Merge branch 'main' of https://github.com/aws/aws-iot-device-sdk-java-v2

into win_cert_store_fix
aws · Apr 11, 2024 · 6c1f495 · 6c1f495
2 parents 4a4f1f2 + 2f5f68c
commit 6c1f495
Show file tree

Hide file tree

Showing 87 changed files with 2,452 additions and 1,118 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,7 +7,7 @@ on:
       - 'docs'
 
 env:
-  BUILDER_VERSION: v0.9.56
+  BUILDER_VERSION: v0.9.58
   BUILDER_SOURCE: releases
   BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
   PACKAGE_NAME: aws-iot-device-sdk-java-v2
@@ -72,7 +72,7 @@ jobs:
       id-token: write # This is required for requesting the JWT
     steps:
       - name: configure AWS credentials (containers)
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v2
         with:
           role-to-assume: ${{ env.CI_IOT_CONTAINERS }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
@@ -98,7 +98,7 @@ jobs:
       id-token: write # This is required for requesting the JWT
     steps:
       - name: configure AWS credentials (containers)
-        uses: aws-actions/configure-aws-credentials@v1
+        uses: aws-actions/configure-aws-credentials@v2
         with:
           role-to-assume: ${{ env.CI_IOT_CONTAINERS }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
@@ -384,29 +384,20 @@ jobs:
           ./gradlew assembledebug
           ./gradlew publishToMavenLocal -PnewVersion="1.0.0-SNAPSHOT"
           echo "Build status report=${{ job.status }}."
-
-      - name: Setup Android Test Files
+      - name: Setup Android Test Files New
         run: |
           cd sdk/tests/android/testapp/src/main/assets
-          endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$endpoint" > endpoint.txt
-          pubSubCert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$pubSubCert" > pubSubCertificate.pem
-          pubSubKey=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$pubSubKey" > pubSubPrivatekey.pem
-          cognitoIdentity=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/Cognito/identity_id" --query "SecretString" | cut -f2 -d\") && echo -e "$cognitoIdentity" > cognitoIdentity.txt
-          jobsCert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/Jobs/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$jobsCert" > jobsCertificate.pem
-          jobsKey=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/Jobs/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$jobsKey" > jobsPrivatekey.pem
-          shadowCert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/Shadow/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$shadowCert" > shadowCertificate.pem
-          shadowKey=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/Shadow/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$shadowKey" > shadowPrivatekey.pem
-          mqtt5PubSubCert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/mqtt5/us/mqtt5_thing/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$mqtt5PubSubCert" > mqtt5PubSubCertificate.pem
-          mqtt5PubSubKey=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/mqtt5/us/mqtt5_thing/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$mqtt5PubSubKey" > mqtt5PubSubPrivatekey.pem
-          cd ../../..
+          python3 -m pip install boto3
+          python3 ./android_file_creation.py
+      - name: Build Test App
+        run: |
+          cd sdk/tests/android/testapp
           ../../../../android/gradlew assembledebug
           ../../../../android/gradlew assembleAndroidTest
-          cd ../../../..
-
+          cd ~
       - name: Python Script
         run: |
           echo "Attempting to run python script"
-          python3 -m pip install boto3
           python3 -m pip install requests
           python3 ./utils/run_android_ci.py \
           --region ${{ env.AWS_DEVICE_FARM_REGION }} \

diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml
@@ -13,7 +13,5 @@ jobs:
             # These inputs are both required
             repo-token: "${{ secrets.GITHUB_TOKEN }}"
             message: |
-                     ### ⚠️COMMENT VISIBILITY WARNING⚠️ 
-                     Comments on closed issues are hard for our team to see. 
-                     If you need more assistance, please either tag a team member or open a new issue that references this one. 
-                     If you wish to keep having a conversation with other community members under this issue feel free to do so.
+                    This issue is now closed. Comments on closed issues are hard for our team to see. 
+                    If you need more assistance, please open a new issue that references this one. 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -67,7 +67,7 @@ jobs:
         force: true
 
     - name: configure AWS credentials (Release)
-      uses: aws-actions/configure-aws-credentials@v1
+      uses: aws-actions/configure-aws-credentials@v2
       with:
         role-to-assume: arn:aws:iam::180635532705:role/CI_V2_RELEASE_S3_ROLE
         aws-region: us-east-1

diff --git a/.github/workflows/stale_issue.yml b/.github/workflows/stale_issue.yml
@@ -33,8 +33,8 @@ jobs:
         closed-for-staleness-label: closed-for-staleness
 
         # Issue timing
-        days-before-stale: 2
-        days-before-close: 5
+        days-before-stale: 10
+        days-before-close: 4
         days-before-ancient: 36500
 
         # If you don't want to mark a issue as being ancient based on a

diff --git a/README.md b/README.md
@@ -11,6 +11,7 @@ This document provides information about the AWS IoT device SDK for Java V2. Thi
 * [FAQ](./documents/FAQ.md)
 * [API Docs](https://aws.github.io/aws-iot-device-sdk-java-v2/)
 * [MQTT5 User Guide](./documents/MQTT5_Userguide.md)
+* [Migration Guide from the AWS IoT SDK for Java v1](./documents/MIGRATION_GUIDE.md)
 
 ## Installation
 
@@ -37,11 +38,11 @@ Consuming this SDK via Maven is the preferred method of consuming it and using i
 <dependency>
   <groupId>software.amazon.awssdk.iotdevicesdk</groupId>
   <artifactId>aws-iot-device-sdk</artifactId>
-  <version>1.20.0</version>
+  <version>1.20.2</version>
 </dependency>
 ```
 
-Replace `1.20.0` in `<version>1.20.0</version>` with the latest release version for the SDK.
+Replace `1.20.2` in `<version>1.20.2</version>` with the latest release version for the SDK.
 Look up the latest SDK version here: https://github.com/aws/aws-iot-device-sdk-java-v2/releases
 
 ### Build IoT Device SDK from source
@@ -94,4 +95,4 @@ is provided by code that been generated from a model of the service.
 
 This library is licensed under the [Apache 2.0 License](./documents/LICENSE).
 
-Latest released version: v1.20.0
+Latest released version: v1.20.2
diff --git a/android/iotdevicesdk/build.gradle b/android/iotdevicesdk/build.gradle
@@ -47,7 +47,7 @@ android {
     buildToolsVersion "30.0.3"
 
     defaultConfig {
-        minSdkVersion 26
+        minSdkVersion 24
         targetSdkVersion 30
         versionCode = gitVersionCode()
         versionName = gitVersionName()
@@ -84,6 +84,10 @@ android {
     compileOptions {
         sourceCompatibility = 1.8
         targetCompatibility = 1.8
+        // Enable desugaring so that Android lint doesn't flag `java.time` usage. Downstream
+        // consumers will need to enable desugaring to use this library.
+        // See: https://developer.android.com/studio/write/java8-support#library-desugaring
+        coreLibraryDesugaringEnabled true
     }
 }
 
@@ -93,7 +97,8 @@ repositories {
 }
 
 dependencies {
-    api 'software.amazon.awssdk.crt:aws-crt-android:0.29.10'
+    api 'software.amazon.awssdk.crt:aws-crt-android:0.29.16'
+    coreLibraryDesugaring 'com.android.tools:desugar_jdk_libs:1.1.5'
     implementation 'org.slf4j:slf4j-api:1.7.30'
     implementation 'com.google.code.gson:gson:2.9.0'
     implementation 'androidx.appcompat:appcompat:1.1.0'

diff --git a/.../iotdevicesdk/src/main/java/software/amazon/awssdk/iot/AndroidKeyChainHandlerBuilder.java b/.../iotdevicesdk/src/main/java/software/amazon/awssdk/iot/AndroidKeyChainHandlerBuilder.java
@@ -11,12 +11,12 @@
 import software.amazon.awssdk.crt.io.TlsContextCustomKeyOperationOptions;
 import software.amazon.awssdk.crt.io.TlsAndroidPrivateKeyOperationHandler;
 import software.amazon.awssdk.crt.io.TlsContextOptions;
+import software.amazon.awssdk.crt.utils.StringUtils;
 
 import java.io.StringWriter;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateEncodingException;
-import java.util.Base64;
 
 import android.content.Context;
 import android.security.KeyChain;
@@ -71,11 +71,9 @@ private static String getCertificateContent(Context context, String alias){
 
             if (myCertChain != null){
                 // Convert Certificate to PEM formated String
-                StringWriter stringWriter = new StringWriter();
-                stringWriter.write("-----BEGIN CERTIFICATE-----\n");
-                stringWriter.write(Base64.getEncoder().encodeToString(myCertChain[0].getEncoded()));
-                stringWriter.write("\n-----END CERTIFICATE-----\n");
-                String certificate = stringWriter.toString();
+                String certificateString = new String(StringUtils.base64Encode(myCertChain[0].getEncoded()));
+                String certificate = "-----BEGIN CERTIFICATE-----\n" + certificateString + "\n-----END CERTIFICATE-----\n";
+
                 Log.log(LogLevel.Debug,
                 LogSubject.JavaAndroidKeychain,
                 "Certificate retreived from Android KeyChain using Alias '" + alias + "'.");

diff --git a/codebuild/cd/deploy-snapshot-android.sh b/codebuild/cd/deploy-snapshot-android.sh
@@ -9,6 +9,6 @@ cd ./android
 GPG_KEY=$(cat /tmp/aws-sdk-common-runtime.key.asc)
 
 # Publish to nexus
-./gradlew -PnewVersion=$PKG_VERSION -PsigningKey=$"$GPG_KEY" -PsigningPassword=$GPG_PASSPHRASE -PsonatypeUsername='aws-sdk-common-runtime' -PsonatypePassword=$ST_PASSWORD publishToAwsNexus closeAwsNexusStagingRepository | tee /tmp/android_deploy.log
+./gradlew -PnewVersion=$PKG_VERSION -PsigningKey=$"$GPG_KEY" -PsigningPassword=$GPG_PASSPHRASE -PsonatypeUsername=$ST_USERNAME -PsonatypePassword=$ST_PASSWORD publishToAwsNexus closeAwsNexusStagingRepository | tee /tmp/android_deploy.log
 # Get the staging repository id and save it
 cat /tmp/android_deploy.log | grep "Created staging repository" | cut -d\' -f2 | tee /tmp/android_repositoryId.txt
diff --git a/codebuild/cd/deploy-snapshot.yml b/codebuild/cd/deploy-snapshot.yml
@@ -35,12 +35,14 @@ phases:
 
       # install settings.xml to ~/.m2/settings.xml
       - mkdir -p $HOME/.m2
-      - export CD_SETTINGS=$(aws secretsmanager get-secret-value --secret-id cd/aws-crt-java-settings --query "SecretString" | cut -f2 -d\")
+      - export CD_SETTINGS=$(aws secretsmanager get-secret-value --secret-id cd/aws-crt-java-settings/token --query "SecretString" | cut -f2 -d\")
       - echo $CD_SETTINGS > $HOME/.m2/settings.xml
 
-      - export ST_PASSWORD=$(aws --query "SecretString" secretsmanager get-secret-value --secret-id cd/Sonatype/JIRA/Password | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
-      # Use the password from secret manager to update the settings
-      - sed -i 's/password-to-replace/'"$ST_PASSWORD"'/g' $HOME/.m2/settings.xml
+      # Use the password and username from secret manager to update the settings
+      - export ST_USERNAME=$(aws --query "SecretString" secretsmanager get-secret-value --secret-id Sonatype/JIRA/token | cut -f2 -d":" | cut -f1 -d"," | sed -e 's/[\\\"\}]//g')
+      - export ST_PASSWORD=$(aws --query "SecretString" secretsmanager get-secret-value --secret-id Sonatype/JIRA/token | cut -f3 -d":" | sed -e 's/[\\\"\}]//g')
+      - sed -i 's|token-username|'"$ST_USERNAME"'|g' $HOME/.m2/settings.xml
+      - sed -i 's|token-password|'"$ST_PASSWORD"'|g' $HOME/.m2/settings.xml
 
       # import gpg key
       - export CD_KEY=$(aws secretsmanager get-secret-value --secret-id cd/aws-crt-java-key --query "SecretString" | cut -f2 -d\")

diff --git a/codebuild/cd/promote-release.yml b/codebuild/cd/promote-release.yml
@@ -26,12 +26,14 @@ phases:
 
       # install settings.xml to ~/.m2/settings.xml
       - mkdir -p $HOME/.m2
-      - export CD_SETTINGS=$(aws secretsmanager get-secret-value --secret-id cd/aws-crt-java-settings --query "SecretString" | cut -f2 -d\")
+      - export CD_SETTINGS=$(aws secretsmanager get-secret-value --secret-id cd/aws-crt-java-settings/token --query "SecretString" | cut -f2 -d\")
       - echo $CD_SETTINGS > $HOME/.m2/settings.xml
 
-      - export ST_PASSWORD=$(aws --query "SecretString" secretsmanager get-secret-value --secret-id cd/Sonatype/JIRA/Password | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
-      # Use the password from secret manager to update the settings
-      - sed -i 's/password-to-replace/'"$ST_PASSWORD"'/g' $HOME/.m2/settings.xml
+      # Use the password and username from secret manager to update the settings
+      - export ST_USERNAME=$(aws --query "SecretString" secretsmanager get-secret-value --secret-id Sonatype/JIRA/token | cut -f2 -d":" | cut -f1 -d"," | sed -e 's/[\\\"\}]//g')
+      - export ST_PASSWORD=$(aws --query "SecretString" secretsmanager get-secret-value --secret-id Sonatype/JIRA/token | cut -f3 -d":" | sed -e 's/[\\\"\}]//g')
+      - sed -i 's|token-username|'"$ST_USERNAME"'|g' $HOME/.m2/settings.xml
+      - sed -i 's|token-password|'"$ST_PASSWORD"'|g' $HOME/.m2/settings.xml
 
       # import gpg key
       - export CD_KEY=$(aws secretsmanager get-secret-value --secret-id cd/aws-crt-java-key --query "SecretString" | cut -f2 -d\")

diff --git a/documents/ANDROID.md b/documents/ANDROID.md
@@ -37,20 +37,23 @@ a dependency of the aws-iot-device-sdk-android library.
 * Java 11+ ([Download and Install Java](https://www.java.com/en/download/help/download_options.html))
   * [Set JAVA_HOME](./PREREQUISITES.md#set-java_home)
 * Gradle 7.4.2 ([Download and Install Gradle](https://gradle.org/install/))
-* Android SDK 26 ([Doanload SDK Manager](https://developer.android.com/tools/releases/platform-tools#downloads))
+* Android SDK 24 ([Download SDK Manager](https://developer.android.com/tools/releases/platform-tools#downloads))
   * [Set ANDROID_HOME](./PREREQUISITES.md#set-android_home)
 
+> [!NOTE]
+> The SDK supports Android minimum API of 24 but requires [desugaring](https://developer.android.com/studio/write/java8-support#library-desugaring) to support Java 8 language APIs used in by the SDK. If minimum Android API Version is set to 26+ desugaring is not required.
+
 ### Build and install IoT Device SDK from source
-Supports API 26 or newer.
-NOTE: The shadow sample does not currently complete on android due to its dependence on stdin keyboard input.
+> [!NOTE]
+> The shadow sample does not currently complete on android due to its dependence on stdin keyboard input.
 
 ``` sh
 # Create a workspace directory to hold all the SDK files
 mkdir sdk-workspace
 cd sdk-workspace
 # Clone the SDK repository
-# (Use the latest version of the SDK here instead of `v1.20.0`)
-git clone --branch v1.20.0 --recurse-submodules https://github.com/aws/aws-iot-device-sdk-java-v2.git
+# (Use the latest version of the SDK here instead of `v1.20.2`)
+git clone --branch v1.20.2 --recurse-submodules https://github.com/aws/aws-iot-device-sdk-java-v2.git
 # Compile and install the SDK for Android
 cd aws-iot-device-sdk-java-v2/android
 ./gradlew build
@@ -71,10 +74,10 @@ repositories {
 }
 
 dependencies {
-    api 'software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk-android:1.20.0'
+    api 'software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk-android:1.20.2'
 }
 ```
-Replace `1.20.0` in `software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk-android:1.20.0` with the latest release version for the SDK.
+Replace `1.20.2` in `software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk-android:1.20.2` with the latest release version for the SDK.
 Look up the latest SDK version here: https://github.com/aws/aws-iot-device-sdk-java-v2/releases
 
 ### Consuming from locally installed
@@ -86,10 +89,10 @@ repositories {
 }
 
 dependencies {
-    api 'software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk-android:1.20.0'
+    api 'software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk-android:1.20.2'
 }
 ```
-Replace `1.20.0` in `software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk-android:1.20.0` with the latest release version for the SDK
+Replace `1.20.2` in `software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk-android:1.20.2` with the latest release version for the SDK
 or replace with `1.0.0-SNAPSHOT` to use the SDK built and installed from source.
 Look up the latest SDK version here: https://github.com/aws/aws-iot-device-sdk-java-v2/releases