android proxy: fix initial proxy settings state (#2709)

Description: Upon investigation of multiple sessions with active proxy settings it seems to be highly likely that our EM proxy logic did not engage in all of the aforementioned sessions. That appears to be a direct result of the way our logic for registering to `PROXY_CHANGE` intent works. The implementation assumes that upon subscription to the intent we always receive an initial intent with the state of proxy settings. That does not seem to be guaranteed by Android as `PROXY_CHANGE` intent is not documented to be sticky (a term used by Android) and whether it's sticky or not may depend on manufacturer / type of the proxy update.
Risk Level: Low, hidden behind a feature flag and disabled by default.
Testing: Integration tests
Docs Changes: N/A
Release Notes: N/A

Signed-off-by: Rafal Augustyniak <raugustyniak@lyft.com>

Author: Augustyniak

library/java/io/envoyproxy/envoymobile/engine/AndroidProxyMonitor.java

@@ -35,6 +35,12 @@ private AndroidProxyMonitor(Context context, EnvoyEngine envoyEngine) {
     this.envoyEngine = envoyEngine;
     this.connectivityManager =
         (ConnectivityManager)context.getSystemService(Context.CONNECTIVITY_SERVICE);
+    // PROXY_INFO is not guaranteed to be a sticky intent so we need to trigger
+    // a manual poll of proxy settings. Proxy settings received as a result of PROXY_INFO
+    // intent updates should take precedence/override locally polled settings,
+    // hence we trigger a manual proxy settings poll before we subscribe to PROXY_INFO intent
+    // updates.
+    handleProxyChange(null);
     registerReceiver(context);
   }
 
@@ -76,6 +82,11 @@ private ProxyInfo extractProxyInfo(final Intent intent) {
     //
     // See https://github.com/envoyproxy/envoy-mobile/issues/2531 for more details.
     if (info.getPacFileUrl() != null && info.getPacFileUrl() != Uri.EMPTY) {
+      if (intent == null) {
+        // PAC proxies are supported only when Intent is present
+        return null;
+      }
+
       Bundle extras = intent.getExtras();
       if (extras == null) {
         return null;

test/kotlin/integration/proxying/BUILD

@@ -12,9 +12,9 @@ envoy_mobile_kt_library(
 )
 
 envoy_mobile_android_test(
-    name = "perform_http_request_using_proxy_test",
+    name = "proxy_info_intent_perform_http_request_using_proxy_test",
     srcs = [
-        "PerformHTTPRequestUsingProxyTest.kt",
+        "ProxyInfoIntentPerformHTTPRequestUsingProxyTest.kt",
     ],
     exec_properties = {
         # TODO(lfpino): Remove this once the sandboxNetwork=off works for ipv4 localhost addresses.
@@ -33,9 +33,9 @@ envoy_mobile_android_test(
 )
 
 envoy_mobile_android_test(
-    name = "perform_https_request_using_proxy_test",
+    name = "proxy_info_intent_perform_https_request_using_proxy_test",
     srcs = [
-        "PerformHTTPSRequestUsingProxyTest.kt",
+        "ProxyInfoIntentPerformHTTPSRequestUsingProxyTest.kt",
     ],
     exec_properties = {
         # TODO(lfpino): Remove this once the sandboxNetwork=off works for ipv4 localhost addresses.
@@ -54,9 +54,9 @@ envoy_mobile_android_test(
 )
 
 envoy_mobile_android_test(
-    name = "perform_https_request_using_async_proxy_test",
+    name = "proxy_info_intent_perform_https_request_using_async_proxy_test",
     srcs = [
-        "PerformHTTPSRequestUsingAsyncProxyTest.kt",
+        "ProxyInfoIntentPerformHTTPSRequestUsingAsyncProxyTest.kt",
     ],
     exec_properties = {
         # TODO(lfpino): Remove this once the sandboxNetwork=off works for ipv4 localhost addresses.
@@ -75,9 +75,51 @@ envoy_mobile_android_test(
 )
 
 envoy_mobile_android_test(
-    name = "perform_https_request_bad_hostname",
+    name = "proxy_info_intent_perform_https_request_bad_hostname",
     srcs = [
-        "PerformHTTPSRequestBadHostname.kt",
+        "ProxyInfoIntentPerformHTTPSRequestBadHostnameTest.kt",
+    ],
+    exec_properties = {
+        # TODO(lfpino): Remove this once the sandboxNetwork=off works for ipv4 localhost addresses.
+        "sandboxNetwork": "standard",
+        "dockerNetwork": "standard",
+    },
+    native_deps = [
+        "//library/common/jni:libndk_envoy_jni.so",
+        "//library/common/jni:libndk_envoy_jni.jnilib",
+    ],
+    deps = [
+        "//library/kotlin/io/envoyproxy/envoymobile:envoy_interfaces_lib",
+        "//library/kotlin/io/envoyproxy/envoymobile:envoy_lib",
+        "//test/kotlin/integration/proxying:proxy_lib",
+    ],
+)
+
+envoy_mobile_android_test(
+    name = "proxy_poll_perform_http_request_using_proxy",
+    srcs = [
+        "ProxyPollPerformHTTPRequestUsingProxyTest.kt",
+    ],
+    exec_properties = {
+        # TODO(lfpino): Remove this once the sandboxNetwork=off works for ipv4 localhost addresses.
+        "sandboxNetwork": "standard",
+        "dockerNetwork": "standard",
+    },
+    native_deps = [
+        "//library/common/jni:libndk_envoy_jni.so",
+        "//library/common/jni:libndk_envoy_jni.jnilib",
+    ],
+    deps = [
+        "//library/kotlin/io/envoyproxy/envoymobile:envoy_interfaces_lib",
+        "//library/kotlin/io/envoyproxy/envoymobile:envoy_lib",
+        "//test/kotlin/integration/proxying:proxy_lib",
+    ],
+)
+
+envoy_mobile_android_test(
+    name = "proxy_poll_perform_http_request_without_using_pac_proxy",
+    srcs = [
+        "ProxyPollPerformHTTPRequestWithoutUsingPACProxyTest.kt",
     ],
     exec_properties = {
         # TODO(lfpino): Remove this once the sandboxNetwork=off works for ipv4 localhost addresses.

…ying/PerformHTTPRequestUsingProxyTest.kt …ntentPerformHTTPRequestUsingProxyTest.kttest/kotlin/integration/proxying/PerformHTTPRequestUsingProxyTest.kt renamed to test/kotlin/integration/proxying/ProxyInfoIntentPerformHTTPRequestUsingProxyTest.kt test/kotlin/integration/proxying/PerformHTTPRequestUsingProxyTest.kt renamed to test/kotlin/integration/proxying/ProxyInfoIntentPerformHTTPRequestUsingProxyTest.kt

@@ -0,0 +1,107 @@
+package test.kotlin.integration.proxying
+
+import android.content.Intent
+import android.content.Context
+import android.net.ConnectivityManager
+import android.net.Proxy
+import android.net.ProxyInfo
+import androidx.test.core.app.ApplicationProvider
+
+import io.envoyproxy.envoymobile.AndroidEngineBuilder
+import io.envoyproxy.envoymobile.Custom
+import io.envoyproxy.envoymobile.Engine
+import io.envoyproxy.envoymobile.engine.JniLibrary
+import io.envoyproxy.envoymobile.LogLevel
+import io.envoyproxy.envoymobile.RequestHeadersBuilder
+import io.envoyproxy.envoymobile.RequestMethod
+import io.envoyproxy.envoymobile.ResponseHeaders
+import io.envoyproxy.envoymobile.StreamIntel
+
+import java.util.concurrent.CountDownLatch
+import java.util.concurrent.Executors
+import java.util.concurrent.TimeUnit
+
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.mockito.Mock
+import org.mockito.Mockito
+import org.robolectric.RobolectricTestRunner
+
+//                                               ┌──────────────────┐
+//                                               │   Proxy Engine   │
+//                                               │ ┌──────────────┐ │
+// ┌────────────────────────┐                  ┌─┼─►listener_proxy│ │
+// │http://api.lyft.com/ping│  ┌──────────────┬┘ │ └──────┬───────┘ │ ┌────────────┐
+// │        Request         ├──►Android Engine│  │        │         │ │api.lyft.com│
+// └────────────────────────┘  └──────────────┘  │ ┌──────▼──────┐  │ └──────▲─────┘
+//                                               │ │cluster_proxy│  │        │
+//                                               │ └─────────────┴──┼────────┘
+//                                               │                  │
+//                                               └──────────────────┘
+@RunWith(RobolectricTestRunner::class)
+class PerformHTTPRequestUsingProxy {
+  init {
+    JniLibrary.loadTestLibrary()
+  }
+
+  @Test
+  fun `performs an HTTP request through a proxy`() {
+    val port = (10001..11000).random()
+
+    val context = Mockito.spy(ApplicationProvider.getApplicationContext<Context>())
+    val connectivityManager: ConnectivityManager = Mockito.mock(ConnectivityManager::class.java)
+    Mockito.doReturn(connectivityManager).`when`(context).getSystemService(Context.CONNECTIVITY_SERVICE)
+    Mockito.`when`(connectivityManager.getDefaultProxy()).thenReturn(ProxyInfo.buildDirectProxy("127.0.0.1", port))
+
+    val onProxyEngineRunningLatch = CountDownLatch(1)
+    val onEngineRunningLatch = CountDownLatch(1)
+    val onRespondeHeadersLatch = CountDownLatch(1)
+
+    val proxyEngineBuilder = Proxy(context, port)
+      .http()
+    val proxyEngine = proxyEngineBuilder
+      .addLogLevel(LogLevel.DEBUG)
+      .setOnEngineRunning { onProxyEngineRunningLatch.countDown() }
+      .build()
+
+    onProxyEngineRunningLatch.await(10, TimeUnit.SECONDS)
+    assertThat(onProxyEngineRunningLatch.count).isEqualTo(0)
+
+    val builder = AndroidEngineBuilder(context)
+    val engine = builder
+      .addLogLevel(LogLevel.DEBUG)
+      .enableProxying(true)
+      .setOnEngineRunning { onEngineRunningLatch.countDown() }
+      .build()
+
+    onEngineRunningLatch.await(10, TimeUnit.SECONDS)
+    assertThat(onEngineRunningLatch.count).isEqualTo(0)
+
+    val requestHeaders = RequestHeadersBuilder(
+      method = RequestMethod.GET,
+      scheme = "http",
+      authority = "api.lyft.com",
+      path = "/ping"
+    )
+      .build()
+
+    engine
+      .streamClient()
+      .newStreamPrototype()
+      .setOnResponseHeaders { responseHeaders, _, _ ->
+        val status = responseHeaders.httpStatus ?: 0L
+        assertThat(status).isEqualTo(301)
+        assertThat(responseHeaders.value("x-proxy-response")).isEqualTo(listOf("true"))
+        onRespondeHeadersLatch.countDown()
+      }
+      .start(Executors.newSingleThreadExecutor())
+      .sendHeaders(requestHeaders, true)
+
+    onRespondeHeadersLatch.await(15, TimeUnit.SECONDS)
+    assertThat(onRespondeHeadersLatch.count).isEqualTo(0)
+
+    engine.terminate()
+    proxyEngine.terminate()
+  }
+}

…oxying/PerformHTTPSRequestBadHostname.kt …entPerformHTTPSRequestBadHostnameTest.kttest/kotlin/integration/proxying/PerformHTTPSRequestBadHostname.kt renamed to test/kotlin/integration/proxying/ProxyInfoIntentPerformHTTPSRequestBadHostnameTest.kt test/kotlin/integration/proxying/PerformHTTPSRequestBadHostname.kt renamed to test/kotlin/integration/proxying/ProxyInfoIntentPerformHTTPSRequestBadHostnameTest.kt

@@ -0,0 +1,110 @@
+package test.kotlin.integration.proxying
+
+import android.content.Intent
+import android.content.Context
+import android.net.ConnectivityManager
+import android.net.Proxy
+import android.net.ProxyInfo
+import android.net.Uri
+import androidx.test.core.app.ApplicationProvider
+
+import io.envoyproxy.envoymobile.AndroidEngineBuilder
+import io.envoyproxy.envoymobile.Custom
+import io.envoyproxy.envoymobile.Engine
+import io.envoyproxy.envoymobile.engine.JniLibrary
+import io.envoyproxy.envoymobile.LogLevel
+import io.envoyproxy.envoymobile.RequestHeadersBuilder
+import io.envoyproxy.envoymobile.RequestMethod
+import io.envoyproxy.envoymobile.ResponseHeaders
+import io.envoyproxy.envoymobile.StreamIntel
+
+import java.util.concurrent.CountDownLatch
+import java.util.concurrent.Executors
+import java.util.concurrent.TimeUnit
+
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.mockito.Mock
+import org.mockito.Mockito
+import org.robolectric.RobolectricTestRunner
+
+//                                                ┌──────────────────┐
+//                                                │   Proxy Engine   │
+//                                                │ ┌──────────────┐ │
+// ┌─────────────────────────┐                    │ │listener_proxy│ │
+// │https://api.lyft.com/ping│  ┌──────────────┐  │ └──────┬───────┘ │ ┌────────────┐
+// │       HTTP Request      ├──►Android Engine│  │        │         │ │api.lyft.com│
+// └─────────────────────────┘  └───────┬──────┘  │ ┌──────▼──────┐  │ └──────▲─────┘
+//                                      │         │ │cluster_proxy│  │        │
+//                                      │         │ └─────────────┘  │        │
+//                                      │         │                  │        │
+//                                      │         └──────────────────┘        │
+//                                      │                                     │
+//                                      └─────────────────────────────────────┘
+@RunWith(RobolectricTestRunner::class)
+class PerformHTTPRequestUsingProxy {
+  init {
+    JniLibrary.loadTestLibrary()
+  }
+
+  @Test
+  fun `performs an HTTP request through a proxy`() {
+    val port = (10001..11000).random()
+
+    val context = Mockito.spy(ApplicationProvider.getApplicationContext<Context>())
+    val connectivityManager: ConnectivityManager = Mockito.mock(ConnectivityManager::class.java)
+    Mockito.doReturn(connectivityManager).`when`(context).getSystemService(Context.CONNECTIVITY_SERVICE)
+    Mockito.`when`(connectivityManager.getDefaultProxy()).thenReturn(ProxyInfo.buildPacProxy(Uri.parse("https://example.com")))
+
+    val onProxyEngineRunningLatch = CountDownLatch(1)
+    val onEngineRunningLatch = CountDownLatch(1)
+    val onRespondeHeadersLatch = CountDownLatch(1)
+
+    val proxyEngineBuilder = Proxy(context, port)
+      .http()
+    val proxyEngine = proxyEngineBuilder
+      .addLogLevel(LogLevel.DEBUG)
+      .setOnEngineRunning { onProxyEngineRunningLatch.countDown() }
+      .build()
+
+    onProxyEngineRunningLatch.await(10, TimeUnit.SECONDS)
+    assertThat(onProxyEngineRunningLatch.count).isEqualTo(0)
+
+    val builder = AndroidEngineBuilder(context)
+    val engine = builder
+      .addLogLevel(LogLevel.DEBUG)
+      .enableProxying(true)
+      .setOnEngineRunning { onEngineRunningLatch.countDown() }
+      .build()
+
+    onEngineRunningLatch.await(10, TimeUnit.SECONDS)
+    assertThat(onEngineRunningLatch.count).isEqualTo(0)
+
+    val requestHeaders = RequestHeadersBuilder(
+      method = RequestMethod.GET,
+      scheme = "http",
+      authority = "api.lyft.com",
+      path = "/ping"
+    )
+      .build()
+
+    engine
+      .streamClient()
+      .newStreamPrototype()
+      .setOnResponseHeaders { responseHeaders, _, _ ->
+        val status = responseHeaders.httpStatus ?: 0L
+        assertThat(status).isEqualTo(301)
+        assertThat(responseHeaders.value("x-proxy-response")).isNull();
+        onRespondeHeadersLatch.countDown()
+      }
+      .start(Executors.newSingleThreadExecutor())
+      .sendHeaders(requestHeaders, true)
+
+    onRespondeHeadersLatch.await(15, TimeUnit.SECONDS)
+    assertThat(onRespondeHeadersLatch.count).isEqualTo(0)
+
+    engine.terminate()
+    proxyEngine.terminate()
+  }
+}