nlansing/DedicatedServerCourse
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Lesson 35 - Get Compute Auth Token Working

Browse Source
This commit is contained in:
Norman Lansing
2026-02-28 12:32:28 -05:00
parent 1d477ee42a
commit 4fde462bce
7743 changed files with 1397833 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

597
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/iot/Mqtt5Client.h Normal file
View File

@@ -0,0 +1,597 @@
#pragma once
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/crt/Config.h>
#include <aws/crt/Exports.h>
#include <aws/crt/auth/Sigv4Signing.h>
#include <aws/crt/mqtt/Mqtt5Client.h>
#include <aws/iot/MqttCommon.h>
#if !BYO_CRYPTO
namespace Aws
{
using namespace Crt::Mqtt5;
namespace Io
{
class ClientBootstrap;
class SocketOptions;
class TlsContextOptions;
class WebsocketConfig;
} // namespace Io
namespace Iot
{
/**
* Class encapsulating configuration for establishing an Aws IoT Mqtt5 Connectin with custom authorizer
*/
class AWS_CRT_CPP_API Mqtt5CustomAuthConfig
{
public:
/**
* Create a custom authorizer configuration
*/
Mqtt5CustomAuthConfig(Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
virtual ~Mqtt5CustomAuthConfig();
Mqtt5CustomAuthConfig(const Mqtt5CustomAuthConfig &rhs);
Mqtt5CustomAuthConfig(Mqtt5CustomAuthConfig &&rhs) = delete;
Mqtt5CustomAuthConfig &operator=(const Mqtt5CustomAuthConfig &rhs);
Mqtt5CustomAuthConfig &operator=(Mqtt5CustomAuthConfig &&rhs) = delete;
Mqtt5CustomAuthConfig &WithAuthorizerName(Crt::String authName);
Mqtt5CustomAuthConfig &WithUsername(Crt::String username);
Mqtt5CustomAuthConfig &WithPassword(Crt::ByteCursor password);
Mqtt5CustomAuthConfig &WithTokenKeyName(Crt::String tokenKeyName);
Mqtt5CustomAuthConfig &WithTokenValue(Crt::String tokenValue);
Mqtt5CustomAuthConfig &WithTokenSignature(Crt::String tokenSignature);
const Crt::Optional<Crt::String> &GetAuthorizerName();
const Crt::Optional<Crt::String> &GetUsername();
const Crt::Optional<Crt::ByteCursor> &GetPassword();
const Crt::Optional<Crt::String> &GetTokenKeyName();
const Crt::Optional<Crt::String> &GetTokenValue();
const Crt::Optional<Crt::String> &GetTokenSignature();
private:
/**
* Name of the custom authorizer to use.
*
* Required if the endpoint does not have a default custom authorizer associated with it. It is strongly
* suggested to URL-encode this value; the SDK will not do so for you.
*/
Crt::Optional<Crt::String> m_authorizerName;
/**
* The username to use with the custom authorizer. Query-string elements of this property value will be
* unioned with the query-string elements implied by other properties in this object.
*
* For example, if you set this to:
*
* 'MyUsername?someKey=someValue'
*
* and use {@link authorizerName} to specify the authorizer, the final username would look like:
*
* `MyUsername?someKey=someValue&x-amz-customauthorizer-name=<your authorizer's name>&...`
*/
Crt::Optional<Crt::String> m_username;
/**
* The password to use with the custom authorizer. Becomes the MQTT5 CONNECT packet's password property.
* AWS IoT Core will base64 encode this binary data before passing it to the authorizer's lambda function.
*/
Crt::Optional<Crt::ByteCursor> m_password;
/**
* Key used to extract the custom authorizer token from MQTT username query-string properties.
*
* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode this
* value; the SDK will not do so for you.
*/
Crt::Optional<Crt::String> m_tokenKeyName;
/**
* An opaque token value. This value must be signed by the private key associated with the custom authorizer
* and the result placed in the {@link tokenSignature} property.
*
* Required if the custom authorizer has signing enabled.
*/
Crt::Optional<Crt::String> m_tokenValue;
/**
* The digital signature of the token value in the {@link tokenValue} property. The signature must be based
* on the private key associated with the custom authorizer. The signature must be base64 encoded.
*
* Required if the custom authorizer has signing enabled.
*/
Crt::Optional<Crt::String> m_tokenSignature;
Crt::ByteBuf m_passwordStorage;
Crt::Allocator *m_allocator;
};
/**
* Represents a unique configuration for mqtt5 client and connection. Helps to setup Mqtt5ClientOptionsBuilder
* for mqtt5 client.
*/
class AWS_CRT_CPP_API Mqtt5ClientBuilder final
{
public:
/**
* Set the builder up for MTLS using certPath and pkeyPath. These are files on disk and must be in the
* PEM format.
*
* @param hostName - AWS IoT endpoint to connect to
* @param certPath path to the X509 certificate (pem file) to use
* @param pkeyPath path to the private key (pem file) to use
* @param allocator memory allocator to use
*
* @return Mqtt5ClientBuilder
*/
static Mqtt5ClientBuilder *NewMqtt5ClientBuilderWithMtlsFromPath(
const Crt::String hostName,
const char *certPath,
const char *pkeyPath,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for MTLS using cert and pkey. These are in-memory buffers and must be in the PEM
* format.
*
* @param hostName - AWS IoT endpoint to connect to
* @param certPath buffer containing the X509 certificate in a PEM format
* @param pkeyPath buffer containing the private key in a PEM format
* @param allocator memory allocator to use
*
* @return Mqtt5ClientBuilder
*/
static Mqtt5ClientBuilder *NewMqtt5ClientBuilderWithMtlsFromMemory(
const Crt::String hostName,
const Crt::ByteCursor &certPath,
const Crt::ByteCursor &pkeyPath,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for MTLS, using a PKCS#11 library for private key operations.
*
* NOTE: This only works on Unix devices.
*
* @param hostName - AWS IoT endpoint to connect to
* @param pkcs11Options PKCS#11 options
* @param allocator memory allocator to use
*
* @return Mqtt5ClientBuilder
*/
static Mqtt5ClientBuilder *NewMqtt5ClientBuilderWithMtlsPkcs11(
const Crt::String hostName,
const Crt::Io::TlsContextPkcs11Options &pkcs11Options,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for MTLS, using a PKCS#12 file for private key operations.
*
* NOTE: This only works on MacOS devices.
*
* @param hostName - AWS IoT endpoint to connect to
* @param options The PKCS12 options to use.
* @param allocator - memory allocator to use
*
* @return Mqtt5ClientBuilder
*/
static Mqtt5ClientBuilder *NewMqtt5ClientBuilderWithMtlsPkcs12(
const Crt::String hostName,
const struct Pkcs12Options &options,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for MTLS, using a certificate in a Windows certificate store.
*
* NOTE: This only works on Windows.
*
* @param hostName - AWS IoT endpoint to connect to
* @param windowsCertStorePath Path to certificate in a Windows certificate store.
* The path must use backslashes and end with the certificate's thumbprint.
* Example: `CurrentUser\MY\A11F8A9B5DF5B98BA3508FBCA575D09570E0D2C6`
* @param allocator memory allocator to use
*
* @return Mqtt5ClientBuilder
*/
static Mqtt5ClientBuilder *NewMqtt5ClientBuilderWithWindowsCertStorePath(
const Crt::String hostName,
const char *windowsCertStorePath,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for Websocket connection.
*
* @param hostName - AWS IoT endpoint to connect to
* @param config websocket configuration information
* @param allocator memory allocator to use
*
* Mqtt5ClientBuilder
*/
static Mqtt5ClientBuilder *NewMqtt5ClientBuilderWithWebsocket(
const Crt::String hostName,
const WebsocketConfig &config,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for connection using authorization configuration.
*
* @param hostName - AWS IoT endpoint to connect to
* @param customAuthConfig custom authorization configuration information
* @param allocator memory allocator to use
*
* Mqtt5ClientBuilder
*/
static Mqtt5ClientBuilder *NewMqtt5ClientBuilderWithCustomAuthorizer(
const Crt::String hostName,
const Mqtt5CustomAuthConfig &customAuthConfig,
Crt::Allocator *allocator) noexcept;
/**
* Sets the builder up for connection using authorization configuration using Websockets.
*
* @param hostName - AWS IoT endpoint to connect to
* @param customAuthConfig custom authorization configuration information
* @param config websocket configuration information
* @param allocator memory allocator to use
*
* Mqtt5ClientBuilder
*/
static Mqtt5ClientBuilder *NewMqtt5ClientBuilderWithCustomAuthorizerWebsocket(
const Crt::String hostName,
const Mqtt5CustomAuthConfig &customAuthConfig,
const WebsocketConfig &config,
Crt::Allocator *allocator) noexcept;
/**
* Sets the host to connect to.
*
* @param hostname endpoint to connect to
*
* @return this option object
*/
Mqtt5ClientBuilder &WithHostName(Crt::String hostname);
/**
* Set port to connect to
*
* @param port port to connect to
*
* @return this option object
*/
Mqtt5ClientBuilder &WithPort(uint32_t port) noexcept;
/**
* Set booststrap for mqtt5 client
*
* @param bootStrap bootstrap used for mqtt5 client. The default ClientBootstrap see
* Aws::Crt::ApiHandle::GetOrCreateStaticDefaultClientBootstrap.
*
* @return this option object
*/
Mqtt5ClientBuilder &WithBootstrap(Crt::Io::ClientBootstrap *bootStrap) noexcept;
/**
* Sets the certificate authority for the endpoint you're connecting to. This is a path to a file on disk
* and must be in PEM format.
*
* @param caPath path to the CA file in PEM format
*
* @return this builder object
*/
Mqtt5ClientBuilder &WithCertificateAuthority(const char *caPath) noexcept;
/**
* Sets the certificate authority for the endpoint you're connecting to. This is an in-memory buffer and
* must be in PEM format.
*
* @param cert buffer containing the CA certificate in a PEM format
*
* @return this builder object
*/
Mqtt5ClientBuilder &WithCertificateAuthority(const Crt::ByteCursor &cert) noexcept;
/**
* Overrides the socket properties of the underlying MQTT connections made by the client. Leave undefined
* to use defaults (no TCP keep alive, 10 second socket timeout).
*
* @param socketOptions - The socket properties of the underlying MQTT connections made by the client
* @return - The Mqtt5ClientBuilder
*/
Mqtt5ClientBuilder &WithSocketOptions(Crt::Io::SocketOptions socketOptions) noexcept;
/**
* Sets http proxy options.
*
* @param proxyOptions http proxy configuration for connection establishment
*
* @return this option object
*/
Mqtt5ClientBuilder &WithHttpProxyOptions(
const Crt::Http::HttpClientConnectionProxyOptions &proxyOptions) noexcept;
/**
* Sets the custom authorizer settings. This function will modify the username, port, and TLS options.
*
* @return this builder object
*/
Mqtt5ClientBuilder &WithCustomAuthorizer(const Iot::Mqtt5CustomAuthConfig &config) noexcept;
/**
* Sets mqtt5 connection options
*
* @param packetConnect package connection options
*
* @return this option object
*/
Mqtt5ClientBuilder &WithConnectOptions(std::shared_ptr<ConnectPacket> packetConnect) noexcept;
/**
* Sets session behavior. Overrides how the MQTT5 client should behave with respect to MQTT sessions.
*
* @param sessionBehavior how the MQTT5 client should behave with respect to MQTT sessions.
*
* @return this option object
*/
Mqtt5ClientBuilder &WithSessionBehavior(ClientSessionBehaviorType sessionBehavior) noexcept;
/**
* Sets client extended validation and flow control, additional controls for client behavior with
* respect to operation validation and flow control; these checks go beyond the base MQTT5 spec to
* respect limits of specific MQTT brokers.
*
* @param clientExtendedValidationAndFlowControl
*
* @return this option object
*/
Mqtt5ClientBuilder &WithClientExtendedValidationAndFlowControl(
ClientExtendedValidationAndFlowControl clientExtendedValidationAndFlowControl) noexcept;
/**
* Sets OfflineQueueBehavior, controls how disconnects affect the queued and in-progress operations
* tracked by the client. Also controls how new operations are handled while the client is not
* connected. In particular, if the client is not connected, then any operation that would be failed
* on disconnect (according to these rules) will also be rejected.
*
* @param offlineQueueBehavior
*
* @return this option object
*/
Mqtt5ClientBuilder &WithOfflineQueueBehavior(
ClientOperationQueueBehaviorType offlineQueueBehavior) noexcept;
/**
* Sets ReconnectOptions. Reconnect options includes retryJitterMode, min reconnect delay time and
* max reconnect delay time
*
* @param reconnectOptions
*
* @return this option object
*/
Mqtt5ClientBuilder &WithReconnectOptions(ReconnectOptions reconnectOptions) noexcept;
/**
* Sets the topic aliasing behavior that the client should use.
*
* @param topicAliasingOptions topic aliasing behavior options to use
* @return this builder object
*/
Mqtt5ClientBuilder &WithTopicAliasingOptions(TopicAliasingOptions topicAliasingOptions) noexcept;
/**
* Sets minConnectedTimeToResetReconnectDelayMs, amount of time that must elapse with an established
* connection before the reconnect delay is reset to the minimum. This helps alleviate bandwidth-waste
* in fast reconnect cycles due to permission failures on operations.
*
* @param minConnectedTimeToResetReconnectDelayMs
*
* @return this option object
*/
Mqtt5ClientBuilder &WithMinConnectedTimeToResetReconnectDelayMs(
uint64_t minConnectedTimeToResetReconnectDelayMs) noexcept;
/**
* Sets ping timeout (ms). Time interval to wait after sending a PINGREQ for a PINGRESP to arrive.
* If one does not arrive, the client will close the current connection.
*
* @param pingTimeoutMs
*
* @return this option object
*/
Mqtt5ClientBuilder &WithPingTimeoutMs(uint32_t pingTimeoutMs) noexcept;
/**
* Sets Connack Timeout (ms). Time interval to wait after sending a CONNECT request for a CONNACK
* to arrive. If one does not arrive, the connection will be shut down.
*
* @param connackTimeoutMs
*
* @return this option object
*/
Mqtt5ClientBuilder &WithConnackTimeoutMs(uint32_t connackTimeoutMs) noexcept;
/**
* Sets Operation Timeout(Seconds). Time interval to wait for an ack after sending a QoS 1+ PUBLISH,
* SUBSCRIBE, or UNSUBSCRIBE before failing the operation.
*
* @param ackTimeoutSec
*
* @return this option object
*/
Mqtt5ClientBuilder &WithAckTimeoutSec(uint32_t ackTimeoutSec) noexcept;
/**
* @deprecated the function is deprecated, please use `Mqtt5ClientBuilder::WithAckTimeoutSec(uint32_t)`
*
* Sets Operation Timeout(Seconds). Time interval to wait for an ack after sending a QoS 1+ PUBLISH,
* SUBSCRIBE, or UNSUBSCRIBE before failing the operation.
*
* @param ackTimeoutSec
*
* @return this option object
*/
Mqtt5ClientBuilder &WithAckTimeoutSeconds(uint32_t ackTimeoutSec) noexcept;
/**
* Overrides the default SDK Name to send as a metric in the MQTT CONNECT packet.
*
* @param sdkName string to use as the SDK name parameter in the connection string
*
* @return this builder object
*/
Mqtt5ClientBuilder &WithSdkName(const Crt::String &sdkName);
/**
* Overrides the default SDK Version to send as a metric in the MQTT CONNECT packet.
*
* @param sdkVersion string to use as the SDK version parameter in the connection string
*
* @return this builder object
*/
Mqtt5ClientBuilder &WithSdkVersion(const Crt::String &sdkVersion);
/**
* Builds a client configuration object from the set options.
*
* @return a new client connection config instance
*/
std::shared_ptr<Mqtt5Client> Build() noexcept;
/**
* @return true if the instance is in a valid state, false otherwise.
*/
explicit operator bool() const noexcept { return m_lastError == 0; }
/**
* @return the value of the last aws error encountered by operations on this instance.
*/
int LastError() const noexcept { return m_lastError ? m_lastError : AWS_ERROR_UNKNOWN; }
virtual ~Mqtt5ClientBuilder()
{
if (m_options)
{
delete m_options;
}
};
Mqtt5ClientBuilder(const Mqtt5ClientBuilder &) = delete;
Mqtt5ClientBuilder(Mqtt5ClientBuilder &&) = delete;
Mqtt5ClientBuilder &operator=(const Mqtt5ClientBuilder &) = delete;
Mqtt5ClientBuilder &operator=(Mqtt5ClientBuilder &&) = delete;
/**
* Setup callback trigged when client successfully establishes an MQTT connection
*
* @param callback
*
* @return this option object
*/
Mqtt5ClientBuilder &WithClientConnectionSuccessCallback(OnConnectionSuccessHandler callback) noexcept;
/**
* Setup callback trigged when client fails to establish an MQTT connection
*
* @param callback
*
* @return this option object
*/
Mqtt5ClientBuilder &WithClientConnectionFailureCallback(OnConnectionFailureHandler callback) noexcept;
/**
* Setup callback handler trigged when client's current MQTT connection is closed
*
* @param callback
*
* @return this option object
*/
Mqtt5ClientBuilder &WithClientDisconnectionCallback(OnDisconnectionHandler callback) noexcept;
/**
* Setup callback handler trigged when client reaches the "Stopped" state
*
* @param callback
*
* @return this option object
*/
Mqtt5ClientBuilder &WithClientStoppedCallback(OnStoppedHandler callback) noexcept;
/**
* Setup callback handler trigged when client begins an attempt to connect to the remote endpoint.
*
* @param callback
*
* @return this option object
*/
Mqtt5ClientBuilder &WithClientAttemptingConnectCallback(OnAttemptingConnectHandler callback) noexcept;
/**
* Setup callback handler trigged when an MQTT PUBLISH packet is received by the client
*
* @param callback
*
* @return this option object
*/
Mqtt5ClientBuilder &WithPublishReceivedCallback(OnPublishReceivedHandler callback) noexcept;
private:
// Common setup shared by all valid constructors
Mqtt5ClientBuilder(Crt::Allocator *allocator) noexcept;
// Common setup shared by all valid constructors
Mqtt5ClientBuilder(int error, Crt::Allocator *allocator) noexcept;
Crt::Allocator *m_allocator;
/**
* Network port of the MQTT server to connect to.
*/
uint32_t m_port;
/**
* TLS context for secure socket connections.
* If undefined, a plaintext connection will be used.
*/
Crt::Optional<Crt::Io::TlsContextOptions> m_tlsConnectionOptions;
/**
* Configures (tunneling) HTTP proxy usage when establishing MQTT connections
*/
Crt::Optional<Crt::Http::HttpClientConnectionProxyOptions> m_proxyOptions;
/**
* Websocket related options. The clinet with use websocket for connection when set.
*/
Crt::Optional<WebsocketConfig> m_websocketConfig;
/**
* Custom Authorizer Configuration
*/
Crt::Optional<Mqtt5CustomAuthConfig> m_customAuthConfig;
/**
* All configurable options with respect to the CONNECT packet sent by the client, including the will.
* These connect properties will be used for every connection attempt made by the client.
*/
std::shared_ptr<ConnectPacket> m_connectOptions;
Crt::Mqtt5::Mqtt5ClientOptions *m_options;
/* Error */
int m_lastError;
bool m_enableMetricsCollection;
Crt::String m_sdkName = "CPPv2";
Crt::String m_sdkVersion = AWS_CRT_CPP_VERSION;
};
} // namespace Iot
} // namespace Aws
#endif // !BYO_CRYPTO

497
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/iot/MqttClient.h Normal file
View File

@@ -0,0 +1,497 @@
#pragma once
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/crt/Config.h>
#include <aws/crt/Exports.h>
#include <aws/crt/auth/Sigv4Signing.h>
#include <aws/crt/mqtt/MqttConnection.h>
#include <aws/iot/MqttCommon.h>
#if !BYO_CRYPTO
namespace Aws
{
namespace Iot
{
class MqttClient;
/**
* Represents a unique configuration for connecting to a single AWS IoT endpoint. You can use a single instance
* of this class PER endpoint you want to connect to. This object must live through the lifetime of your
* connection.
*/
class AWS_CRT_CPP_API MqttClientConnectionConfig final
{
public:
static MqttClientConnectionConfig CreateInvalid(int lastError) noexcept;
/**
* Creates a client configuration for use with making new AWS Iot specific MQTT Connections with MTLS.
*
* @param endpoint endpoint to connect to
* @param port port to connect to
* @param socketOptions socket options to use when establishing the connection
* @param tlsContext tls context that should be used for all connections sourced from this config
*/
MqttClientConnectionConfig(
const Crt::String &endpoint,
uint32_t port,
const Crt::Io::SocketOptions &socketOptions,
Crt::Io::TlsContext &&tlsContext);
/**
* Creates a client configuration for use with making new AWS Iot specific MQTT Connections with web
* sockets. interceptor: a callback invoked during web socket handshake giving you the opportunity to mutate
* the request for authorization/signing purposes. If not specified, it's assumed you don't need to sign the
* request. proxyOptions: optional, if you want to use a proxy with websockets, specify the configuration
* options here.
*
* If proxy options are used, the tlsContext is applied to the connection to the remote endpoint, NOT the
* proxy. To make a tls connection to the proxy itself, you'll want to specify tls options in proxyOptions.
*
* @param endpoint endpoint to connect to
* @param port port to connect to
* @param socketOptions socket options to use when establishing the connection
* @param tlsContext tls context that should be used for all connections sourced from this config
* @param interceptor websocket upgrade handshake transformation function
* @param proxyOptions proxy configuration options
*/
MqttClientConnectionConfig(
const Crt::String &endpoint,
uint32_t port,
const Crt::Io::SocketOptions &socketOptions,
Crt::Io::TlsContext &&tlsContext,
Crt::Mqtt::OnWebSocketHandshakeIntercept &&interceptor,
const Crt::Optional<Crt::Http::HttpClientConnectionProxyOptions> &proxyOptions);
/**
* @return true if the instance is in a valid state, false otherwise.
*/
explicit operator bool() const noexcept { return m_context ? true : false; }
/**
* @return the value of the last aws error encountered by operations on this instance.
*/
int LastError() const noexcept { return m_lastError; }
private:
MqttClientConnectionConfig(int lastError) noexcept;
MqttClientConnectionConfig(
const Crt::String &endpoint,
uint32_t port,
const Crt::Io::SocketOptions &socketOptions,
Crt::Io::TlsContext &&tlsContext,
const Crt::Optional<Crt::Http::HttpClientConnectionProxyOptions> &proxyOptions);
Crt::String m_endpoint;
uint32_t m_port;
Crt::Io::TlsContext m_context;
Crt::Io::SocketOptions m_socketOptions;
Crt::Mqtt::OnWebSocketHandshakeIntercept m_webSocketInterceptor;
Crt::String m_username;
Crt::String m_password;
Crt::Optional<Crt::Http::HttpClientConnectionProxyOptions> m_proxyOptions;
int m_lastError;
friend class MqttClient;
friend class MqttClientConnectionConfigBuilder;
};
/**
* Represents configuration parameters for building a MqttClientConnectionConfig object. You can use a single
* instance of this class PER MqttClientConnectionConfig you want to generate. If you want to generate a config
* for a different endpoint or port etc... you need a new instance of this class.
*/
class AWS_CRT_CPP_API MqttClientConnectionConfigBuilder final
{
public:
MqttClientConnectionConfigBuilder();
/**
* Sets the builder up for MTLS using certPath and pkeyPath. These are files on disk and must be in the PEM
* format.
*
* @param certPath path to the X509 certificate (pem file) to use
* @param pkeyPath path to the private key (pem file) to use
* @param allocator memory allocator to use
*/
MqttClientConnectionConfigBuilder(
const char *certPath,
const char *pkeyPath,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for MTLS using cert and pkey. These are in-memory buffers and must be in the PEM
* format.
*
* @param cert buffer containing the X509 certificate in a PEM format
* @param pkey buffer containing the private key in a PEM format
* @param allocator memory allocator to use
*/
MqttClientConnectionConfigBuilder(
const Crt::ByteCursor &cert,
const Crt::ByteCursor &pkey,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for MTLS, using a PKCS#11 library for private key operations.
*
* NOTE: This only works on Unix devices.
*
* @param pkcs11Options PKCS#11 options
* @param allocator memory allocator to use
*/
MqttClientConnectionConfigBuilder(
const Crt::Io::TlsContextPkcs11Options &pkcs11Options,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for MTLS using a PKCS12 file and password. These are files on disk and must be in the
* PEM format.
*
* NOTE: This only works on MacOS devices.
*
* @param options The PKCS12 options to use. Has to contain a PKCS12 filepath and password.
* @param allocator memory allocator to use
*/
MqttClientConnectionConfigBuilder(
const struct Pkcs12Options &options,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for MTLS, using a certificate in a Windows certificate store.
*
* NOTE: This only works on Windows.
*
* @param windowsCertStorePath Path to certificate in a Windows certificate store.
* The path must use backslashes and end with the certificate's thumbprint.
* Example: `CurrentUser\MY\A11F8A9B5DF5B98BA3508FBCA575D09570E0D2C6`
* @param allocator memory allocator to use
*/
MqttClientConnectionConfigBuilder(
const char *windowsCertStorePath,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Sets the builder up for Websocket connection.
*
* @param config websocket configuration information
* @param allocator memory allocator to use
*/
MqttClientConnectionConfigBuilder(
const WebsocketConfig &config,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Creates a new builder with default Tls options. This requires setting the connection details manually.
*
* @return a new builder with default Tls options
*/
static MqttClientConnectionConfigBuilder NewDefaultBuilder() noexcept;
/**
* Sets endpoint to connect to.
*
* @param endpoint endpoint to connect to
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithEndpoint(const Crt::String &endpoint);
/**
* Sets endpoint to connect to.
*
* @param endpoint endpoint to connect to
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithEndpoint(Crt::String &&endpoint);
/**
* Overrides the default port. By default, if ALPN is supported, 443 will be used. Otherwise 8883 will be
* used. If you specify 443 and ALPN is not supported, we will still attempt to connect over 443 without
* ALPN.
*
* @param port port to connect to
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithPortOverride(uint32_t port) noexcept;
/**
* Sets the certificate authority for the endpoint you're connecting to. This is a path to a file on disk
* and must be in PEM format.
*
* @param caPath path to the CA file in PEM format
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithCertificateAuthority(const char *caPath) noexcept;
/**
* Sets the certificate authority for the endpoint you're connecting to. This is an in-memory buffer and
* must be in PEM format.
*
* @param cert buffer containing the CA certificate in a PEM format
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithCertificateAuthority(const Crt::ByteCursor &cert) noexcept;
/**
* TCP option: Enables TCP keep alive. Defaults to off.
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithTcpKeepAlive() noexcept;
/**
* TCP option: Sets the connect timeout. Defaults to 3 seconds.
*
* @param connectTimeoutMs socket connection timeout
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithTcpConnectTimeout(uint32_t connectTimeoutMs) noexcept;
/**
* TCP option: Sets time before keep alive probes are sent. Defaults to kernel defaults
*
* @param keepAliveTimeoutSecs time interval of no activity, in seconds, before keep alive probes
* get sent
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithTcpKeepAliveTimeout(uint16_t keepAliveTimeoutSecs) noexcept;
/**
* TCP option: Sets the frequency of sending keep alive probes in seconds once the keep alive timeout
* expires. Defaults to kernel defaults.
*
* @param keepAliveIntervalSecs the frequency of sending keep alive probes in seconds once the keep alive
* timeout expires
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithTcpKeepAliveInterval(uint16_t keepAliveIntervalSecs) noexcept;
/**
* TCP option: Sets the amount of keep alive probes allowed to fail before the connection is terminated.
* Defaults to kernel defaults.
*
* @param maxProbes the amount of keep alive probes allowed to fail before the connection is terminated
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithTcpKeepAliveMaxProbes(uint16_t maxProbes) noexcept;
/**
* Sets the minimum tls version that is acceptable for connection establishment
*
* @param minimumTlsVersion minimum tls version allowed in client connections
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithMinimumTlsVersion(aws_tls_versions minimumTlsVersion) noexcept;
/**
* Sets http proxy options.
*
* @param proxyOptions proxy configuration options for connection establishment
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithHttpProxyOptions(
const Crt::Http::HttpClientConnectionProxyOptions &proxyOptions) noexcept;
/**
* Whether to send the SDK name and version number in the MQTT CONNECT packet.
* Default is True.
*
* @param enabled true to send SDK version/name in the connect for metrics gathering purposes
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithMetricsCollection(bool enabled);
/**
* Overrides the default SDK Name to send as a metric in the MQTT CONNECT packet.
*
* @param sdkName string to use as the SDK name parameter in the connection string
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithSdkName(const Crt::String &sdkName);
/**
* Overrides the default SDK Version to send as a metric in the MQTT CONNECT packet.
*
* @param sdkVersion string to use as the SDK version parameter in the connection string
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithSdkVersion(const Crt::String &sdkVersion);
/**
* Sets the custom authorizer settings. This function will modify the username, port, and TLS options.
*
* @param username The username to use with the custom authorizer. If an empty string is passed, it will
* check to see if a username has already been set (via WithUsername function). If no
* username is set then no username will be passed with the MQTT connection.
* @param authorizerName The name of the custom authorizer. If an empty string is passed, then
* 'x-amz-customauthorizer-name' will not be added with the MQTT connection.
* @param authorizerSignature The signature of the custom authorizer.
* NOTE: This will NOT work without the token key name and token value, which
* requires using the non-depreciated API.
* @param password The password to use with the custom authorizer. If null is passed, then no password will
* be set.
*
* @deprecated Please use the full WithCustomAuthorizer function that includes `tokenKeyName` and
* `tokenValue`. This version is left for backwards compatibility purposes.
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithCustomAuthorizer(
const Crt::String &username,
const Crt::String &authorizerName,
const Crt::String &authorizerSignature,
const Crt::String &password) noexcept;
/**
* Sets the custom authorizer settings. This function will modify the username, port, and TLS options.
*
* @param username The username to use with the custom authorizer. If an empty string is passed, it will
* check to see if a username has already been set (via WithUsername function). If no
* username is set then no username will be passed with the MQTT connection.
* @param authorizerName The name of the custom authorizer. If an empty string is passed, then
* 'x-amz-customauthorizer-name' will not be added with the MQTT connection.
* @param authorizerSignature The signature of the custom authorizer. If an empty string is passed, then
* 'x-amz-customauthorizer-signature' will not be added with the MQTT connection.
* The signature must be based on the private key associated with the custom
* authorizer. The signature must be base64 encoded.
* @param password The password to use with the custom authorizer. If null is passed, then no password will
* be set.
* @param tokenKeyName Used to extract the custom authorizer token from MQTT username query-string
* properties. Required if the custom authorizer has signing enabled. It is strongly
* suggested to URL encode this value; the SDK will not do so for you.
* @param tokenValue An opaque token value. Required if the custom authorizer has signing enabled. This
* value must be signed by the private key associated with the custom authorizer and
* the result placed in the authorizerSignature argument.
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithCustomAuthorizer(
const Crt::String &username,
const Crt::String &authorizerName,
const Crt::String &authorizerSignature,
const Crt::String &password,
const Crt::String &tokenKeyName,
const Crt::String &tokenValue) noexcept;
/**
* Sets username for the connection
*
* @param username the username that will be passed with the MQTT connection
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithUsername(const Crt::String &username) noexcept;
/**
* Sets password for the connection
*
* @param password the password that will be passed with the MQTT connection
*
* @return this builder object
*/
MqttClientConnectionConfigBuilder &WithPassword(const Crt::String &password) noexcept;
/**
* Builds a client configuration object from the set options.
*
* @return a new client connection config instance
*/
MqttClientConnectionConfig Build() noexcept;
/**
* @return true if the instance is in a valid state, false otherwise.
*/
explicit operator bool() const noexcept { return m_lastError == 0; }
/**
* @return the value of the last aws error encountered by operations on this instance.
*/
int LastError() const noexcept { return m_lastError ? m_lastError : AWS_ERROR_UNKNOWN; }
private:
// Common setup shared by all valid constructors
MqttClientConnectionConfigBuilder(Crt::Allocator *allocator) noexcept;
// Helper function to add parameters to the username in the WithCustomAuthorizer function
Crt::String AddToUsernameParameter(
Crt::String currentUsername,
Crt::String parameterValue,
Crt::String parameterPreText);
Crt::Allocator *m_allocator;
Crt::String m_endpoint;
uint32_t m_portOverride;
Crt::Io::SocketOptions m_socketOptions;
Crt::Io::TlsContextOptions m_contextOptions;
Crt::Optional<WebsocketConfig> m_websocketConfig;
Crt::Optional<Crt::Http::HttpClientConnectionProxyOptions> m_proxyOptions;
bool m_enableMetricsCollection = true;
Crt::String m_sdkName = "CPPv2";
Crt::String m_sdkVersion;
Crt::String m_username = "";
Crt::String m_password = "";
bool m_isUsingCustomAuthorizer = false;
int m_lastError;
};
/**
* AWS IOT specific Mqtt Client. Sets defaults for using the AWS IOT service. You'll need an instance of
* MqttClientConnectionConfig to use. Once NewConnection returns, you use it's return value identically
* to how you would use Aws::Crt::Mqtt::MqttConnection
*/
class AWS_CRT_CPP_API MqttClient final
{
public:
MqttClient(Crt::Io::ClientBootstrap &bootstrap, Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Constructs a new Mqtt Client object using the static default ClientBootstrap.
*
* For more information on the default ClientBootstrap see
* Aws::Crt::ApiHandle::GetOrCreateDefaultClientBootstrap
*/
MqttClient(Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Creates a new mqtt connection from a connection configuration object
* @param config mqtt connection configuration
* @return a new mqtt connection
*/
std::shared_ptr<Crt::Mqtt::MqttConnection> NewConnection(const MqttClientConnectionConfig &config) noexcept;
/**
* @return the value of the last aws error encountered by operations on this instance.
*/
int LastError() const noexcept { return m_client.LastError(); }
/**
* @return true if the instance is in a valid state, false otherwise.
*/
explicit operator bool() const noexcept { return m_client ? true : false; }
private:
Crt::Mqtt::MqttClient m_client;
int m_lastError;
};
} // namespace Iot
} // namespace Aws
#endif // !BYO_CRYPTO

113
Plugins/GameLiftPlugin/Source/AWSSDK/Include/aws/iot/MqttCommon.h Normal file
View File

@@ -0,0 +1,113 @@
#pragma once
/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#include <aws/crt/Config.h>
#include <aws/crt/Exports.h>
#include <aws/crt/auth/Sigv4Signing.h>
#include <aws/crt/mqtt/MqttClient.h>
#if !BYO_CRYPTO
namespace Aws
{
namespace Iot
{
using CreateSigningConfig = std::function<std::shared_ptr<Crt::Auth::ISigningConfig>(void)>;
/**
* Class encapsulating configuration for establishing an Aws IoT mqtt connection via websockets
*/
struct AWS_CRT_CPP_API WebsocketConfig
{
/**
* Create a websocket configuration for use with the default credentials provider chain. Signing region
* will be used for Sigv4 signature calculations.
*
* @param signingRegion Aws region that is being connected to. Required in order to properly sign the
* handshake upgrade request
* @param bootstrap client bootstrap to establish any connections needed by the default credentials
* provider chain which will get built for the user
* @param allocator memory allocator to use
*/
WebsocketConfig(
const Crt::String &signingRegion,
Crt::Io::ClientBootstrap *bootstrap,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Create a websocket configuration for use with the default credentials provider chain and default
* ClientBootstrap. Signing region will be used for Sigv4 signature calculations.
*
* For more information on the default ClientBootstrap see
* Aws::Crt::ApiHandle::GetOrCreateDefaultClientBootstrap
*
* @param signingRegion Aws region that is being connected to. Required in order to properly sign the
* handshake upgrade request
* @param allocator memory allocator to use
*/
WebsocketConfig(const Crt::String &signingRegion, Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Create a websocket configuration for use with a custom credentials provider. Signing region will be used
* for Sigv4 signature calculations.
*
* @param signingRegion Aws region that is being connected to. Required in order to properly sign the
* handshake upgrade request
* @param credentialsProvider credentials provider to source AWS credentials from
* @param allocator memory allocator to use
*/
WebsocketConfig(
const Crt::String &signingRegion,
const std::shared_ptr<Crt::Auth::ICredentialsProvider> &credentialsProvider,
Crt::Allocator *allocator = Crt::ApiAllocator()) noexcept;
/**
* Create a websocket configuration for use with a custom credentials provider, and a custom signer.
*
* You'll need to provide a function for use with creating a signing Config and pass it to
* createSigningConfig.
*
* This is useful for cases use with:
* https://docs.aws.amazon.com/iot/latest/developerguide/custom-auth.html
*
* @param credentialsProvider credentials provider
* @param signer HTTP request signer
* @param createSigningConfig function that creates a signing config
*/
WebsocketConfig(
const std::shared_ptr<Crt::Auth::ICredentialsProvider> &credentialsProvider,
const std::shared_ptr<Crt::Auth::IHttpRequestSigner> &signer,
CreateSigningConfig createSigningConfig) noexcept;
std::shared_ptr<Crt::Auth::ICredentialsProvider> CredentialsProvider;
std::shared_ptr<Crt::Auth::IHttpRequestSigner> Signer;
CreateSigningConfig CreateSigningConfigCb;
/**
* @deprecated Specify ProxyOptions to use a proxy with your websocket connection.
*
* If MqttClientConnectionConfigBuilder::m_proxyOptions is valid, then that will be used over
* this value.
*/
Crt::Optional<Crt::Http::HttpClientConnectionProxyOptions> ProxyOptions;
Crt::String SigningRegion;
Crt::String ServiceName;
};
/**
* A simple struct to hold the options for creating a PKCS12 builder. Used to differentiate the
* PKCS12 builder from other options in the mTLS builders.
*/
struct Pkcs12Options
{
Crt::String pkcs12_file;
Crt::String pkcs12_password;
};
} // namespace Iot
} // namespace Aws
#endif // !BYO_CRYPTO