Merge branch 'test-session-resume' into 'master'

Test that session gets only resumed for a short time (10s)

See merge request fdroid/fdroidclient!1347

libs/download/src/androidInstrumentedTest/kotlin/org/fdroid/download/HttpManagerInstrumentationTest.kt

@@ -6,6 +6,7 @@ import io.ktor.client.engine.HttpClientEngine
 import io.ktor.client.engine.HttpClientEngineFactory
 import io.ktor.client.engine.okhttp.OkHttp
 import io.ktor.client.engine.okhttp.OkHttpConfig
+import kotlinx.coroutines.delay
 import okhttp3.ConnectionSpec
 import okhttp3.ConnectionSpec.Companion.MODERN_TLS
 import okhttp3.ConnectionSpec.Companion.RESTRICTED_TLS
@@ -19,6 +20,8 @@ import org.junit.runner.RunWith
 import javax.net.ssl.SSLHandshakeException
 import kotlin.test.Test
 import kotlin.test.assertEquals
+import kotlin.test.assertFalse
+import kotlin.test.assertTrue
 
 @RunWith(AndroidJUnit4::class)
 @Suppress("BlockingMethodInNonBlockingContext")
@@ -94,4 +97,29 @@ internal class HttpManagerInstrumentationTest {
         assertEquals("TLS 1.2", json.getString("tls_version"))
         assertEquals(0, json.getJSONObject("insecure_cipher_suites").length())
     }
+
+    @Test
+    fun checkSessionResumeShort() = runSuspend {
+        val httpManager = HttpManager(userAgent, null)
+        val mirror = Mirror("https://tlsprivacy.nervuri.net")
+        val indexFile: IndexFile = getIndexFile("/json/v1")
+        val downloadRequest = DownloadRequest(indexFile, listOf(mirror))
+
+        // first request had no session to resume
+        JSONObject(httpManager.getBytes(downloadRequest).decodeToString()).let { json ->
+            val connectionInfo = json.getJSONObject("connection_info")
+            assertFalse(connectionInfo.getBoolean("session_resumed"))
+        }
+        // second request right after resumed session
+        JSONObject(httpManager.getBytes(downloadRequest).decodeToString()).let { json ->
+            val connectionInfo = json.getJSONObject("connection_info")
+            assertTrue(connectionInfo.getBoolean("session_resumed"))
+        }
+        delay(10_100)
+        // third request after 10s did not resume session
+        JSONObject(httpManager.getBytes(downloadRequest).decodeToString()).let { json ->
+            val connectionInfo = json.getJSONObject("connection_info")
+            assertFalse(connectionInfo.getBoolean("session_resumed"))
+        }
+    }
 }

libs/download/src/androidMain/kotlin/org/fdroid/download/HttpManager.kt

@@ -32,7 +32,7 @@ internal actual fun getHttpClientEngineFactory(customDns: Dns?): HttpClientEngin
                     dns(customDns)
                 }
                 hostnameVerifier { hostname, session ->
-                    session?.sessionContext?.sessionTimeout = 60
+                    session?.sessionContext?.sessionTimeout = 10
                     // use default hostname verifier
                     OkHostnameVerifier.verify(hostname, session)
                 }

libs/download/src/commonMain/kotlin/org/fdroid/download/HttpManager.kt

@@ -29,16 +29,14 @@ import io.ktor.http.HttpStatusCode.Companion.NotFound
 import io.ktor.http.HttpStatusCode.Companion.PartialContent
 import io.ktor.http.Url
 import io.ktor.http.contentLength
-import io.ktor.util.toByteArray
 import io.ktor.utils.io.ByteChannel
 import io.ktor.utils.io.ByteReadChannel
-import io.ktor.utils.io.close
 import io.ktor.utils.io.core.isEmpty
 import io.ktor.utils.io.core.readBytes
-import io.ktor.utils.io.writeFully
 import mu.KotlinLogging
 import okhttp3.Dns
 import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
+import java.io.ByteArrayOutputStream
 import kotlin.coroutines.cancellation.CancellationException
 
 internal expect fun getHttpClientEngineFactory(customDns: Dns?): HttpClientEngineFactory<*>
@@ -202,12 +200,13 @@ public open class HttpManager @JvmOverloads constructor(
         request: DownloadRequest,
         skipFirstBytes: Long? = null,
     ): ByteArray {
-        val channel = ByteChannel()
-        get(request, skipFirstBytes) { bytes, _ ->
-            channel.writeFully(bytes)
+        val outputStream = ByteArrayOutputStream()
+        outputStream.use {
+            get(request, skipFirstBytes) { bytes, _ ->
+                it.write(bytes)
+            }
         }
-        channel.close()
-        return channel.toByteArray()
+        return outputStream.toByteArray()
     }
 
     public suspend fun post(url: String, json: String, proxy: ProxyConfig? = null) {