From 63e89c09529779a825cdd762bbd1f16462cf85b0 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 09:57:29 -0400 Subject: [PATCH 01/52] Add PKCS12 sample --- .github/workflows/ci.yml | 7 + .../workflows/ci_run_pkcs12_connect_cfg.json | 20 +++ samples/README.md | 3 + samples/mqtt/pkcs12_connect/CMakeLists.txt | 25 ++++ samples/mqtt/pkcs12_connect/README.md | 64 +++++++++ samples/mqtt/pkcs12_connect/main.cpp | 127 ++++++++++++++++++ samples/utils/CommandLineUtils.cpp | 21 +++ samples/utils/CommandLineUtils.h | 4 + 8 files changed, 271 insertions(+) create mode 100644 .github/workflows/ci_run_pkcs12_connect_cfg.json create mode 100644 samples/mqtt/pkcs12_connect/CMakeLists.txt create mode 100644 samples/mqtt/pkcs12_connect/README.md create mode 100644 samples/mqtt/pkcs12_connect/main.cpp diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f3a0a4f4d..9fe2935f9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -329,6 +329,13 @@ jobs: - name: run MQTT3 PubSub sample run: | python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json + - name: run PKCS12 sample + run: | + cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem + key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem + pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") + openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password + python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json new file mode 100644 index 000000000..04b2818e3 --- /dev/null +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -0,0 +1,20 @@ +{ + "language": "CPP", + "sample_file": "./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect", + "sample_region": "us-east-1", + "sample_main_class": "", + "arguments": [ + { + "name": "--endpoint", + "secret": "ci/endpoint" + }, + { + "name": "--pkcs12_file", + "data": "/tmp/pkcs12-key.p12" + }, + { + "name": "--pkcs12_password", + "secret": "ci/PubSub/key_pkcs12_password" + } + ] +} diff --git a/samples/README.md b/samples/README.md index dba3e90c0..3ca1ed425 100644 --- a/samples/README.md +++ b/samples/README.md @@ -6,6 +6,7 @@ * [Mqtt5 Shared Subscription](./mqtt5/mqtt5_shared_subscription/README.md) * [Websocket Connect](./mqtt/websocket_connect/README.md) * [PKCS#11 Connect](./mqtt/pkcs11_connect/README.md) +* [PKCS#12 Connect](./mqtt/pkcs12_connect/README.md) * [x509 Credentials Provider Connect](./mqtt/x509_credentials_provider_connect/README.md) * [Windows Certificate MQTT Connect](./mqtt/windows_cert_connect/README.md) * [Custom Authorizer Connect](./mqtt/custom_authorizer_connect/README.md) @@ -68,6 +69,8 @@ cmake -DCMAKE_PREFIX_PATH="" -DCMAKE_BUILD_ cmake --build . --config "" ``` +Note that building all the samples at once is currently only available in the V2 C++ IoT SDK at this time. + ### Sample Build Notes * `-DCMAKE_PREFIX_PATH` needs to be set to the path aws-iot-device-sdk-cpp-v2 installed at. Since [Installation](../README.md#Installation) takes `sdk-cpp-workspace` as an example, this file uses that example too. diff --git a/samples/mqtt/pkcs12_connect/CMakeLists.txt b/samples/mqtt/pkcs12_connect/CMakeLists.txt new file mode 100644 index 000000000..b257f8b37 --- /dev/null +++ b/samples/mqtt/pkcs12_connect/CMakeLists.txt @@ -0,0 +1,25 @@ +cmake_minimum_required(VERSION 3.1) +# note: cxx-17 requires cmake 3.8, cxx-20 requires cmake 3.12 +project(pkcs12-connect CXX) + +file(GLOB SRC_FILES + "*.cpp" + "../../utils/CommandLineUtils.cpp" + "../../utils/CommandLineUtils.h" +) + +add_executable(${PROJECT_NAME} ${SRC_FILES}) + +set_target_properties(${PROJECT_NAME} PROPERTIES + CXX_STANDARD 14) + +#set warnings +if (MSVC) + target_compile_options(${PROJECT_NAME} PRIVATE /W4 /WX /wd4068) +else () + target_compile_options(${PROJECT_NAME} PRIVATE -Wall -Wno-long-long -pedantic -Werror) +endif () + +find_package(aws-crt-cpp REQUIRED) + +target_link_libraries(${PROJECT_NAME} AWS::aws-crt-cpp) diff --git a/samples/mqtt/pkcs12_connect/README.md b/samples/mqtt/pkcs12_connect/README.md new file mode 100644 index 000000000..c98dd13d2 --- /dev/null +++ b/samples/mqtt/pkcs12_connect/README.md @@ -0,0 +1,64 @@ +# PKCS12 Connect + +[**Return to main sample list**](../README.md) + +This sample is similar to the [Basic Connect](../basic_connect/README.md) sample, in that it connects via Mutual TLS (mTLS) using a certificate and key file. However, unlike the Basic Connect where the certificate and private key file are stored on disk, this sample uses a PKCS#12 file instead. + +**WARNING: MacOS only**. Currently, TLS integration with PKCS12 is only available on MacOS devices. + +Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended. + +
+(see sample policy) +
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iot:Connect"
+      ],
+      "Resource": [
+        "arn:aws:iot:region:account:client/test-*"
+      ]
+    }
+  ]
+}
+
+ +Replace with the following with the data from your AWS account: +* ``: The AWS IoT Core region where you created your AWS IoT Core thing you wish to use with this sample. For example `us-east-1`. +* ``: Your AWS IoT Core account ID. This is the set of numbers in the top right next to your AWS account name when using the AWS IoT Core website. + +Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id ` to send the client ID your policy supports. + +
+ +## How to run + +This sample can be run using the following command: + +```sh +./pkcs12-connect --endpoint --pkcs12_file --pkcs12_password +``` + +You can also pass a Certificate Authority file (CA) if your certificate and key combination requires it: + +```sh +./pkcs12-connect --endpoint --pkcs12_file --pkcs12_password --ca_file +``` + +### How to setup and run + +To use the certificate and key files provided by AWS IoT Core, you will need to convert them into PKCS#12 format and then import them into your Java keystore. You can convert the certificate and key file to PKCS12 using the following command: + +```sh +openssl pkcs12 -export -in -inkey -out -name -password pass: +``` + +Once converted, you can then run the PKCS12 connect sample with the following: + +```sh +./pkcs12-connect --endpoint --pkcs12_file --pkcs12_password +``` diff --git a/samples/mqtt/pkcs12_connect/main.cpp b/samples/mqtt/pkcs12_connect/main.cpp new file mode 100644 index 000000000..0bfe67d31 --- /dev/null +++ b/samples/mqtt/pkcs12_connect/main.cpp @@ -0,0 +1,127 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include +#include + +#include "../../utils/CommandLineUtils.h" + +using namespace Aws::Crt; + +int main(int argc, char *argv[]) +{ + + /************************ Setup ****************************/ + + // Do the global initialization for the API + ApiHandle apiHandle; + + /** + * cmdData is the arguments/input from the command line placed into a single struct for + * use in this sample. This handles all of the command line parsing, validating, etc. + * See the Utils/CommandLineUtils for more information. + */ + Utils::cmdData cmdData = Utils::parseSampleInputPKCS12Connect(argc, argv, &apiHandle); + + // Create the MQTT builder and populate it with data from cmdData. + struct Aws::Iot::Pkcs12Options options = { + .pkcs12_file = cmdData.input_pkcs12File, + .pkcs12_password = cmdData.input_pkcs12Password, + }; + auto clientConfigBuilder = Aws::Iot::MqttClientConnectionConfigBuilder(options); + clientConfigBuilder.WithEndpoint(cmdData.input_endpoint); + if (cmdData.input_ca != "") + { + clientConfigBuilder.WithCertificateAuthority(cmdData.input_ca.c_str()); + } + + // Create the MQTT connection from the MQTT builder + auto clientConfig = clientConfigBuilder.Build(); + if (!clientConfig) + { + fprintf( + stderr, + "Client Configuration initialization failed with error %s\n", + Aws::Crt::ErrorDebugString(clientConfig.LastError())); + exit(-1); + } + Aws::Iot::MqttClient client = Aws::Iot::MqttClient(); + auto connection = client.NewConnection(clientConfig); + if (!*connection) + { + fprintf( + stderr, + "MQTT Connection Creation failed with error %s\n", + Aws::Crt::ErrorDebugString(connection->LastError())); + exit(-1); + } + + /** + * In a real world application you probably don't want to enforce synchronous behavior + * but this is a sample console application, so we'll just do that with a condition variable. + */ + std::promise connectionCompletedPromise; + std::promise connectionClosedPromise; + + // Invoked when a MQTT connect has completed or failed + auto onConnectionCompleted = + [&](Aws::Crt::Mqtt::MqttConnection &, int errorCode, Aws::Crt::Mqtt::ReturnCode returnCode, bool) { + if (errorCode) + { + fprintf(stdout, "Connection failed with error %s\n", Aws::Crt::ErrorDebugString(errorCode)); + connectionCompletedPromise.set_value(false); + } + else + { + fprintf(stdout, "Connection completed with return code %d\n", returnCode); + connectionCompletedPromise.set_value(true); + } + }; + + // Invoked when a MQTT connection was interrupted/lost + auto onInterrupted = [&](Aws::Crt::Mqtt::MqttConnection &, int error) { + fprintf(stdout, "Connection interrupted with error %s\n", Aws::Crt::ErrorDebugString(error)); + }; + + // Invoked when a MQTT connection was interrupted/lost, but then reconnected successfully + auto onResumed = [&](Aws::Crt::Mqtt::MqttConnection &, Aws::Crt::Mqtt::ReturnCode, bool) { + fprintf(stdout, "Connection resumed\n"); + }; + + // Invoked when a disconnect message has completed. + auto onDisconnect = [&](Aws::Crt::Mqtt::MqttConnection &) { + fprintf(stdout, "Disconnect completed\n"); + connectionClosedPromise.set_value(); + }; + + // Assign callbacks + connection->OnConnectionCompleted = std::move(onConnectionCompleted); + connection->OnDisconnect = std::move(onDisconnect); + connection->OnConnectionInterrupted = std::move(onInterrupted); + connection->OnConnectionResumed = std::move(onResumed); + + /************************ Run the sample ****************************/ + + // Connect + fprintf(stdout, "Connecting...\n"); + if (!connection->Connect(cmdData.input_clientId.c_str(), false /*cleanSession*/, 1000 /*keepAliveTimeSecs*/)) + { + fprintf(stderr, "MQTT Connection failed with error %s\n", Aws::Crt::ErrorDebugString(connection->LastError())); + exit(-1); + } + + // wait for the OnConnectionCompleted callback to fire, which sets connectionCompletedPromise... + if (connectionCompletedPromise.get_future().get() == false) + { + fprintf(stderr, "Connection failed\n"); + exit(-1); + } + + // Disconnect + if (connection->Disconnect()) + { + connectionClosedPromise.get_future().wait(); + } + return 0; +} diff --git a/samples/utils/CommandLineUtils.cpp b/samples/utils/CommandLineUtils.cpp index 4425b5d53..e01c81e36 100644 --- a/samples/utils/CommandLineUtils.cpp +++ b/samples/utils/CommandLineUtils.cpp @@ -66,6 +66,8 @@ namespace Utils static const char *m_cmd_proxy_password = "proxy_password"; static const char *m_cmd_shadow_property = "shadow_property"; static const char *m_cmd_region = "region"; + static const char *m_cmd_pkcs12_file = "pkcs12_file"; + static const char *m_cmd_pkcs12_password = "pkcs12_password"; CommandLineUtils::CommandLineUtils() { @@ -948,4 +950,23 @@ namespace Utils return returnData; } + cmdData parseSampleInputPKCS12Connect(int argc, char *argv[], Aws::Crt::ApiHandle *api_handle) + { + CommandLineUtils cmdUtils = CommandLineUtils(); + cmdUtils.RegisterProgramName("pkcs12-connect"); + cmdUtils.AddCommonMQTTCommands(); + cmdUtils.RegisterCommand(m_cmd_pkcs12_file, "", "Path to the PKCS#12 file."); + cmdUtils.RegisterCommand(m_cmd_pkcs12_password, "", "Password for the PKCS#12 file."); + cmdUtils.RegisterCommand(m_cmd_client_id, "", "Client id to use (optional, default='test-*')"); + s_addLoggingSendArgumentsStartLogging(argc, argv, api_handle, &cmdUtils); + + cmdData returnData = cmdData(); + s_parseCommonMQTTCommands(&cmdUtils, &returnData); + returnData.input_clientId = + cmdUtils.GetCommandOrDefault(m_cmd_client_id, Aws::Crt::String("test-") + Aws::Crt::UUID().ToString()); + returnData.input_pkcs12File = cmdUtils.GetCommandRequired(m_cmd_pkcs12_file); + returnData.input_pkcs12Password = cmdUtils.GetCommandRequired(m_cmd_pkcs12_password); + return returnData; + } + } // namespace Utils diff --git a/samples/utils/CommandLineUtils.h b/samples/utils/CommandLineUtils.h index dd304d133..b57a63f7f 100644 --- a/samples/utils/CommandLineUtils.h +++ b/samples/utils/CommandLineUtils.h @@ -266,6 +266,9 @@ namespace Utils Aws::Crt::String input_proxy_password; // Shadow Aws::Crt::String input_shadowProperty; + // PKCS12 + Aws::Crt::String input_pkcs12File; + Aws::Crt::String input_pkcs12Password; }; cmdData parseSampleInputDeviceDefender(int argc, char *argv[], Aws::Crt::ApiHandle *api_handle); @@ -290,5 +293,6 @@ namespace Utils cmdData parseSampleInputSecureTunnel(int argc, char *argv[], Aws::Crt::ApiHandle *api_handle); cmdData parseSampleInputSecureTunnelNotification(int argc, char *argv[], Aws::Crt::ApiHandle *api_handle); cmdData parseSampleInputShadow(int argc, char *argv[], Aws::Crt::ApiHandle *api_handle); + cmdData parseSampleInputPKCS12Connect(int argc, char *argv[], Aws::Crt::ApiHandle *api_handle); } // namespace Utils From 32c6bafe705b7715fc5cace3ab02b164333be8e3 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 09:59:33 -0400 Subject: [PATCH 02/52] Fix CI yaml --- .github/workflows/ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9fe2935f9..246235b8b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -330,12 +330,12 @@ jobs: run: | python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample - run: | - cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem - key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem - pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") - openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password - python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + run: | + cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem + key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem + pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") + openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password + python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: From b93428e4eb8adb44a4e5a9b1f0b2f2a91a2795eb Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 10:11:58 -0400 Subject: [PATCH 03/52] Need to compile sample --- .builder/actions/build_samples.py | 1 + samples/CMakeLists.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/.builder/actions/build_samples.py b/.builder/actions/build_samples.py index 838087e2e..78cd1032a 100644 --- a/.builder/actions/build_samples.py +++ b/.builder/actions/build_samples.py @@ -20,6 +20,7 @@ def run(self, env): 'samples/mqtt/basic_connect', 'samples/mqtt/custom_authorizer_connect', 'samples/mqtt/pkcs11_connect', + 'samples/mqtt/pkcs12_connect', 'samples/mqtt/websocket_connect', 'samples/mqtt/windows_cert_connect', 'samples/mqtt/x509_credentials_provider_connect', diff --git a/samples/CMakeLists.txt b/samples/CMakeLists.txt index b4a751f64..494efb564 100644 --- a/samples/CMakeLists.txt +++ b/samples/CMakeLists.txt @@ -10,6 +10,7 @@ add_subdirectory(jobs/describe_job_execution) add_subdirectory(mqtt/basic_connect) add_subdirectory(mqtt/custom_authorizer_connect) add_subdirectory(mqtt/pkcs11_connect) +add_subdirectory(mqtt/pkcs12_connect) add_subdirectory(mqtt/websocket_connect) add_subdirectory(mqtt/windows_cert_connect) add_subdirectory(mqtt/x509_credentials_provider_connect) From 3493c36b56aafbc6c55a634fac33c58671633825 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 10:18:11 -0400 Subject: [PATCH 04/52] Fix error due to struct initialization --- samples/mqtt/pkcs12_connect/main.cpp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/samples/mqtt/pkcs12_connect/main.cpp b/samples/mqtt/pkcs12_connect/main.cpp index 0bfe67d31..9a90a7f56 100644 --- a/samples/mqtt/pkcs12_connect/main.cpp +++ b/samples/mqtt/pkcs12_connect/main.cpp @@ -25,10 +25,9 @@ int main(int argc, char *argv[]) Utils::cmdData cmdData = Utils::parseSampleInputPKCS12Connect(argc, argv, &apiHandle); // Create the MQTT builder and populate it with data from cmdData. - struct Aws::Iot::Pkcs12Options options = { - .pkcs12_file = cmdData.input_pkcs12File, - .pkcs12_password = cmdData.input_pkcs12Password, - }; + struct Aws::Iot::Pkcs12Options options; + options.pkcs12_file = cmdData.input_pkcs12File; + options.pkcs12_password = cmdData.input_pkcs12Password; auto clientConfigBuilder = Aws::Iot::MqttClientConnectionConfigBuilder(options); clientConfigBuilder.WithEndpoint(cmdData.input_endpoint); if (cmdData.input_ca != "") From fb67b679b58b219b8e40440b54755d454e34386b Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 12:51:56 -0400 Subject: [PATCH 05/52] Is the sample stalling or getting the credentials? --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 246235b8b..724003d6a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -335,7 +335,7 @@ jobs: key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password - python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: From 32af3a42ab837becb9c36af83e9b55c40b2a2be1 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 13:05:33 -0400 Subject: [PATCH 06/52] Adjust PKCS12 file paths --- .github/workflows/ci.yml | 9 +++++---- .github/workflows/ci_run_pkcs12_connect_cfg.json | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 724003d6a..123c18918 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -331,11 +331,12 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | - cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem - key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem + pkcs12_folder=./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/ + cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > $pkcs12_folder/certificate.pem + key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > $pkcs12_folder/privatekey.pem pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") - openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password - # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + openssl pkcs12 -export -in $pkcs12_folder/certificate.pem -inkey $pkcs12_folder/privatekey.pem -out $pkcs12_folder/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password + python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 04b2818e3..0ddbd2433 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -10,7 +10,7 @@ }, { "name": "--pkcs12_file", - "data": "/tmp/pkcs12-key.p12" + "data": "./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-key.p12" }, { "name": "--pkcs12_password", From d3e406a6f207424cc9f0d865c6bb3643b3aa1d80 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 13:21:47 -0400 Subject: [PATCH 07/52] Run the sample directly to, hopefully, see sample logs --- .github/workflows/ci.yml | 11 ++++++----- .github/workflows/ci_run_pkcs12_connect_cfg.json | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 123c18918..5553966e2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -331,12 +331,13 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | - pkcs12_folder=./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/ - cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > $pkcs12_folder/certificate.pem - key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > $pkcs12_folder/privatekey.pem + cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem + key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem + endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") - openssl pkcs12 -export -in $pkcs12_folder/certificate.pem -inkey $pkcs12_folder/privatekey.pem -out $pkcs12_folder/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password - python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password + ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file /tmp/pkcs12-key.p12 --pkcs12_password $pkcs12_password + # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 0ddbd2433..04b2818e3 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -10,7 +10,7 @@ }, { "name": "--pkcs12_file", - "data": "./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-key.p12" + "data": "/tmp/pkcs12-key.p12" }, { "name": "--pkcs12_password", From ce417c8b05ed882e4c4b74349efd3eea1f2f8ade Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 14:10:44 -0400 Subject: [PATCH 08/52] Try PKCS12 key path a different way --- .github/workflows/ci.yml | 4 ++-- .github/workflows/ci_run_pkcs12_connect_cfg.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5553966e2..096c66417 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -335,8 +335,8 @@ jobs: key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") - openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password - ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file /tmp/pkcs12-key.p12 --pkcs12_password $pkcs12_password + openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password + ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-key.p12 --pkcs12_password $pkcs12_password # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 04b2818e3..0ddbd2433 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -10,7 +10,7 @@ }, { "name": "--pkcs12_file", - "data": "/tmp/pkcs12-key.p12" + "data": "./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-key.p12" }, { "name": "--pkcs12_password", From 668ec6c90754a1bde147545b069d1ca2094076ac Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 15:04:58 -0400 Subject: [PATCH 09/52] Revert back to PKCS12 CI code from JS --- .github/workflows/ci.yml | 6 ++---- .github/workflows/ci_run_pkcs12_connect_cfg.json | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 096c66417..246235b8b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -333,11 +333,9 @@ jobs: run: | cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem - endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") - openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password - ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-key.p12 --pkcs12_password $pkcs12_password - # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password + python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 0ddbd2433..04b2818e3 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -10,7 +10,7 @@ }, { "name": "--pkcs12_file", - "data": "./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-key.p12" + "data": "/tmp/pkcs12-key.p12" }, { "name": "--pkcs12_password", From 03502c841c22f0de18381497c54d51e52c3acc13 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 15:23:44 -0400 Subject: [PATCH 10/52] Pipe the output from running the sample to hopefully see why it is stalling in CI but not locally nor in other SDKs --- utils/run_sample_ci.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/run_sample_ci.py b/utils/run_sample_ci.py index fb6dc6ef8..017b865e3 100644 --- a/utils/run_sample_ci.py +++ b/utils/run_sample_ci.py @@ -251,7 +251,7 @@ def launch_sample(): exit_code = 0 - print("Launching sample...") + print("Launching sample...", flush=True) # Java if (config_json['language'] == "Java"): @@ -277,7 +277,7 @@ def launch_sample(): # C++ elif (config_json['language'] == "CPP"): sample_return = subprocess.run( - args=config_json_arguments_list, executable=config_json['sample_file']) + args=config_json_arguments_list, executable=config_json['sample_file'], stderr=sys.stderr, stdout=sys.stdout) exit_code = sample_return.returncode elif (config_json['language'] == "Python"): From 335361fc37cbd7af19e41047076a7f1704a0e9fd Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 15:53:03 -0400 Subject: [PATCH 11/52] Try adding a timeout to see the output? --- utils/run_sample_ci.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/run_sample_ci.py b/utils/run_sample_ci.py index 017b865e3..96b6a10eb 100644 --- a/utils/run_sample_ci.py +++ b/utils/run_sample_ci.py @@ -277,7 +277,7 @@ def launch_sample(): # C++ elif (config_json['language'] == "CPP"): sample_return = subprocess.run( - args=config_json_arguments_list, executable=config_json['sample_file'], stderr=sys.stderr, stdout=sys.stdout) + args=config_json_arguments_list, executable=config_json['sample_file'], timeout=600) exit_code = sample_return.returncode elif (config_json['language'] == "Python"): From c0c938a0e36c1ab7685a5f6594b60eea4bd36617 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 16:20:51 -0400 Subject: [PATCH 12/52] Try turning on logs --- .github/workflows/ci_run_pkcs12_connect_cfg.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 04b2818e3..add1492e8 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -15,6 +15,10 @@ { "name": "--pkcs12_password", "secret": "ci/PubSub/key_pkcs12_password" + }, + { + "name": "verbosity", + "data": "Trace" } ] } From 5c73f4e7b3bc5cccb866d35deb3d9497a930dbfd Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 16:58:24 -0400 Subject: [PATCH 13/52] Print the output on timeout --- utils/run_sample_ci.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/utils/run_sample_ci.py b/utils/run_sample_ci.py index 96b6a10eb..67ad74515 100644 --- a/utils/run_sample_ci.py +++ b/utils/run_sample_ci.py @@ -276,9 +276,14 @@ def launch_sample(): # C++ elif (config_json['language'] == "CPP"): - sample_return = subprocess.run( - args=config_json_arguments_list, executable=config_json['sample_file'], timeout=600) - exit_code = sample_return.returncode + try: + sample_return = subprocess.run( + args=config_json_arguments_list, executable=config_json['sample_file'], timeout=600) + exit_code = sample_return.returncode + except subprocess.TimeoutExpired as timeOut: + print (timeOut.stdout, flush=True) + print ("\n\n=====================\n\n", flush=True) + print (timeOut.stderr, flush=True) elif (config_json['language'] == "Python"): config_json_arguments_list.append("--is_ci") From 64636587b640bf2ff03611273807d062adf6331d Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Mon, 8 May 2023 17:28:22 -0400 Subject: [PATCH 14/52] Use a pipe to get the output? --- utils/run_sample_ci.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/utils/run_sample_ci.py b/utils/run_sample_ci.py index 67ad74515..ebb32ce17 100644 --- a/utils/run_sample_ci.py +++ b/utils/run_sample_ci.py @@ -278,12 +278,13 @@ def launch_sample(): elif (config_json['language'] == "CPP"): try: sample_return = subprocess.run( - args=config_json_arguments_list, executable=config_json['sample_file'], timeout=600) + args=config_json_arguments_list, executable=config_json['sample_file'], timeout=600, stderr=subprocess.STDOUT, stdout=subprocess.PIPE) exit_code = sample_return.returncode except subprocess.TimeoutExpired as timeOut: print (timeOut.stdout, flush=True) print ("\n\n=====================\n\n", flush=True) print (timeOut.stderr, flush=True) + sys.exit(-1) elif (config_json['language'] == "Python"): config_json_arguments_list.append("--is_ci") From 1031f234d30463e8ff05b751e0f4852dd1f809f4 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Tue, 9 May 2023 09:24:10 -0400 Subject: [PATCH 15/52] Output to CRT logs and try to print that file --- .github/workflows/ci_run_pkcs12_connect_cfg.json | 4 ++++ utils/run_sample_ci.py | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index add1492e8..729aa9e72 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -19,6 +19,10 @@ { "name": "verbosity", "data": "Trace" + }, + { + "name": "log_file", + "data": "/tmp/SAMPLE_LOG.txt" } ] } diff --git a/utils/run_sample_ci.py b/utils/run_sample_ci.py index ebb32ce17..757277da1 100644 --- a/utils/run_sample_ci.py +++ b/utils/run_sample_ci.py @@ -281,9 +281,9 @@ def launch_sample(): args=config_json_arguments_list, executable=config_json['sample_file'], timeout=600, stderr=subprocess.STDOUT, stdout=subprocess.PIPE) exit_code = sample_return.returncode except subprocess.TimeoutExpired as timeOut: - print (timeOut.stdout, flush=True) - print ("\n\n=====================\n\n", flush=True) - print (timeOut.stderr, flush=True) + print ("\n=====================\n", flush=True) + with open("/tmp/SAMPLE_LOG.txt", "r") as file: + print (file.read(), flush=True) sys.exit(-1) elif (config_json['language'] == "Python"): From 90c551d85e73ec7154d9e79c0af02b50ec41cd15 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Tue, 9 May 2023 09:52:52 -0400 Subject: [PATCH 16/52] Try a relative path for the log file? --- .github/workflows/ci_run_pkcs12_connect_cfg.json | 2 +- utils/run_sample_ci.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 729aa9e72..9dad861b8 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -22,7 +22,7 @@ }, { "name": "log_file", - "data": "/tmp/SAMPLE_LOG.txt" + "data": "./SAMPLE_LOG.txt" } ] } diff --git a/utils/run_sample_ci.py b/utils/run_sample_ci.py index 757277da1..961a61db7 100644 --- a/utils/run_sample_ci.py +++ b/utils/run_sample_ci.py @@ -282,7 +282,7 @@ def launch_sample(): exit_code = sample_return.returncode except subprocess.TimeoutExpired as timeOut: print ("\n=====================\n", flush=True) - with open("/tmp/SAMPLE_LOG.txt", "r") as file: + with open("./SAMPLE_LOG.txt", "r") as file: print (file.read(), flush=True) sys.exit(-1) From e0a9065236c37525535deaee2cb53f8b2b1a8567 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Tue, 9 May 2023 10:17:54 -0400 Subject: [PATCH 17/52] Does it even hit the executable? Try passing --help to see if that works --- .github/workflows/ci_run_pkcs12_connect_cfg.json | 4 ++-- utils/run_sample_ci.py | 3 --- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 9dad861b8..6e2f2f3c0 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -21,8 +21,8 @@ "data": "Trace" }, { - "name": "log_file", - "data": "./SAMPLE_LOG.txt" + "name": "help", + "data": "true" } ] } diff --git a/utils/run_sample_ci.py b/utils/run_sample_ci.py index 961a61db7..a24b9ad18 100644 --- a/utils/run_sample_ci.py +++ b/utils/run_sample_ci.py @@ -281,9 +281,6 @@ def launch_sample(): args=config_json_arguments_list, executable=config_json['sample_file'], timeout=600, stderr=subprocess.STDOUT, stdout=subprocess.PIPE) exit_code = sample_return.returncode except subprocess.TimeoutExpired as timeOut: - print ("\n=====================\n", flush=True) - with open("./SAMPLE_LOG.txt", "r") as file: - print (file.read(), flush=True) sys.exit(-1) elif (config_json['language'] == "Python"): From 286b34c6804895a39b6d7f0c27a79908a322dc3e Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Tue, 9 May 2023 10:45:27 -0400 Subject: [PATCH 18/52] Try running directly with logging --- .github/workflows/ci.yml | 4 +++- .github/workflows/ci_run_pkcs12_connect_cfg.json | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 246235b8b..cd00e6dab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -331,11 +331,13 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | + endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password - python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file /tmp/pkcs12-key.p12 --pkcs12_password $pkcs12_password --verbosity Trace + # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 6e2f2f3c0..1643722fd 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -17,11 +17,11 @@ "secret": "ci/PubSub/key_pkcs12_password" }, { - "name": "verbosity", + "name": "--verbosity", "data": "Trace" }, { - "name": "help", + "name": "--help", "data": "true" } ] From 2216d394248ea12ff141fa8191eebe26cdea47b3 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Tue, 9 May 2023 13:05:19 -0400 Subject: [PATCH 19/52] Pass the endpoint directly to see if that resolves the endpoint address --- .github/workflows/ci.yml | 3 +-- .github/workflows/ci_run_pkcs12_connect_cfg.json | 4 ---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cd00e6dab..23d2e734f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -331,12 +331,11 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | - endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password - ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file /tmp/pkcs12-key.p12 --pkcs12_password $pkcs12_password --verbosity Trace + ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint a2yvr5l8sc9814-ats.iot.us-east-1.amazonaws.com --pkcs12_file /tmp/pkcs12-key.p12 --pkcs12_password $pkcs12_password --verbosity Trace # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 1643722fd..5be1b09e3 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -19,10 +19,6 @@ { "name": "--verbosity", "data": "Trace" - }, - { - "name": "--help", - "data": "true" } ] } From 588aa02b0300038b4f02f8ffde2f86e7364bda1a Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Tue, 23 May 2023 15:56:13 -0400 Subject: [PATCH 20/52] Try a hard-coded PKCS12 password to see if it makes a difference --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 23d2e734f..96cee775e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -333,7 +333,7 @@ jobs: run: | cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem - pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") + pkcs12_password="abcdefg" openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint a2yvr5l8sc9814-ats.iot.us-east-1.amazonaws.com --pkcs12_file /tmp/pkcs12-key.p12 --pkcs12_password $pkcs12_password --verbosity Trace # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json From 94f69fa224c6f29a585267abf2f4cf61200e5c7f Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Tue, 23 May 2023 16:09:19 -0400 Subject: [PATCH 21/52] Try relative paths? --- .github/workflows/ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 96cee775e..bdce48125 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -331,11 +331,11 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | - cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem - key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem + cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > ./certificate.pem + key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > ./privatekey.pem pkcs12_password="abcdefg" - openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password - ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint a2yvr5l8sc9814-ats.iot.us-east-1.amazonaws.com --pkcs12_file /tmp/pkcs12-key.p12 --pkcs12_password $pkcs12_password --verbosity Trace + openssl pkcs12 -export -in ./certificate.pem -inkey ./privatekey.pem -out ./pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password + ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint a2yvr5l8sc9814-ats.iot.us-east-1.amazonaws.com --pkcs12_file ./pkcs12-key.p12 --pkcs12_password $pkcs12_password # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 From 2fe92b86f83346f6331fb5bef7b1a0b88a2d2e03 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Wed, 24 May 2023 10:41:19 -0400 Subject: [PATCH 22/52] Try again --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bdce48125..1f5b88749 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -333,7 +333,7 @@ jobs: run: | cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > ./certificate.pem key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > ./privatekey.pem - pkcs12_password="abcdefg" + pkcs12_password="abc" openssl pkcs12 -export -in ./certificate.pem -inkey ./privatekey.pem -out ./pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint a2yvr5l8sc9814-ats.iot.us-east-1.amazonaws.com --pkcs12_file ./pkcs12-key.p12 --pkcs12_password $pkcs12_password # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json From 53a55d59240123effc898b0f1dfd5ab13cf2a1de Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Wed, 24 May 2023 11:04:32 -0400 Subject: [PATCH 23/52] Revert back to how Python does it again --- .github/workflows/ci.yml | 13 ++++++------- .../workflows/ci_run_pkcs12_connect_cfg.json | 6 +----- samples/mqtt/pkcs12_connect/main.cpp | 17 +++++++++++++---- 3 files changed, 20 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1f5b88749..8e69fbc28 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -328,15 +328,14 @@ jobs: aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: run MQTT3 PubSub sample run: | - python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json + python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: run PKCS12 sample run: | - cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > ./certificate.pem - key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > ./privatekey.pem - pkcs12_password="abc" - openssl pkcs12 -export -in ./certificate.pem -inkey ./privatekey.pem -out ./pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password - ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint a2yvr5l8sc9814-ats.iot.us-east-1.amazonaws.com --pkcs12_file ./pkcs12-key.p12 --pkcs12_password $pkcs12_password - # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem + key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem + pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") + openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out ./pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password + python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 5be1b09e3..91c30933c 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -10,15 +10,11 @@ }, { "name": "--pkcs12_file", - "data": "/tmp/pkcs12-key.p12" + "data": "./pkcs12-key.p12" }, { "name": "--pkcs12_password", "secret": "ci/PubSub/key_pkcs12_password" - }, - { - "name": "--verbosity", - "data": "Trace" } ] } diff --git a/samples/mqtt/pkcs12_connect/main.cpp b/samples/mqtt/pkcs12_connect/main.cpp index 9a90a7f56..3ab739276 100644 --- a/samples/mqtt/pkcs12_connect/main.cpp +++ b/samples/mqtt/pkcs12_connect/main.cpp @@ -4,6 +4,7 @@ */ #include #include +#include #include "../../utils/CommandLineUtils.h" @@ -14,7 +15,7 @@ int main(int argc, char *argv[]) /************************ Setup ****************************/ - // Do the global initialization for the API + // Do the global initialization for the API. ApiHandle apiHandle; /** @@ -25,15 +26,24 @@ int main(int argc, char *argv[]) Utils::cmdData cmdData = Utils::parseSampleInputPKCS12Connect(argc, argv, &apiHandle); // Create the MQTT builder and populate it with data from cmdData. + Aws::Iot::MqttClient client; struct Aws::Iot::Pkcs12Options options; options.pkcs12_file = cmdData.input_pkcs12File; options.pkcs12_password = cmdData.input_pkcs12Password; - auto clientConfigBuilder = Aws::Iot::MqttClientConnectionConfigBuilder(options); - clientConfigBuilder.WithEndpoint(cmdData.input_endpoint); + Aws::Iot::MqttClientConnectionConfigBuilder clientConfigBuilder(options); + if (!clientConfigBuilder) + { + fprintf( + stderr, + "MqttClientConnectionConfigBuilder failed: %s\n", + Aws::Crt::ErrorDebugString(Aws::Crt::LastError())); + exit(-1); + } if (cmdData.input_ca != "") { clientConfigBuilder.WithCertificateAuthority(cmdData.input_ca.c_str()); } + clientConfigBuilder.WithEndpoint(cmdData.input_endpoint); // Create the MQTT connection from the MQTT builder auto clientConfig = clientConfigBuilder.Build(); @@ -45,7 +55,6 @@ int main(int argc, char *argv[]) Aws::Crt::ErrorDebugString(clientConfig.LastError())); exit(-1); } - Aws::Iot::MqttClient client = Aws::Iot::MqttClient(); auto connection = client.NewConnection(clientConfig); if (!*connection) { From f64ab14b5b8d1a273c859dcfb209d12ac5343cae Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Wed, 24 May 2023 11:18:18 -0400 Subject: [PATCH 24/52] Modified wrong file path --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8e69fbc28..e7e1678de 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -328,7 +328,7 @@ jobs: aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: run MQTT3 PubSub sample run: | - python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem From c8c4fb1e3c4f2fa6ba8967f89e9756442cfb4995 Mon Sep 17 00:00:00 2001 From: Noah Beard Date: Wed, 24 May 2023 11:44:44 -0400 Subject: [PATCH 25/52] Try getting the PKCS12 key from S3 --- .github/workflows/ci.yml | 5 +---- .github/workflows/ci_run_pkcs12_connect_cfg.json | 4 ++-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e7e1678de..e96c25609 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -331,10 +331,7 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | - cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem - key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem - pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") - openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out ./pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password + aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 ./iot_pkcs12_key.p12 python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 91c30933c..7375c5bb3 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -10,11 +10,11 @@ }, { "name": "--pkcs12_file", - "data": "./pkcs12-key.p12" + "data": "./iot_pkcs12_key.p12" }, { "name": "--pkcs12_password", - "secret": "ci/PubSub/key_pkcs12_password" + "data": "PKCS12_KEY_PASSWORD" } ] } From 8180cee1542d37ea706a9903c5d143780f5a5942 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Tue, 11 Jul 2023 16:02:03 -0700 Subject: [PATCH 26/52] use a tmp pkcs12 key file path --- .github/workflows/ci.yml | 2 +- .github/workflows/ci_run_pkcs12_connect_cfg.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c6558343f..6707b5d78 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -332,7 +332,7 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | - aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 ./iot_pkcs12_key.p12 + aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 /tmp/iot_pkcs12_key.p12 python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 7375c5bb3..5861126db 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -10,7 +10,7 @@ }, { "name": "--pkcs12_file", - "data": "./iot_pkcs12_key.p12" + "data": "/tmp/iot_pkcs12_key.p12" }, { "name": "--pkcs12_password", From bb9c14b40299e5897cc71c54f0cebf27a323a836 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Tue, 11 Jul 2023 16:04:56 -0700 Subject: [PATCH 27/52] test with sudo python3 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6707b5d78..f0dad03bf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -333,7 +333,7 @@ jobs: - name: run PKCS12 sample run: | aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 /tmp/iot_pkcs12_key.p12 - python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + sudo python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: From 5d69e76a440bac24a89ccd99197d3f1cb140ed84 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Tue, 11 Jul 2023 16:47:18 -0700 Subject: [PATCH 28/52] update permission --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f0dad03bf..95cedb3e2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -313,6 +313,7 @@ jobs: runs-on: macos-latest permissions: id-token: write # This is required for requesting the JWT + security-events: write # This is required for pkcs12 sample to sign the key steps: - name: Build ${{ env.PACKAGE_NAME }} + consumers run: | @@ -333,7 +334,7 @@ jobs: - name: run PKCS12 sample run: | aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 /tmp/iot_pkcs12_key.p12 - sudo python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: From 81df7d34c74915df0ca344aaa213fcf3166ebd45 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Wed, 12 Jul 2023 10:34:02 -0700 Subject: [PATCH 29/52] test with logs --- .github/workflows/ci.yml | 6 ++++-- .github/workflows/ci_run_pkcs12_connect_cfg.json | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 95cedb3e2..d33c72c14 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -313,7 +313,7 @@ jobs: runs-on: macos-latest permissions: id-token: write # This is required for requesting the JWT - security-events: write # This is required for pkcs12 sample to sign the key + security-events: read|write # This is required for pkcs12 sample to sign the key steps: - name: Build ${{ env.PACKAGE_NAME }} + consumers run: | @@ -333,8 +333,10 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | + endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 /tmp/iot_pkcs12_key.p12 - python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json + ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file /tmp/pkcs12-key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace + # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index 5861126db..d73042f56 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -15,6 +15,10 @@ { "name": "--pkcs12_password", "data": "PKCS12_KEY_PASSWORD" + }, + { + "name": "--verbosity", + "data": "Trace" } ] } From e67379365cf97287dfd2ea9b594beecfa23ac929 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Wed, 12 Jul 2023 11:17:11 -0700 Subject: [PATCH 30/52] update security permision --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d33c72c14..9d7cbdef6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -313,7 +313,7 @@ jobs: runs-on: macos-latest permissions: id-token: write # This is required for requesting the JWT - security-events: read|write # This is required for pkcs12 sample to sign the key + security-events: write # This is required for pkcs12 sample to sign the key steps: - name: Build ${{ env.PACKAGE_NAME }} + consumers run: | From 28a7e7ef27070f2fd15037253755e107d2b47236 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Wed, 12 Jul 2023 11:32:56 -0700 Subject: [PATCH 31/52] update key file path --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9d7cbdef6..8e2d72e15 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -334,8 +334,8 @@ jobs: - name: run PKCS12 sample run: | endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") - aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 /tmp/iot_pkcs12_key.p12 - ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file /tmp/pkcs12-key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace + aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 ./iot_pkcs12_key.p12 + ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 From 0579b7703bdf54a7d137672996555d939635d726 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Wed, 12 Jul 2023 14:41:07 -0700 Subject: [PATCH 32/52] test with sudo --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8e2d72e15..c5241d158 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -335,7 +335,7 @@ jobs: run: | endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 ./iot_pkcs12_key.p12 - ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace + sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 From b7a4cc69932b5d1eb42fbd7c05128d2818997244 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Thu, 13 Jul 2023 10:46:02 -0700 Subject: [PATCH 33/52] test github action --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c5241d158..1d4235ac6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -331,6 +331,11 @@ jobs: - name: run MQTT3 PubSub sample run: | python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json + - name: set PKCS12 key + uses: apple-actions/import-codesign-certs@v2 + with: + p12-file-base64: ${{ secrets.PKCS12_FILE_BASE64 }} + p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }} - name: run PKCS12 sample run: | endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") From 6246ca5765828464a3d34c8fce76b1e87616a4f0 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Thu, 13 Jul 2023 13:07:35 -0700 Subject: [PATCH 34/52] test github security --- .github/workflows/ci.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1d4235ac6..70151a8fe 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -331,15 +331,19 @@ jobs: - name: run MQTT3 PubSub sample run: | python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - - name: set PKCS12 key - uses: apple-actions/import-codesign-certs@v2 - with: - p12-file-base64: ${{ secrets.PKCS12_FILE_BASE64 }} - p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }} - name: run PKCS12 sample run: | + endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 ./iot_pkcs12_key.p12 + + security create-keychain -p test_password build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p test_password build.keychain + security import certificate.p12 -k build.keychain -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k test_password build.keychain + security find-identity -v + #/usr/bin/codesign --force -s ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) From 1d9f762525f9b5cedfa5a6e6125e2c35bd00ecfa Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Thu, 13 Jul 2023 13:11:39 -0700 Subject: [PATCH 35/52] fix yml --- .github/workflows/ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 70151a8fe..dc7b8d528 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -333,10 +333,8 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | - endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 ./iot_pkcs12_key.p12 - security create-keychain -p test_password build.keychain security default-keychain -s build.keychain security unlock-keychain -p test_password build.keychain From e40efb1c1f5db84ab9ff3b5b57254313b0296f4b Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Thu, 13 Jul 2023 13:22:11 -0700 Subject: [PATCH 36/52] fix yaml --- .github/workflows/ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dc7b8d528..9f2c9449b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -341,9 +341,7 @@ jobs: security import certificate.p12 -k build.keychain -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k test_password build.keychain security find-identity -v - #/usr/bin/codesign --force -s ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace - # python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: From 579b681ebcb18a54717a362a6763ff81d5fa2386 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Thu, 13 Jul 2023 13:31:35 -0700 Subject: [PATCH 37/52] fix import pkcs12 key path --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9f2c9449b..98e483862 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -338,7 +338,7 @@ jobs: security create-keychain -p test_password build.keychain security default-keychain -s build.keychain security unlock-keychain -p test_password build.keychain - security import certificate.p12 -k build.keychain -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign + security import iot_pkcs12_key.p12 -k build.keychain -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k test_password build.keychain security find-identity -v sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace From 57a6099c5b32aea0a11c9f1e102ad0de10676424 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Thu, 13 Jul 2023 14:18:45 -0700 Subject: [PATCH 38/52] try access identity from keychain --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 98e483862..3c14fec94 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -340,7 +340,8 @@ jobs: security unlock-keychain -p test_password build.keychain security import iot_pkcs12_key.p12 -k build.keychain -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k test_password build.keychain - security find-identity -v + security find-identity -v build.keychain + /usr/bin/codesign --force -s ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 From 3cbf6de00d2b3b222ce46270071c8ce2acd77956 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Fri, 14 Jul 2023 09:12:39 -0700 Subject: [PATCH 39/52] test identity --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3c14fec94..d70303d29 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -341,7 +341,7 @@ jobs: security import iot_pkcs12_key.p12 -k build.keychain -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k test_password build.keychain security find-identity -v build.keychain - /usr/bin/codesign --force -s ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v + /usr/bin/codesign --force -s ec192142-a4b1-4ac2-aeab-5b93acd522a9 ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 From 08414b571bea9f0183041c6af8d0125a57c84efc Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 09:55:22 -0700 Subject: [PATCH 40/52] test different keychain --- .github/workflows/ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d70303d29..c8cdc2843 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -336,10 +336,12 @@ jobs: endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 ./iot_pkcs12_key.p12 security create-keychain -p test_password build.keychain + security set-keychain-settings -lut 21600 build.keychain security default-keychain -s build.keychain security unlock-keychain -p test_password build.keychain - security import iot_pkcs12_key.p12 -k build.keychain -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k test_password build.keychain + security import iot_pkcs12_key.p12 -k build.keychain -f pkcs12 -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -A + security set-key-partition-list -S apple-tool:,apple:,codesign: -k test_password build.keychain + security list-keychains -d user -s build.keychain 'login.keychain' security find-identity -v build.keychain /usr/bin/codesign --force -s ec192142-a4b1-4ac2-aeab-5b93acd522a9 ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace From 85aa53f04a4a8f9e4619628a5a884fc634d72598 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 10:17:34 -0700 Subject: [PATCH 41/52] try create local pkcs12 file --- .github/workflows/ci.yml | 11 ++++++++--- .github/workflows/ci_run_pkcs12_connect_cfg.json | 4 ++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c8cdc2843..0d768a7c5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -333,8 +333,12 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | - endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") - aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 ./iot_pkcs12_key.p12 +# endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") +# aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 ./iot_pkcs12_key.p12 + cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem + key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem + pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") + openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out ./iot_pkcs12_key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password security create-keychain -p test_password build.keychain security set-keychain-settings -lut 21600 build.keychain security default-keychain -s build.keychain @@ -343,8 +347,9 @@ jobs: security set-key-partition-list -S apple-tool:,apple:,codesign: -k test_password build.keychain security list-keychains -d user -s build.keychain 'login.keychain' security find-identity -v build.keychain + ls ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/ /usr/bin/codesign --force -s ec192142-a4b1-4ac2-aeab-5b93acd522a9 ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v - sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password PKCS12_KEY_PASSWORD --verbosity Trace + sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password $pkcs12_password --verbosity Trace - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: diff --git a/.github/workflows/ci_run_pkcs12_connect_cfg.json b/.github/workflows/ci_run_pkcs12_connect_cfg.json index d73042f56..15167cce6 100644 --- a/.github/workflows/ci_run_pkcs12_connect_cfg.json +++ b/.github/workflows/ci_run_pkcs12_connect_cfg.json @@ -10,11 +10,11 @@ }, { "name": "--pkcs12_file", - "data": "/tmp/iot_pkcs12_key.p12" + "data": "./iot_pkcs12_key.p12" }, { "name": "--pkcs12_password", - "data": "PKCS12_KEY_PASSWORD" + "secret": "ci/PubSub/key_pkcs12_password" }, { "name": "--verbosity", From 3eeaaf17d2cfa117d98f4ec54d15e4c87a452c70 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 10:33:39 -0700 Subject: [PATCH 42/52] fix yaml --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0d768a7c5..a1693682c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -343,8 +343,8 @@ jobs: security set-keychain-settings -lut 21600 build.keychain security default-keychain -s build.keychain security unlock-keychain -p test_password build.keychain - security import iot_pkcs12_key.p12 -k build.keychain -f pkcs12 -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign -T /usr/bin/security -A - security set-key-partition-list -S apple-tool:,apple:,codesign: -k test_password build.keychain + security import iot_pkcs12_key.p12 -A -k build.keychain -f pkcs12 -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign -T /usr/bin/security + security set-key-partition-list -S 'apple-tool:,apple:' -k test_password build.keychain security list-keychains -d user -s build.keychain 'login.keychain' security find-identity -v build.keychain ls ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/ From 2265ffc448f7be4bc6c55a31a336535cc0dde13b Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 10:35:04 -0700 Subject: [PATCH 43/52] remove comments --- .github/workflows/ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a1693682c..696a83eb9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -333,8 +333,6 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | -# endpoint=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") -# aws s3 cp s3://iot-sdk-ci-bucket-us-east1/iot_pkcs12_key.p12 ./iot_pkcs12_key.p12 cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") From c119a4f6c8ee59e6bd8009ff53f40d194a37542a Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 10:52:39 -0700 Subject: [PATCH 44/52] update pkcs12 passworkd --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 696a83eb9..20275107a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -341,7 +341,7 @@ jobs: security set-keychain-settings -lut 21600 build.keychain security default-keychain -s build.keychain security unlock-keychain -p test_password build.keychain - security import iot_pkcs12_key.p12 -A -k build.keychain -f pkcs12 -P PKCS12_KEY_PASSWORD -T /usr/bin/codesign -T /usr/bin/security + security import iot_pkcs12_key.p12 -A -k build.keychain -f pkcs12 -P $pkcs12_password -T /usr/bin/codesign -T /usr/bin/security security set-key-partition-list -S 'apple-tool:,apple:' -k test_password build.keychain security list-keychains -d user -s build.keychain 'login.keychain' security find-identity -v build.keychain From 4e1aa9cc74524d46260f5f7e7f2ddb019cd09463 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 15:05:31 -0700 Subject: [PATCH 45/52] test with identity file --- .github/workflows/ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 20275107a..5b712545f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -333,6 +333,7 @@ jobs: python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pubsub_cfg.json - name: run PKCS12 sample run: | + aws s3 cp s3://iot-sdk-ci-bucket-us-east1/pkcs12_identity.p12 ./pkcs12_identity.p12 cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") @@ -341,12 +342,13 @@ jobs: security set-keychain-settings -lut 21600 build.keychain security default-keychain -s build.keychain security unlock-keychain -p test_password build.keychain - security import iot_pkcs12_key.p12 -A -k build.keychain -f pkcs12 -P $pkcs12_password -T /usr/bin/codesign -T /usr/bin/security + security import pkcs12_identity.p12 -A -k build.keychain -f pkcs12 -P pkcs12_Identity -T /usr/bin/codesign -T /usr/bin/security security set-key-partition-list -S 'apple-tool:,apple:' -k test_password build.keychain security list-keychains -d user -s build.keychain 'login.keychain' security find-identity -v build.keychain + pkcs12_identity=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/macos/pkcs12_identity" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") ls ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/ - /usr/bin/codesign --force -s ec192142-a4b1-4ac2-aeab-5b93acd522a9 ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v + /usr/bin/codesign --force -s $pkcs12_identity ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password $pkcs12_password --verbosity Trace - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 From 57f6805c0abe5d9b9ca07862760f7157afaf9396 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 15:26:39 -0700 Subject: [PATCH 46/52] kick ci From 5ca781aff6ccf2f640d5629b35f12e14fe49c81c Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 15:51:29 -0700 Subject: [PATCH 47/52] clean up the secrets and sample --- .github/workflows/ci.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b712545f..398b0bf54 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -334,22 +334,21 @@ jobs: - name: run PKCS12 sample run: | aws s3 cp s3://iot-sdk-ci-bucket-us-east1/pkcs12_identity.p12 ./pkcs12_identity.p12 + pkcs12_identity=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/macos/pkcs12_identity" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") + pkcs12_identity_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/macos/pkcs12_identity_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem - pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") - openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out ./iot_pkcs12_key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password + iot_pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") + openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out ./iot_pkcs12_key.p12 -name PubSub_Thing_Alias -password pass:$iot_pkcs12_password security create-keychain -p test_password build.keychain security set-keychain-settings -lut 21600 build.keychain security default-keychain -s build.keychain security unlock-keychain -p test_password build.keychain - security import pkcs12_identity.p12 -A -k build.keychain -f pkcs12 -P pkcs12_Identity -T /usr/bin/codesign -T /usr/bin/security + security import pkcs12_identity.p12 -A -k build.keychain -f pkcs12 -P $pkcs12_identity_password -T /usr/bin/codesign -T /usr/bin/security security set-key-partition-list -S 'apple-tool:,apple:' -k test_password build.keychain security list-keychains -d user -s build.keychain 'login.keychain' - security find-identity -v build.keychain - pkcs12_identity=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/macos/pkcs12_identity" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") - ls ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/ /usr/bin/codesign --force -s $pkcs12_identity ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v - sudo ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect --endpoint $endpoint --pkcs12_file ./iot_pkcs12_key.p12 --pkcs12_password $pkcs12_password --verbosity Trace + python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: From 90825dfc8caa1e20f01b84ba86ac92e5ab26830f Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 16:19:46 -0700 Subject: [PATCH 48/52] kick ci From 7972f657bcddd868afefcfee258c526622da3d82 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 17:00:45 -0700 Subject: [PATCH 49/52] fix file path --- .github/workflows/ci.yml | 2 +- .github/workflows/test.log | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/test.log diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 398b0bf54..b9e78dd97 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -348,7 +348,7 @@ jobs: security set-key-partition-list -S 'apple-tool:,apple:' -k test_password build.keychain security list-keychains -d user -s build.keychain 'login.keychain' /usr/bin/codesign --force -s $pkcs12_identity ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v - python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json.json + python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 with: diff --git a/.github/workflows/test.log b/.github/workflows/test.log new file mode 100644 index 000000000..c1c8e576e --- /dev/null +++ b/.github/workflows/test.log @@ -0,0 +1,29 @@ +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101905230: Initializing edge-triggered kqueue +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101905230: starting event-loop thread. +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101a047c0: Initializing edge-triggered kqueue +[INFO] [2023-07-17T23:20:17Z] [000000016ff13000] [event-loop] - id=0x101905230: main loop started +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101a047c0: starting event-loop thread. +[INFO] [2023-07-17T23:20:17Z] [000000016ff13000] [event-loop] - id=0x101905230: default timeout 100s, and max events to process per tick 100 +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101906060: Initializing edge-triggered kqueue +[INFO] [2023-07-17T23:20:17Z] [000000016ff9f000] [event-loop] - id=0x101a047c0: main loop started +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101906060: starting event-loop thread. +[INFO] [2023-07-17T23:20:17Z] [000000016ff9f000] [event-loop] - id=0x101a047c0: default timeout 100s, and max events to process per tick 100 +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x1019060b0: Initializing edge-triggered kqueue +[INFO] [2023-07-17T23:20:17Z] [000000017002b000] [event-loop] - id=0x101906060: main loop started +[INFO] [2023-07-17T23:20:17Z] [000000017002b000] [event-loop] - id=0x101906060: default timeout 100s, and max events to process per tick 100 +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x1019060b0: starting event-loop thread. +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101905dd0: Initializing edge-triggered kqueue +[INFO] [2023-07-17T23:20:17Z] [00000001700b7000] [event-loop] - id=0x1019060b0: main loop started +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101905dd0: starting event-loop thread. +[INFO] [2023-07-17T23:20:17Z] [00000001700b7000] [event-loop] - id=0x1019060b0: default timeout 100s, and max events to process per tick 100 +[INFO] [2023-07-17T23:20:17Z] [0000000170143000] [event-loop] - id=0x101905dd0: main loop started +[INFO] [2023-07-17T23:20:17Z] [0000000170143000] [event-loop] - id=0x101905dd0: default timeout 100s, and max events to process per tick 100 +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [dns] - id=0x101a04eb0: Initializing default host resolver with 1 max host entries. +[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [channel-bootstrap] - id=0x101a04fa0: Initializing client bootstrap with event-loop group 0x1019051d0 +[DEBUG] [2023-07-17T23:20:17Z] [00000001e25d1e00] [mqtt-client] - client=0x101a05010: Initalizing MQTT client +[DEBUG] [2023-07-17T23:20:17Z] [00000001e25d1e00] [channel-bootstrap] - id=0x101a04fa0: acquiring bootstrap reference +[DEBUG] [2023-07-17T23:20:17Z] [00000001e25d1e00] [mqtt-client] - client=0x101a05010: Cleaning up MQTT client +[DEBUG] [2023-07-17T23:20:17Z] [00000001e25d1e00] [channel-bootstrap] - id=0x101a04fa0: releasing bootstrap reference +[DEBUG] [2023-07-17T23:20:20Z] [00000001e25d1e00] [tls-handler] - static: certificate and key have been set, setting them up now. +[ERROR] [2023-07-17T23:20:20Z] [00000001e25d1e00] [pki-utils] - static: error importing ECC private key with OSStatus -25257 +[ERROR] [2023-07-17T23:20:20Z] [00000001e25d1e00] [tls-handler] - static: failed to import certificate and private key with error 1038. From 268cfc9c3e67d786840f359d2cd14c5f3825454d Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Mon, 17 Jul 2023 17:01:23 -0700 Subject: [PATCH 50/52] clean up commands --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b9e78dd97..5e6afa990 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -346,7 +346,6 @@ jobs: security unlock-keychain -p test_password build.keychain security import pkcs12_identity.p12 -A -k build.keychain -f pkcs12 -P $pkcs12_identity_password -T /usr/bin/codesign -T /usr/bin/security security set-key-partition-list -S 'apple-tool:,apple:' -k test_password build.keychain - security list-keychains -d user -s build.keychain 'login.keychain' /usr/bin/codesign --force -s $pkcs12_identity ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) From 7df149656a7e9f422e13902bcf895480185e319d Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Fri, 4 Aug 2023 14:07:21 -0700 Subject: [PATCH 51/52] improve ci.ym; --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5e6afa990..550fc2fb0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -334,7 +334,7 @@ jobs: - name: run PKCS12 sample run: | aws s3 cp s3://iot-sdk-ci-bucket-us-east1/pkcs12_identity.p12 ./pkcs12_identity.p12 - pkcs12_identity=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/macos/pkcs12_identity" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") + pkcs12_identity_name=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/macos/pkcs12_identity" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") pkcs12_identity_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/macos/pkcs12_identity_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem @@ -346,7 +346,7 @@ jobs: security unlock-keychain -p test_password build.keychain security import pkcs12_identity.p12 -A -k build.keychain -f pkcs12 -P $pkcs12_identity_password -T /usr/bin/codesign -T /usr/bin/security security set-key-partition-list -S 'apple-tool:,apple:' -k test_password build.keychain - /usr/bin/codesign --force -s $pkcs12_identity ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v + /usr/bin/codesign --force -s $pkcs12_identity_name ./aws-iot-device-sdk-cpp-v2/build/samples/mqtt/pkcs12_connect/pkcs12-connect -v python3 ${{ env.CI_UTILS_FOLDER }}/run_sample_ci.py --file ${{ env.CI_SAMPLES_CFG_FOLDER }}/ci_run_pkcs12_connect_cfg.json - name: configure AWS credentials (MQTT5) uses: aws-actions/configure-aws-credentials@v1 From 10e8a65fcc27445983b2c4035aefc63641702b95 Mon Sep 17 00:00:00 2001 From: Zhihui Xia Date: Tue, 8 Aug 2023 11:20:45 -0700 Subject: [PATCH 52/52] remove unnecssary file --- .github/workflows/test.log | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 .github/workflows/test.log diff --git a/.github/workflows/test.log b/.github/workflows/test.log deleted file mode 100644 index c1c8e576e..000000000 --- a/.github/workflows/test.log +++ /dev/null @@ -1,29 +0,0 @@ -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101905230: Initializing edge-triggered kqueue -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101905230: starting event-loop thread. -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101a047c0: Initializing edge-triggered kqueue -[INFO] [2023-07-17T23:20:17Z] [000000016ff13000] [event-loop] - id=0x101905230: main loop started -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101a047c0: starting event-loop thread. -[INFO] [2023-07-17T23:20:17Z] [000000016ff13000] [event-loop] - id=0x101905230: default timeout 100s, and max events to process per tick 100 -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101906060: Initializing edge-triggered kqueue -[INFO] [2023-07-17T23:20:17Z] [000000016ff9f000] [event-loop] - id=0x101a047c0: main loop started -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101906060: starting event-loop thread. -[INFO] [2023-07-17T23:20:17Z] [000000016ff9f000] [event-loop] - id=0x101a047c0: default timeout 100s, and max events to process per tick 100 -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x1019060b0: Initializing edge-triggered kqueue -[INFO] [2023-07-17T23:20:17Z] [000000017002b000] [event-loop] - id=0x101906060: main loop started -[INFO] [2023-07-17T23:20:17Z] [000000017002b000] [event-loop] - id=0x101906060: default timeout 100s, and max events to process per tick 100 -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x1019060b0: starting event-loop thread. -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101905dd0: Initializing edge-triggered kqueue -[INFO] [2023-07-17T23:20:17Z] [00000001700b7000] [event-loop] - id=0x1019060b0: main loop started -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [event-loop] - id=0x101905dd0: starting event-loop thread. -[INFO] [2023-07-17T23:20:17Z] [00000001700b7000] [event-loop] - id=0x1019060b0: default timeout 100s, and max events to process per tick 100 -[INFO] [2023-07-17T23:20:17Z] [0000000170143000] [event-loop] - id=0x101905dd0: main loop started -[INFO] [2023-07-17T23:20:17Z] [0000000170143000] [event-loop] - id=0x101905dd0: default timeout 100s, and max events to process per tick 100 -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [dns] - id=0x101a04eb0: Initializing default host resolver with 1 max host entries. -[INFO] [2023-07-17T23:20:17Z] [00000001e25d1e00] [channel-bootstrap] - id=0x101a04fa0: Initializing client bootstrap with event-loop group 0x1019051d0 -[DEBUG] [2023-07-17T23:20:17Z] [00000001e25d1e00] [mqtt-client] - client=0x101a05010: Initalizing MQTT client -[DEBUG] [2023-07-17T23:20:17Z] [00000001e25d1e00] [channel-bootstrap] - id=0x101a04fa0: acquiring bootstrap reference -[DEBUG] [2023-07-17T23:20:17Z] [00000001e25d1e00] [mqtt-client] - client=0x101a05010: Cleaning up MQTT client -[DEBUG] [2023-07-17T23:20:17Z] [00000001e25d1e00] [channel-bootstrap] - id=0x101a04fa0: releasing bootstrap reference -[DEBUG] [2023-07-17T23:20:20Z] [00000001e25d1e00] [tls-handler] - static: certificate and key have been set, setting them up now. -[ERROR] [2023-07-17T23:20:20Z] [00000001e25d1e00] [pki-utils] - static: error importing ECC private key with OSStatus -25257 -[ERROR] [2023-07-17T23:20:20Z] [00000001e25d1e00] [tls-handler] - static: failed to import certificate and private key with error 1038.