ class DavCollectionRepository @Inject constructor(
                 }
             }
             if (addressBook)
-                endTag(NS_WEBDAV, "mkcol")
+                endTag(WebDAV.NS_WEBDAV, "mkcol")
             else
-                endTag(NS_CALDAV, "mkcalendar")
+                endTag(CalDAV.NS_CALDAV, "mkcalendar")
             endDocument()
         }
         return writer.toString()
     }
 
-    private fun getVTimeZone(tzId: String): VTimeZone? = DateUtils.ical4jTimeZone(tzId)?.vTimeZone
+    private fun getVTimeZone(tzId: String): VTimeZone? {
+        val tzRegistry = TimeZoneRegistryFactory.getInstance().createRegistry()
+        return tzRegistry.getTimeZone(tzId)?.vTimeZone
+    }
 
 }

app/src/main/kotlin/at/bitfire/davdroid/repository/DavHomeSetRepository.kt

@@ -5,7 +5,6 @@
 package at.bitfire.davdroid.repository
 
 import android.accounts.Account
-import androidx.room.Transaction
 import at.bitfire.davdroid.db.AppDatabase
 import at.bitfire.davdroid.db.HomeSet
 import at.bitfire.davdroid.db.Service
@@ -29,21 +28,8 @@ class DavHomeSetRepository @Inject constructor(
     fun getCalendarHomeSetsFlow(account: Account) =
         dao.getBindableByAccountAndServiceTypeFlow(account.name, Service.TYPE_CALDAV)
 
-
-    /**
-     * Tries to insert new row, but updates existing row if already present.
-     * This method preserves the primary key, as opposed to using "@Insert(onConflict = OnConflictStrategy.REPLACE)"
-     * which will create a new row with incremented ID and thus breaks entity relationships!
-     *
-     * @return ID of the row, that has been inserted or updated. -1 If the insert fails due to other reasons.
-     */
-    @Transaction
-    fun insertOrUpdateByUrlBlocking(homeset: HomeSet): Long =
-        dao.getByUrl(homeset.serviceId, homeset.url.toString())?.let { existingHomeset ->
-            dao.update(homeset.copy(id = existingHomeset.id))
-            existingHomeset.id
-        } ?: dao.insert(homeset)
-
+    fun insertOrUpdateByUrlBlocking(homeSet: HomeSet): Long =
+        dao.insertOrUpdateByUrlBlocking(homeSet)
 
     fun deleteBlocking(homeSet: HomeSet) = dao.delete(homeSet)
 

app/src/main/kotlin/at/bitfire/davdroid/resource/LocalAddress.kt

@@ -6,4 +6,8 @@ package at.bitfire.davdroid.resource
 
 import at.bitfire.vcard4android.Contact
 
-interface LocalAddress: LocalResource<Contact>
+interface LocalAddress: LocalResource {
+
+    fun update(data: Contact, fileName: String?, eTag: String?, scheduleTag: String?, flags: Int)
+
+}

app/src/main/kotlin/at/bitfire/davdroid/resource/LocalAddressBook.kt

@@ -17,19 +17,20 @@ import android.provider.ContactsContract.RawContacts
 import androidx.annotation.OpenForTesting
 import androidx.core.content.contentValuesOf
 import at.bitfire.davdroid.R
-import at.bitfire.davdroid.db.SyncState
 import at.bitfire.davdroid.repository.DavCollectionRepository
 import at.bitfire.davdroid.repository.DavServiceRepository
 import at.bitfire.davdroid.resource.LocalAddressBook.Companion.USER_DATA_READ_ONLY
 import at.bitfire.davdroid.resource.workaround.ContactDirtyVerifier
 import at.bitfire.davdroid.settings.AccountSettings
-import at.bitfire.davdroid.sync.SyncFrameworkIntegration
+import at.bitfire.davdroid.sync.SyncDataType
 import at.bitfire.davdroid.sync.account.SystemAccountUtils
 import at.bitfire.davdroid.sync.account.setAndVerifyUserData
+import at.bitfire.davdroid.sync.adapter.SyncFrameworkIntegration
+import at.bitfire.synctools.storage.BatchOperation
+import at.bitfire.synctools.storage.ContactsBatchOperation
 import at.bitfire.vcard4android.AndroidAddressBook
 import at.bitfire.vcard4android.AndroidContact
 import at.bitfire.vcard4android.AndroidGroup
-import at.bitfire.vcard4android.BatchOperation
 import at.bitfire.vcard4android.GroupMethod
 import dagger.assisted.Assisted
 import dagger.assisted.AssistedFactory
@@ -198,17 +199,17 @@ open class LocalAddressBook @AssistedInject constructor(
             return false
 
         // move contacts and groups to new account
-        val batch = BatchOperation(provider!!)
-        batch.enqueue(BatchOperation.CpoBuilder
+        val batch = ContactsBatchOperation(provider!!)
+        batch += BatchOperation.CpoBuilder
             .newUpdate(groupsSyncUri())
             .withSelection(Groups.ACCOUNT_NAME + "=? AND " + Groups.ACCOUNT_TYPE + "=?", arrayOf(oldAccount.name, oldAccount.type))
             .withValue(Groups.ACCOUNT_NAME, newAccount.name)
-        )
-        batch.enqueue(BatchOperation.CpoBuilder
+            .withValue(Groups.ACCOUNT_TYPE, newAccount.type)
+        batch += BatchOperation.CpoBuilder
             .newUpdate(rawContactsSyncUri())
             .withSelection(RawContacts.ACCOUNT_NAME + "=? AND " + RawContacts.ACCOUNT_TYPE + "=?", arrayOf(oldAccount.name, oldAccount.type))
             .withValue(RawContacts.ACCOUNT_NAME, newAccount.name)
-        )
+            .withValue(RawContacts.ACCOUNT_TYPE, newAccount.type)
         batch.commit()
 
         // update AndroidAddressBook.account
@@ -222,15 +223,18 @@ open class LocalAddressBook @AssistedInject constructor(
 
 
     /**
-     * Makes contacts of this address book available to be synced and activates synchronization upon
-     * contact data changes.
+     * Enables or disables sync on content changes for the address book account based on the current sync
+     * interval account setting.
      */
     fun updateSyncFrameworkSettings() {
-        // Enable sync-ability of contacts
-        syncFramework.enableSyncAbility(addressBookAccount, ContactsContract.AUTHORITY)
+        val accountSettings = accountSettingsFactory.create(account)
+        val syncInterval = accountSettings.getSyncInterval(SyncDataType.CONTACTS)
 
-        // Changes in contact data should trigger syncs
-        syncFramework.enableSyncOnContentChange(addressBookAccount, ContactsContract.AUTHORITY)
+        // Enable/Disable content triggered syncs for the address book account.
+        if (syncInterval != null)
+            syncFramework.enableSyncOnContentChange(addressBookAccount, ContactsContract.AUTHORITY)
+        else
+            syncFramework.disableSyncOnContentChange(addressBookAccount, ContactsContract.AUTHORITY)
     }
 
 

app/src/main/kotlin/at/bitfire/davdroid/resource/LocalAddressBookStore.kt

@@ -6,6 +6,7 @@ package at.bitfire.davdroid.resource
 
 import android.accounts.Account
 import android.accounts.AccountManager
+import android.accounts.OnAccountsUpdateListener
 import android.content.ContentProviderClient
 import android.content.Context
 import android.provider.ContactsContract
@@ -23,6 +24,9 @@ import at.bitfire.davdroid.sync.account.setAndVerifyUserData
 import at.bitfire.davdroid.util.DavUtils.lastSegment
 import com.google.common.base.CharMatcher
 import dagger.hilt.android.qualifiers.ApplicationContext
+import kotlinx.coroutines.channels.awaitClose
+import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.flow.callbackFlow
 import java.util.logging.Level
 import java.util.logging.Logger
 import javax.inject.Inject
@@ -74,10 +78,16 @@ class LocalAddressBookStore @Inject constructor(
         return sb.toString()
     }
 
-    override fun acquireContentProvider() =
+    override fun acquireContentProvider(throwOnMissingPermissions: Boolean) = try {
         context.contentResolver.acquireContentProviderClient(authority)
+    } catch (e: SecurityException) {
+        if (throwOnMissingPermissions)
+            throw e
+        else
+            /* return */ null
+    }
 
-    override fun create(provider: ContentProviderClient, fromCollection: Collection): LocalAddressBook? {
+    override fun create(client: ContentProviderClient, fromCollection: Collection): LocalAddressBook? {
         val service = serviceRepository.getBlocking(fromCollection.serviceId) ?: throw IllegalArgumentException("Couldn't fetch DB service from collection")
         val account = Account(service.accountName, context.getString(R.string.account_type))
 
@@ -88,7 +98,7 @@ class LocalAddressBookStore @Inject constructor(
             id = fromCollection.id
         ) ?: return null
 
-        val addressBook = localAddressBookFactory.create(account, addressBookAccount, provider)
+        val addressBook = localAddressBookFactory.create(account, addressBookAccount, client)
 
         // update settings
         addressBook.updateSyncFrameworkSettings()
@@ -115,19 +125,12 @@ class LocalAddressBookStore @Inject constructor(
         return addressBookAccount
     }
 
-    override fun getAll(account: Account, provider: ContentProviderClient): List<LocalAddressBook> {
-        val accountManager = AccountManager.get(context)
-        return accountManager.getAccountsByType(context.getString(R.string.account_type_address_book))
-            .filter { addressBookAccount ->
-                accountManager.getUserData(addressBookAccount, LocalAddressBook.USER_DATA_ACCOUNT_NAME) == account.name &&
-                accountManager.getUserData(addressBookAccount, LocalAddressBook.USER_DATA_ACCOUNT_TYPE) == account.type
-            }
-            .map { addressBookAccount ->
-                localAddressBookFactory.create(account, addressBookAccount, provider)
-            }
-    }
+    override fun getAll(account: Account, client: ContentProviderClient): List<LocalAddressBook> =
+        getAddressBookAccounts(account).map { addressBookAccount ->
+            localAddressBookFactory.create(account, addressBookAccount, client)
+        }
 
-    override fun update(provider: ContentProviderClient, localCollection: LocalAddressBook, fromCollection: Collection) {
+    override fun update(client: ContentProviderClient, localCollection: LocalAddressBook, fromCollection: Collection) {
         var currentAccount = localCollection.addressBookAccount
         logger.log(Level.INFO, "Updating local address book $currentAccount from collection $fromCollection")
 
@@ -155,7 +158,7 @@ class LocalAddressBookStore @Inject constructor(
             localCollection.readOnly = nowReadOnly
         }
 
-        // make sure it will still be synchronized when contacts are updated
+        // Update automatic synchronization
         localCollection.updateSyncFrameworkSettings()
     }
 
@@ -164,8 +167,9 @@ class LocalAddressBookStore @Inject constructor(
      *
      * @param oldAccount    The old account
      * @param newAccount    The new account
+     * @param client        content provider client (not needed/does not exist for address books)
      */
-    override fun updateAccount(oldAccount: Account, newAccount: Account) {
+    override fun updateAccount(oldAccount: Account, newAccount: Account, client: ContentProviderClient?) {
         val accountManager = AccountManager.get(context)
         accountManager.getAccountsByType(context.getString(R.string.account_type_address_book))
             .filter { addressBookAccount ->
@@ -197,6 +201,45 @@ class LocalAddressBookStore @Inject constructor(
             accountManager.removeAccountExplicitly(addressBookAccount)
     }
 
+    /**
+     * Returns all address book accounts that belong to the given account.
+     *
+     * @param account    Account which has the address books.
+     * @return List of address book accounts.
+     */
+    fun getAddressBookAccounts(account: Account): List<Account> =
+        AccountManager.get(context).let { accountManager ->
+            accountManager.getAccountsByType(context.getString(R.string.account_type_address_book))
+                .filter { addressBookAccount ->
+                    account.name == accountManager.getUserData(
+                        addressBookAccount,
+                        LocalAddressBook.USER_DATA_ACCOUNT_NAME
+                    ) && account.type == accountManager.getUserData(
+                        addressBookAccount,
+                        LocalAddressBook.USER_DATA_ACCOUNT_TYPE
+                    )
+                }
+        }
+
+    /**
+     * Returns all address book accounts that belong to the given account in a flow.
+     *
+     * @param account    Account which has the address books.
+     * @return List of address book accounts as flow.
+     */
+    fun getAddressBookAccountsFlow(account: Account): Flow<List<Account>> = callbackFlow {
+        val accountManager = AccountManager.get(context)
+        val listener = OnAccountsUpdateListener { accounts ->
+            trySend(getAddressBookAccounts(account))
+        }
+        accountManager.addOnAccountsUpdatedListener(
+            /* listener = */ listener,
+            /* handler = */ null,
+            /* updateImmediately = */ true
+        )
+        awaitClose { accountManager.removeOnAccountsUpdatedListener(listener) }
+    }
+
 
     companion object {
 

app/src/main/kotlin/at/bitfire/davdroid/resource/LocalCalendar.kt

@@ -4,20 +4,20 @@
 
 package at.bitfire.davdroid.resource
 
-import android.accounts.Account
-import android.content.ContentProviderClient
-import android.content.ContentUris
-import android.content.ContentValues
 import android.provider.CalendarContract.Calendars
 import android.provider.CalendarContract.Events
+import androidx.annotation.VisibleForTesting
 import androidx.core.content.contentValuesOf
-import at.bitfire.davdroid.db.SyncState
-import at.bitfire.ical4android.AndroidCalendar
-import at.bitfire.ical4android.AndroidCalendarFactory
-import at.bitfire.ical4android.BatchOperation
-import at.bitfire.ical4android.util.MiscUtils.asSyncAdapter
+import at.bitfire.synctools.storage.BatchOperation
+import at.bitfire.synctools.storage.calendar.AndroidCalendar
+import at.bitfire.synctools.storage.calendar.AndroidRecurringCalendar
+import at.bitfire.synctools.storage.calendar.CalendarBatchOperation
+import at.bitfire.synctools.storage.calendar.EventAndExceptions
+import at.bitfire.synctools.storage.calendar.EventsContract
+import dagger.assisted.Assisted
+import dagger.assisted.AssistedFactory
+import dagger.assisted.AssistedInject
 import java.util.LinkedList
-import java.util.logging.Level
 import java.util.logging.Logger
 
 /**
@@ -25,223 +25,113 @@ import java.util.logging.Logger
  *
  * [Calendars._SYNC_ID] corresponds to the database collection ID ([at.bitfire.davdroid.db.Collection.id]).
  */
-class LocalCalendar private constructor(
-    account: Account,
-    provider: ContentProviderClient,
-    id: Long
-): AndroidCalendar<LocalEvent>(account, provider, LocalEvent.Factory, id), LocalCollection<LocalEvent> {
-
-    companion object {
-
-        private const val COLUMN_SYNC_STATE = Calendars.CAL_SYNC1
-
-        private val logger: Logger
-            get() = Logger.getGlobal()
+class LocalCalendar @AssistedInject constructor(
+    @Assisted internal val androidCalendar: AndroidCalendar,
+    private val logger: Logger
+) : LocalCollection<LocalEvent> {
 
+    @AssistedFactory
+    interface Factory {
+        fun create(calendar: AndroidCalendar): LocalCalendar
     }
 
+
+    // properties
+
     override val dbCollectionId: Long?
-        get() = syncId?.toLongOrNull()
+        get() = androidCalendar.syncId?.toLongOrNull()
 
     override val tag: String
-        get() = "events-${account.name}-$id"
+        get() = "events-${androidCalendar.account.name}-${androidCalendar.id}"
 
     override val title: String
-        get() = displayName ?: id.toString()
+        get() = androidCalendar.displayName ?: androidCalendar.id.toString()
 
-    private var accessLevel: Int = Calendars.CAL_ACCESS_OWNER   // assume full access if not specified
     override val readOnly
-        get() = accessLevel <= Calendars.CAL_ACCESS_READ
+        get() = androidCalendar.accessLevel <= Calendars.CAL_ACCESS_READ
 
     override var lastSyncState: SyncState?
-        get() = provider.query(calendarSyncURI(), arrayOf(COLUMN_SYNC_STATE), null, null, null)?.use { cursor ->
-                    if (cursor.moveToNext())
-                        return SyncState.fromString(cursor.getString(0))
-                    else
-                        null
-                }
+        get() = androidCalendar.readSyncState()?.let {
+            SyncState.fromString(it)
+        }
         set(state) {
-            val values = contentValuesOf(COLUMN_SYNC_STATE to state.toString())
-            provider.update(calendarSyncURI(), values, null, null)
+            androidCalendar.writeSyncState(state.toString())
         }
 
+    @VisibleForTesting
+    internal val recurringCalendar = AndroidRecurringCalendar(androidCalendar)
 
-    override fun populate(info: ContentValues) {
-        super.populate(info)
-        accessLevel = info.getAsInteger(Calendars.CALENDAR_ACCESS_LEVEL) ?: Calendars.CAL_ACCESS_OWNER
+
+    fun add(event: EventAndExceptions): Long {
+        return recurringCalendar.addEventAndExceptions(event)
     }
 
-
-    override fun findDeleted() =
-        queryEvents("${Events.DELETED} AND ${Events.ORIGINAL_ID} IS NULL", null)
+    override fun findDeleted(): List<LocalEvent> {
+        val result = LinkedList<LocalEvent>()
+        recurringCalendar.iterateEventAndExceptions(
+            "${Events.DELETED} AND ${Events.ORIGINAL_ID} IS NULL", null
+        ) { eventAndExceptions ->
+            result += LocalEvent(recurringCalendar, eventAndExceptions)
+        }
+        return result
+    }
 
     override fun findDirty(): List<LocalEvent> {
         val dirty = LinkedList<LocalEvent>()
-
-        /*
-         * RFC 5545 3.8.7.4. Sequence Number
-         * When a calendar component is created, its sequence number is 0. It is monotonically incremented by the "Organizer's"
-         * CUA each time the "Organizer" makes a significant revision to the calendar component.
-         */
-        for (localEvent in queryEvents("${Events.DIRTY} AND ${Events.ORIGINAL_ID} IS NULL", null)) {
-            try {
-                val event = requireNotNull(localEvent.event)
-
-                val nonGroupScheduled = event.attendees.isEmpty()
-                val weAreOrganizer = localEvent.weAreOrganizer
-
-                val sequence = event.sequence
-                if (sequence == null)
-                    // sequence has not been assigned yet (i.e. this event was just locally created)
-                    event.sequence = 0
-                else if (nonGroupScheduled || weAreOrganizer)   // increase sequence
-                    event.sequence = sequence + 1
-
-            } catch(e: Exception) {
-                logger.log(Level.WARNING, "Couldn't check/increase sequence", e)
-            }
-            dirty += localEvent
+        recurringCalendar.iterateEventAndExceptions(
+            "${Events.DIRTY} AND ${Events.ORIGINAL_ID} IS NULL", null
+        ) { eventAndExceptions ->
+            dirty += LocalEvent(recurringCalendar, eventAndExceptions)
         }
-
         return dirty
     }
 
     override fun findByName(name: String) =
-            queryEvents("${Events._SYNC_ID}=?", arrayOf(name)).firstOrNull()
+        recurringCalendar.findEventAndExceptions("${Events._SYNC_ID}=? AND ${Events.ORIGINAL_SYNC_ID} IS null", arrayOf(name))?.let {
+            LocalEvent(recurringCalendar, it)
+        }
 
-
-    override fun markNotDirty(flags: Int): Int {
-        val values = contentValuesOf(LocalEvent.COLUMN_FLAGS to flags)
-        return provider.update(Events.CONTENT_URI.asSyncAdapter(account), values,
-                "${Events.CALENDAR_ID}=? AND NOT ${Events.DIRTY} AND ${Events.ORIGINAL_ID} IS NULL",
-                arrayOf(id.toString()))
-    }
+    override fun markNotDirty(flags: Int) =
+        androidCalendar.updateEventRows(
+            contentValuesOf(EventsContract.COLUMN_FLAGS to flags),
+            // `dirty` can be 0, 1, or null. "NOT dirty" is not enough.
+            """
+                ${Events.CALENDAR_ID}=?
+                AND (${Events.DIRTY} IS NULL OR ${Events.DIRTY}=0)
+                AND ${Events.ORIGINAL_ID} IS NULL
+            """.trimIndent(),
+            arrayOf(androidCalendar.id.toString())
+        )
 
     override fun removeNotDirtyMarked(flags: Int): Int {
-        var deleted = 0
         // list all non-dirty events with the given flags and delete every row + its exceptions
-        provider.query(Events.CONTENT_URI.asSyncAdapter(account), arrayOf(Events._ID),
-                "${Events.CALENDAR_ID}=? AND NOT ${Events.DIRTY} AND ${Events.ORIGINAL_ID} IS NULL AND ${LocalEvent.COLUMN_FLAGS}=?",
-                arrayOf(id.toString(), flags.toString()), null)?.use { cursor ->
-            val batch = BatchOperation(provider)
-            while (cursor.moveToNext()) {
-                val id = cursor.getLong(0)
-                // delete event and possible exceptions (content provider doesn't delete exceptions itself)
-                batch.enqueue(BatchOperation.CpoBuilder
-                        .newDelete(Events.CONTENT_URI.asSyncAdapter(account))
-                        .withSelection("${Events._ID}=? OR ${Events.ORIGINAL_ID}=?", arrayOf(id.toString(), id.toString())))
-            }
-            deleted = batch.commit()
+        val batch = CalendarBatchOperation(androidCalendar.client)
+        androidCalendar.iterateEventRows(
+            arrayOf(Events._ID),
+            // `dirty` can be 0, 1, or null. "NOT dirty" is not enough.
+            """
+                ${Events.CALENDAR_ID}=?
+                AND (${Events.DIRTY} IS NULL OR ${Events.DIRTY}=0)
+                AND ${Events.ORIGINAL_ID} IS NULL
+                AND ${EventsContract.COLUMN_FLAGS}=?
+            """.trimIndent(),
+            arrayOf(androidCalendar.id.toString(), flags.toString())
+        ) { values ->
+            val id = values.getAsLong(Events._ID)
+
+            // delete event and possible exceptions (content provider doesn't delete exceptions itself)
+            batch += BatchOperation.CpoBuilder
+                .newDelete(androidCalendar.eventsUri)
+                .withSelection("${Events._ID}=? OR ${Events.ORIGINAL_ID}=?", arrayOf(id.toString(), id.toString()))
         }
-        return deleted
+        return batch.commit()
     }
 
     override fun forgetETags() {
-        val values = contentValuesOf(LocalEvent.COLUMN_ETAG to null)
-        provider.update(Events.CONTENT_URI.asSyncAdapter(account), values, "${Events.CALENDAR_ID}=?",
-                arrayOf(id.toString()))
-    }
-
-
-    fun processDirtyExceptions() {
-        // process deleted exceptions
-        logger.info("Processing deleted exceptions")
-        provider.query(
-                Events.CONTENT_URI.asSyncAdapter(account),
-                arrayOf(Events._ID, Events.ORIGINAL_ID, LocalEvent.COLUMN_SEQUENCE),
-                "${Events.CALENDAR_ID}=? AND ${Events.DELETED} AND ${Events.ORIGINAL_ID} IS NOT NULL",
-                arrayOf(id.toString()), null)?.use { cursor ->
-            while (cursor.moveToNext()) {
-                logger.fine("Found deleted exception, removing and re-scheduling original event (if available)")
-                val id = cursor.getLong(0)             // can't be null (by definition)
-                val originalID = cursor.getLong(1)     // can't be null (by query)
-
-                val batch = BatchOperation(provider)
-
-                // get original event's SEQUENCE
-                provider.query(
-                        ContentUris.withAppendedId(Events.CONTENT_URI, originalID).asSyncAdapter(account),
-                        arrayOf(LocalEvent.COLUMN_SEQUENCE),
-                        null, null, null)?.use { cursor2 ->
-                    if (cursor2.moveToNext()) {
-                        // original event is available
-                        val originalSequence = if (cursor2.isNull(0)) 0 else cursor2.getInt(0)
-
-                        // re-schedule original event and set it to DIRTY
-                        batch.enqueue(BatchOperation.CpoBuilder
-                                .newUpdate(ContentUris.withAppendedId(Events.CONTENT_URI, originalID).asSyncAdapter(account))
-                                .withValue(LocalEvent.COLUMN_SEQUENCE, originalSequence + 1)
-                                .withValue(Events.DIRTY, 1))
-                    }
-                }
-
-                // completely remove deleted exception
-                batch.enqueue(BatchOperation.CpoBuilder.newDelete(ContentUris.withAppendedId(Events.CONTENT_URI, id).asSyncAdapter(account)))
-                batch.commit()
-            }
-        }
-
-        // process dirty exceptions
-        logger.info("Processing dirty exceptions")
-        provider.query(
-                Events.CONTENT_URI.asSyncAdapter(account),
-                arrayOf(Events._ID, Events.ORIGINAL_ID, LocalEvent.COLUMN_SEQUENCE),
-                "${Events.CALENDAR_ID}=? AND ${Events.DIRTY} AND ${Events.ORIGINAL_ID} IS NOT NULL",
-                arrayOf(id.toString()), null)?.use { cursor ->
-            while (cursor.moveToNext()) {
-                logger.fine("Found dirty exception, increasing SEQUENCE to re-schedule")
-                val id = cursor.getLong(0)             // can't be null (by definition)
-                val originalID = cursor.getLong(1)     // can't be null (by query)
-                val sequence = if (cursor.isNull(2)) 0 else cursor.getInt(2)
-
-                val batch = BatchOperation(provider)
-                // original event to DIRTY
-                batch.enqueue(BatchOperation.CpoBuilder
-                        .newUpdate(ContentUris.withAppendedId(Events.CONTENT_URI, originalID).asSyncAdapter(account))
-                        .withValue(Events.DIRTY, 1))
-                // increase SEQUENCE and set DIRTY to 0
-                batch.enqueue(BatchOperation.CpoBuilder
-                        .newUpdate(ContentUris.withAppendedId(Events.CONTENT_URI, id).asSyncAdapter(account))
-                        .withValue(LocalEvent.COLUMN_SEQUENCE, sequence + 1)
-                        .withValue(Events.DIRTY, 0))
-                batch.commit()
-            }
-        }
-    }
-
-    /**
-     * Marks dirty events (which are not already marked as deleted) which got no valid instances as "deleted"
-     *
-     * @return number of affected events
-     */
-    fun deleteDirtyEventsWithoutInstances() {
-        provider.query(
-            Events.CONTENT_URI.asSyncAdapter(account),
-            arrayOf(Events._ID),
-            "${Events.DIRTY} AND NOT ${Events.DELETED} AND ${Events.ORIGINAL_ID} IS NULL",    // Get dirty main events (and no exception events)
-            null, null
-        )?.use { cursor ->
-            while (cursor.moveToNext()) {
-                val eventID = cursor.getLong(0)
-
-                // get number of instances
-                val numEventInstances = LocalEvent.numInstances(provider, account, eventID)
-
-                // delete event if there are no instances
-                if (numEventInstances == 0) {
-                    logger.info("Marking event #$eventID without instances as deleted")
-                    LocalEvent.markAsDeleted(provider, account, eventID)
-                }
-            }
-        }
-    }
-
-
-    object Factory: AndroidCalendarFactory<LocalCalendar> {
-
-        override fun newInstance(account: Account, provider: ContentProviderClient, id: Long) =
-            LocalCalendar(account, provider, id)
-
+        androidCalendar.updateEventRows(
+            contentValuesOf(EventsContract.COLUMN_ETAG to null),
+            "${Events.CALENDAR_ID}=?", arrayOf(androidCalendar.id.toString())
+        )
     }
 
 }

app/src/main/kotlin/at/bitfire/davdroid/resource/LocalCalendarStore.kt

@@ -6,11 +6,13 @@ package at.bitfire.davdroid.resource
 
 import android.accounts.Account
 import android.content.ContentProviderClient
-import android.content.ContentUris
 import android.content.ContentValues
 import android.content.Context
 import android.provider.CalendarContract
+import android.provider.CalendarContract.Attendees
 import android.provider.CalendarContract.Calendars
+import android.provider.CalendarContract.Events
+import android.provider.CalendarContract.Reminders
 import androidx.core.content.contentValuesOf
 import at.bitfire.davdroid.Constants
 import at.bitfire.davdroid.R
@@ -18,18 +20,19 @@ import at.bitfire.davdroid.db.Collection
 import at.bitfire.davdroid.repository.DavServiceRepository
 import at.bitfire.davdroid.settings.AccountSettings
 import at.bitfire.davdroid.util.DavUtils.lastSegment
-import at.bitfire.ical4android.AndroidCalendar
-import at.bitfire.ical4android.AndroidCalendar.Companion.calendarBaseValues
 import at.bitfire.ical4android.util.DateUtils
 import at.bitfire.ical4android.util.MiscUtils.asSyncAdapter
+import at.bitfire.synctools.storage.calendar.AndroidCalendarProvider
 import dagger.hilt.android.qualifiers.ApplicationContext
 import java.util.logging.Level
 import java.util.logging.Logger
+import javax.annotation.WillNotClose
 import javax.inject.Inject
 
 class LocalCalendarStore @Inject constructor(
     @ApplicationContext private val context: Context,
     private val accountSettingsFactory: AccountSettings.Factory,
+    private val localCalendarFactory: LocalCalendar.Factory,
     private val logger: Logger,
     private val serviceRepository: DavServiceRepository
 ): LocalDataStore<LocalCalendar> {
@@ -37,10 +40,16 @@ class LocalCalendarStore @Inject constructor(
     override val authority: String
         get() = CalendarContract.AUTHORITY
 
-    override fun acquireContentProvider() =
+    override fun acquireContentProvider(throwOnMissingPermissions: Boolean) = try {
         context.contentResolver.acquireContentProviderClient(authority)
+    } catch (e: SecurityException) {
+        if (throwOnMissingPermissions)
+            throw e
+        else
+            /* return */ null
+    }
 
-    override fun create(provider: ContentProviderClient, fromCollection: Collection): LocalCalendar? {
+    override fun create(client: ContentProviderClient, fromCollection: Collection): LocalCalendar? {
         val service = serviceRepository.getBlocking(fromCollection.serviceId) ?: throw IllegalArgumentException("Couldn't fetch DB service from collection")
         val account = Account(service.accountName, context.getString(R.string.account_type))
 
@@ -69,26 +78,49 @@ class LocalCalendarStore @Inject constructor(
         }
 
         logger.log(Level.INFO, "Adding local calendar", values)
-        val uri = AndroidCalendar.create(account, provider, values)
-        return AndroidCalendar.findByID(account, provider, LocalCalendar.Factory, ContentUris.parseId(uri))
+        val provider = AndroidCalendarProvider(account, client)
+        return localCalendarFactory.create(provider.createAndGetCalendar(values))
     }
 
-    override fun getAll(account: Account, provider: ContentProviderClient) =
-        AndroidCalendar.find(account, provider, LocalCalendar.Factory, "${Calendars.SYNC_EVENTS}!=0", null)
+    override fun getAll(account: Account, client: ContentProviderClient) =
+        AndroidCalendarProvider(account, client)
+            .findCalendars("${Calendars.SYNC_EVENTS}!=0", null)
+            .map { localCalendarFactory.create(it) }
 
-    override fun update(provider: ContentProviderClient, localCollection: LocalCalendar, fromCollection: Collection) {
-        val accountSettings = accountSettingsFactory.create(localCollection.account)
+    override fun update(client: ContentProviderClient, localCollection: LocalCalendar, fromCollection: Collection) {
+        val accountSettings = accountSettingsFactory.create(localCollection.androidCalendar.account)
         val values = valuesFromCollectionInfo(fromCollection, withColor = accountSettings.getManageCalendarColors())
 
         logger.log(Level.FINE, "Updating local calendar ${fromCollection.url}", values)
-        localCollection.update(values)
+        val androidCalendar = localCollection.androidCalendar
+        val provider = AndroidCalendarProvider(androidCalendar.account, client)
+        provider.updateCalendar(androidCalendar.id, values)
     }
 
     private fun valuesFromCollectionInfo(info: Collection, withColor: Boolean): ContentValues {
-        val values = ContentValues()
-        values.put(Calendars._SYNC_ID, info.id)
-        values.put(Calendars.CALENDAR_DISPLAY_NAME,
-            if (info.displayName.isNullOrBlank()) info.url.lastSegment else info.displayName)
+        val values = contentValuesOf(
+            Calendars._SYNC_ID to info.id,
+            Calendars.CALENDAR_DISPLAY_NAME to
+                    if (info.displayName.isNullOrBlank()) info.url.lastSegment else info.displayName,
+
+            Calendars.ALLOWED_AVAILABILITY to arrayOf(
+                Events.AVAILABILITY_BUSY,
+                Events.AVAILABILITY_FREE
+            ).joinToString(",") { it.toString() },
+
+            Calendars.ALLOWED_ATTENDEE_TYPES to arrayOf(
+                Attendees.TYPE_NONE,
+                Attendees.TYPE_OPTIONAL,
+                Attendees.TYPE_REQUIRED,
+                Attendees.TYPE_RESOURCE
+            ).joinToString(",") { it.toString() },
+
+            Calendars.ALLOWED_REMINDERS to arrayOf(
+                Reminders.METHOD_DEFAULT,
+                Reminders.METHOD_ALERT,
+                Reminders.METHOD_EMAIL
+            ).joinToString(",") { it.toString() },
+        )
 
         if (withColor && info.color != null)
             values.put(Calendars.CALENDAR_COLOR, info.color)
@@ -104,23 +136,26 @@ class LocalCalendarStore @Inject constructor(
             values.put(Calendars.CALENDAR_TIME_ZONE, DateUtils.findAndroidTimezoneID(tzId))
         }
 
-        // add base values for Calendars
-        values.putAll(calendarBaseValues)
-
         return values
     }
 
-    override fun updateAccount(oldAccount: Account, newAccount: Account) {
-        val values = contentValuesOf(Calendars.ACCOUNT_NAME to newAccount.name)
+    override fun updateAccount(oldAccount: Account, newAccount: Account, @WillNotClose client: ContentProviderClient?) {
+        if (client == null)
+            return
+        val values = contentValuesOf(
+            // Account name to be changed
+            Calendars.ACCOUNT_NAME to newAccount.name,
+            // Owner account of this calendar to be changed. Used by the calendar
+            // provider to determine whether the user is ORGANIZER/ATTENDEE (usually an email address) for a certain event.
+            Calendars.OWNER_ACCOUNT to newAccount.name
+        )
         val uri = Calendars.CONTENT_URI.asSyncAdapter(oldAccount)
-        context.contentResolver.acquireContentProviderClient(CalendarContract.AUTHORITY)?.use {
-            it.update(uri, values, "${Calendars.ACCOUNT_NAME}=?", arrayOf(oldAccount.name))
-        }
+        client.update(uri, values, "${Calendars.ACCOUNT_NAME}=?", arrayOf(oldAccount.name))
     }
 
     override fun delete(localCollection: LocalCalendar) {
         logger.log(Level.INFO, "Deleting local calendar", localCollection)
-        localCollection.delete()
+        localCollection.androidCalendar.delete()
     }
 
-}
+}

app/src/main/kotlin/at/bitfire/davdroid/resource/LocalCollection.kt

@@ -4,9 +4,12 @@
 
 package at.bitfire.davdroid.resource
 
-import at.bitfire.davdroid.db.SyncState
-
-interface LocalCollection<out T: LocalResource<*>> {
+/**
+ * This is an interface between the Syncer/SyncManager and a collection in the local storage.
+ *
+ * It defines operations that are used during sync for all sync data types.
+ */
+interface LocalCollection<out T: LocalResource> {
 
     /** a tag that uniquely identifies the collection (DAVx5-wide) */
     val tag: String
@@ -50,10 +53,8 @@ interface LocalCollection<out T: LocalResource<*>> {
      */
     fun findByName(name: String): T?
 
-
     /**
-     * Sets the [LocalEvent.COLUMN_FLAGS] value for entries which are not dirty ([Events.DIRTY] is 0)
-     * and have an [Events.ORIGINAL_ID] of null.
+     * Updates the flags value for entries which are not dirty.
      *
      * @param flags    value of flags to set (for instance, [LocalResource.FLAG_REMOTELY_PRESENT]])
      *
@@ -62,8 +63,7 @@ interface LocalCollection<out T: LocalResource<*>> {
     fun markNotDirty(flags: Int): Int
 
     /**
-     * Removes entries which are not dirty ([Events.DIRTY] is 0 and an [Events.ORIGINAL_ID] is null) with
-     * a given flag combination.
+     * Removes entries which are not dirty with a given flag combination.
      *
      * @param flags    exact flags value to remove entries with (for instance, if this is [LocalResource.FLAG_REMOTELY_PRESENT]],
      *                 all entries with exactly this flag will be removed)
@@ -78,4 +78,4 @@ interface LocalCollection<out T: LocalResource<*>> {
      */
     fun forgetETags()
 
-}
+}

app/src/main/kotlin/at/bitfire/davdroid/resource/LocalContact.kt

@@ -4,39 +4,39 @@
 
 package at.bitfire.davdroid.resource
 
+import android.content.ContentUris
 import android.content.ContentValues
+import android.content.Context
+import android.net.Uri
 import android.os.RemoteException
 import android.provider.ContactsContract
 import android.provider.ContactsContract.CommonDataKinds.GroupMembership
+import android.provider.ContactsContract.RawContacts
 import android.provider.ContactsContract.RawContacts.Data
+import android.provider.ContactsContract.RawContacts.getContactLookupUri
 import androidx.core.content.contentValuesOf
-import at.bitfire.davdroid.BuildConfig
 import at.bitfire.davdroid.resource.contactrow.CachedGroupMembershipHandler
 import at.bitfire.davdroid.resource.contactrow.GroupMembershipBuilder
 import at.bitfire.davdroid.resource.contactrow.GroupMembershipHandler
 import at.bitfire.davdroid.resource.contactrow.UnknownPropertiesBuilder
 import at.bitfire.davdroid.resource.contactrow.UnknownPropertiesHandler
+import at.bitfire.synctools.storage.BatchOperation
+import at.bitfire.synctools.storage.ContactsBatchOperation
 import at.bitfire.vcard4android.AndroidAddressBook
 import at.bitfire.vcard4android.AndroidContact
 import at.bitfire.vcard4android.AndroidContactFactory
-import at.bitfire.vcard4android.BatchOperation
 import at.bitfire.vcard4android.CachedGroupMembership
 import at.bitfire.vcard4android.Contact
-import ezvcard.Ezvcard
+import com.google.common.base.MoreObjects
 import java.io.FileNotFoundException
-import java.util.UUID
+import java.util.Optional
 import kotlin.jvm.optionals.getOrNull
 
 class LocalContact: AndroidContact, LocalAddress {
 
     companion object {
-
-        init {
-            Contact.productID = "+//IDN bitfire.at//DAVx5/${BuildConfig.VERSION_NAME} ez-vcard/" + Ezvcard.VERSION
-        }
-
-        const val COLUMN_FLAGS = ContactsContract.RawContacts.SYNC4
-        const val COLUMN_HASHCODE = ContactsContract.RawContacts.SYNC3
+        const val COLUMN_FLAGS = RawContacts.SYNC4
+        const val COLUMN_HASHCODE = RawContacts.SYNC3
     }
 
     override val addressBook: LocalAddressBook
@@ -45,9 +45,8 @@ class LocalContact: AndroidContact, LocalAddress {
     internal val cachedGroupMemberships = HashSet<Long>()
     internal val groupMemberships = HashSet<Long>()
 
-    override var scheduleTag: String?
+    override val scheduleTag: String?
         get() = null
-        set(_) = throw NotImplementedError()
 
     override var flags: Int = 0
 
@@ -69,25 +68,6 @@ class LocalContact: AndroidContact, LocalAddress {
     }
 
 
-    override fun prepareForUpload(): String {
-        val contact = getContact()
-        val uid: String = contact.uid ?: run {
-            // generate new UID
-            val newUid = UUID.randomUUID().toString()
-
-            // update in contacts provider
-            val values = contentValuesOf(COLUMN_UID to newUid)
-            addressBook.provider!!.update(rawContactSyncURI(), values, null, null)
-
-            // update this event
-            contact.uid = newUid
-
-            newUid
-        }
-
-        return "$uid.vcf"
-    }
-
     /**
      * Clears cached [contact] so that the next read of [contact] will query the content provider again.
      */
@@ -95,34 +75,38 @@ class LocalContact: AndroidContact, LocalAddress {
         _contact = null
     }
 
-    override fun clearDirty(fileName: String?, eTag: String?, scheduleTag: String?) {
+    override fun clearDirty(fileName: Optional<String>, eTag: String?, scheduleTag: String?) {
         if (scheduleTag != null)
             throw IllegalArgumentException("Contacts must not have a Schedule-Tag")
 
         val values = ContentValues(4)
-        if (fileName != null)
-            values.put(COLUMN_FILENAME, fileName)
+        if (fileName.isPresent)
+            values.put(COLUMN_FILENAME, fileName.get())
         values.put(COLUMN_ETAG, eTag)
-        values.put(ContactsContract.RawContacts.DIRTY, 0)
+        values.put(RawContacts.DIRTY, 0)
 
         // Android 7 workaround
         addressBook.dirtyVerifier.getOrNull()?.setHashCodeColumn(this, values)
 
         addressBook.provider!!.update(rawContactSyncURI(), values, null, null)
 
-        if (fileName != null)
-            this.fileName = fileName
+        if (fileName.isPresent)
+            this.fileName = fileName.get()
         this.eTag = eTag
     }
 
-    override fun resetDeleted() {
-        val values = contentValuesOf(ContactsContract.Groups.DELETED to 0)
+    fun resetDirty() {
+        val values = contentValuesOf(RawContacts.DIRTY to 0)
         addressBook.provider!!.update(rawContactSyncURI(), values, null, null)
     }
 
-    fun resetDirty() {
-        val values = contentValuesOf(ContactsContract.RawContacts.DIRTY to 0)
-        addressBook.provider!!.update(rawContactSyncURI(), values, null, null)
+    override fun update(data: Contact, fileName: String?, eTag: String?, scheduleTag: String?, flags: Int) {
+        this.fileName = fileName
+        this.eTag = eTag
+        this.flags = flags
+
+        // processes this.{fileName, eTag, flags} and resets DIRTY flag
+        update(data)
     }
 
     override fun updateFlags(flags: Int) {
@@ -132,31 +116,70 @@ class LocalContact: AndroidContact, LocalAddress {
         this.flags = flags
     }
 
+    override fun updateSequence(sequence: Int) = throw NotImplementedError()
 
-    fun addToGroup(batch: BatchOperation, groupID: Long) {
-        batch.enqueue(BatchOperation.CpoBuilder
-                .newInsert(dataSyncURI())
-                .withValue(GroupMembership.MIMETYPE, GroupMembership.CONTENT_ITEM_TYPE)
-                .withValue(GroupMembership.RAW_CONTACT_ID, id)
-                .withValue(GroupMembership.GROUP_ROW_ID, groupID))
+    override fun updateUid(uid: String) {
+        val values = contentValuesOf(COLUMN_UID to uid)
+        addressBook.provider!!.update(rawContactSyncURI(), values, null, null)
+    }
+
+    override fun deleteLocal() {
+        delete()
+    }
+
+    override fun resetDeleted() {
+        val values = contentValuesOf(ContactsContract.Groups.DELETED to 0)
+        addressBook.provider!!.update(rawContactSyncURI(), values, null, null)
+    }
+
+    override fun getDebugSummary() =
+        MoreObjects.toStringHelper(this)
+            .add("id", id)
+            .add("fileName", fileName)
+            .add("eTag", eTag)
+            .add("flags", flags)
+            /*.add("contact",
+                try {
+                    // too dangerous, may contain unknown properties and cause another OOM
+                    Ascii.truncate(getContact().toString(), 1000, "…")
+                } catch (e: Exception) {
+                    e
+                }
+            )*/
+            .toString()
+
+    override fun getViewUri(context: Context): Uri? =
+        id?.let { idNotNull ->
+            getContactLookupUri(
+                context.contentResolver,
+                ContentUris.withAppendedId(RawContacts.CONTENT_URI, idNotNull)
+            )
+        }
+
+
+    fun addToGroup(batch: ContactsBatchOperation, groupID: Long) {
+        batch += BatchOperation.CpoBuilder
+            .newInsert(dataSyncURI())
+            .withValue(GroupMembership.MIMETYPE, GroupMembership.CONTENT_ITEM_TYPE)
+            .withValue(GroupMembership.RAW_CONTACT_ID, id)
+            .withValue(GroupMembership.GROUP_ROW_ID, groupID)
         groupMemberships += groupID
 
-        batch.enqueue(BatchOperation.CpoBuilder
-                .newInsert(dataSyncURI())
-                .withValue(CachedGroupMembership.MIMETYPE, CachedGroupMembership.CONTENT_ITEM_TYPE)
-                .withValue(CachedGroupMembership.RAW_CONTACT_ID, id)
-                .withValue(CachedGroupMembership.GROUP_ID, groupID)
-        )
+        batch += BatchOperation.CpoBuilder
+            .newInsert(dataSyncURI())
+            .withValue(CachedGroupMembership.MIMETYPE, CachedGroupMembership.CONTENT_ITEM_TYPE)
+            .withValue(CachedGroupMembership.RAW_CONTACT_ID, id)
+            .withValue(CachedGroupMembership.GROUP_ID, groupID)
         cachedGroupMemberships += groupID
     }
 
     fun removeGroupMemberships(batch: BatchOperation) {
-        batch.enqueue(BatchOperation.CpoBuilder
-                .newDelete(dataSyncURI())
-                .withSelection(
-                        "${Data.RAW_CONTACT_ID}=? AND ${Data.MIMETYPE} IN (?,?)",
-                        arrayOf(id.toString(), GroupMembership.CONTENT_ITEM_TYPE, CachedGroupMembership.CONTENT_ITEM_TYPE)
-                ))
+        batch += BatchOperation.CpoBuilder
+            .newDelete(dataSyncURI())
+            .withSelection(
+                "${Data.RAW_CONTACT_ID}=? AND ${Data.MIMETYPE} IN (?,?)",
+                arrayOf(id.toString(), GroupMembership.CONTENT_ITEM_TYPE, CachedGroupMembership.CONTENT_ITEM_TYPE)
+            )
         groupMemberships.clear()
         cachedGroupMemberships.clear()
     }
@@ -193,6 +216,7 @@ class LocalContact: AndroidContact, LocalAddress {
         super.buildContact(builder, update)
     }
 
+
     // factory
 
     object Factory: AndroidContactFactory<LocalContact> {