awslabs · bretambrose · May 14, 2020 · May 14, 2020 · May 14, 2020 · May 14, 2020
diff --git a/aws-common-runtime/aws-c-auth b/aws-common-runtime/aws-c-auth
diff --git a/src/main/java/software/amazon/awssdk/crt/auth/credentials/X509CredentialsProvider.java b/src/main/java/software/amazon/awssdk/crt/auth/credentials/X509CredentialsProvider.java
@@ -17,6 +17,7 @@
 import java.lang.IllegalArgumentException;
 import java.nio.charset.Charset;
 import software.amazon.awssdk.crt.auth.credentials.CredentialsProvider;
+import software.amazon.awssdk.crt.http.HttpProxyOptions;
 import software.amazon.awssdk.crt.io.ClientBootstrap;
 import software.amazon.awssdk.crt.io.TlsContext;
 
@@ -39,6 +40,7 @@ static public class X509CredentialsProviderBuilder {
 
         private TlsContext tlsContext;
         private ClientBootstrap clientBootstrap;
+        private HttpProxyOptions proxyOptions;
 
         public X509CredentialsProviderBuilder() {}
 
@@ -105,6 +107,20 @@ public X509CredentialsProviderBuilder withEndpoint(String endpoint) {
 
         String getEndpoint() { return endpoint; }
 
+        /**
+         * Sets the proxy configuration to use when making the http request that fetches session
+         * credentials from the IoT x509 credentials provider service
+         * @param proxyOptions proxy configuration for the credentials fetching http request
+         */
+        public X509CredentialsProviderBuilder withProxyOptions(HttpProxyOptions proxyOptions) {
+            this.proxyOptions = proxyOptions;
+
+            return this;
+        }
+
+        HttpProxyOptions getProxyOptions() { return proxyOptions; }
+
+
         public X509CredentialsProvider build() {
             return new X509CredentialsProvider(this);
         }
@@ -126,7 +142,39 @@ private X509CredentialsProvider(X509CredentialsProviderBuilder builder) {
             throw new IllegalArgumentException("X509CredentialsProvider - clientBootstrap and tlsContext must be non null");
         }
 
-        long nativeHandle = x509CredentialsProviderNew(this, clientBootstrap.getNativeHandle(), tlsContext.getNativeHandle(), thingName.getBytes(UTF8), roleAlias.getBytes(UTF8), endpoint.getBytes(UTF8));
+        long proxyTlsContextHandle = 0;
+        String proxyHost = null;
+        int proxyPort = 0;
+        int proxyAuthorizationType = 0;
+        String proxyAuthorizationUsername = null;
+        String proxyAuthorizationPassword = null;
+        HttpProxyOptions proxyOptions = builder.getProxyOptions();
+        if (proxyOptions != null) {
+            TlsContext proxyTlsContext = proxyOptions.getTlsContext();
+            if (proxyTlsContext != null) {
+                proxyTlsContextHandle = proxyTlsContext.getNativeHandle();
+            }
+
+            proxyHost = proxyOptions.getHost();
+            proxyPort = proxyOptions.getPort();
+            proxyAuthorizationType = proxyOptions.getAuthorizationType().getValue();
+            proxyAuthorizationUsername = proxyOptions.getAuthorizationUsername();
+            proxyAuthorizationPassword = proxyOptions.getAuthorizationPassword();
+        }
+
+        long nativeHandle = x509CredentialsProviderNew(
+                this,
+                clientBootstrap.getNativeHandle(),
+                tlsContext.getNativeHandle(),
+                thingName.getBytes(UTF8),
+                roleAlias.getBytes(UTF8),
+                endpoint.getBytes(UTF8),
+                proxyHost,
+                proxyPort,
+                proxyTlsContextHandle,
+                proxyAuthorizationType,
+                proxyAuthorizationUsername,
+                proxyAuthorizationPassword);
 
         acquireNativeHandle(nativeHandle);
         addReferenceTo(clientBootstrap);
@@ -137,5 +185,16 @@ private X509CredentialsProvider(X509CredentialsProviderBuilder builder) {
      * Native methods
      ******************************************************************************/
 
-    private static native long x509CredentialsProviderNew(X509CredentialsProvider thisObj, long bootstrapHandle, long tlsContextHandle, byte[] thingName, byte[] roleAlias, byte[] endpoint);
+    private static native long x509CredentialsProviderNew(X509CredentialsProvider thisObj,
+                                                          long bootstrapHandle,
+                                                          long tlsContextHandle,
+                                                          byte[] thingName,
+                                                          byte[] roleAlias,
+                                                          byte[] endpoint,
+                                                          String proxyHost,
+                                                          int proxyPort,
+                                                          long proxyTlsContext,
+                                                          int proxyAuthorizationType,
+                                                          String proxyAuthorizationUsername,
+                                                          String proxyAuthorizationPassword);
 }
diff --git a/src/native/credentials_provider.c b/src/native/credentials_provider.c
@@ -14,13 +14,15 @@
  */
 
 #include "crt.h"
+#include "http_connection_manager.h"
 #include "java_class_ids.h"
 
 #include <jni.h>
 #include <string.h>
 
 #include <aws/auth/credentials.h>
 #include <aws/common/string.h>
+#include <aws/http/connection.h>
 #include <aws/io/tls_channel_handler.h>
 
 /* on 32-bit platforms, casting pointers to longs throws a warning we don't need */
@@ -157,7 +159,13 @@ JNIEXPORT jlong JNICALL
         jlong tls_context_handle,
         jbyteArray thing_name,
         jbyteArray role_alias,
-        jbyteArray endpoint) {
+        jbyteArray endpoint,
+        jstring jni_proxy_host,
+        jint jni_proxy_port,
+        jlong jni_proxy_tls_context,
+        jint jni_proxy_authorization_type,
+        jstring jni_proxy_authorization_username,
+        jstring jni_proxy_authorization_password) {
 
     (void)jni_class;
     (void)env;
@@ -184,6 +192,26 @@ JNIEXPORT jlong JNICALL
     options.role_alias = aws_jni_byte_cursor_from_jbyteArray_acquire(env, role_alias);
     options.endpoint = aws_jni_byte_cursor_from_jbyteArray_acquire(env, endpoint);
 
+    struct aws_tls_connection_options proxy_tls_connection_options;
+    AWS_ZERO_STRUCT(proxy_tls_connection_options);
+    struct aws_http_proxy_options proxy_options;
+    AWS_ZERO_STRUCT(proxy_options);
+
+    aws_http_proxy_options_jni_init(
+        env,
+        &proxy_options,
+        &proxy_tls_connection_options,
+        jni_proxy_host,
+        jni_proxy_port,
+        jni_proxy_authorization_username,
+        jni_proxy_authorization_password,
+        jni_proxy_authorization_type,
+        (struct aws_tls_ctx *)jni_proxy_tls_context);
+
+    if (jni_proxy_host != NULL) {
+        options.proxy_options = &proxy_options;
+    }
+
     struct aws_credentials_provider *provider = aws_credentials_provider_new_x509(allocator, &options);
     if (provider == NULL) {
         aws_mem_release(allocator, callback_data);
@@ -196,6 +224,9 @@ JNIEXPORT jlong JNICALL
     aws_jni_byte_cursor_from_jbyteArray_release(env, role_alias, options.role_alias);
     aws_jni_byte_cursor_from_jbyteArray_release(env, endpoint, options.endpoint);
 
+    aws_http_proxy_options_jni_clean_up(
+        env, &proxy_options, jni_proxy_host, jni_proxy_authorization_username, jni_proxy_authorization_password);
+
     aws_tls_connection_options_clean_up(&tls_connection_options);
 
     return (jlong)provider;

diff --git a/src/native/http_connection_manager.c b/src/native/http_connection_manager.c
@@ -20,17 +20,12 @@
 #include <string.h>
 
 #include <aws/common/condition_variable.h>
-#include <aws/common/mutex.h>
 #include <aws/common/string.h>
-#include <aws/common/thread.h>
 
-#include <aws/io/channel.h>
 #include <aws/io/channel_bootstrap.h>
 #include <aws/io/event_loop.h>
-#include <aws/io/host_resolver.h>
 #include <aws/io/logging.h>
 #include <aws/io/socket.h>
-#include <aws/io/socket_channel_handler.h>
 #include <aws/io/tls_channel_handler.h>
 
 #include <aws/http/connection.h>
@@ -74,6 +69,65 @@ static void s_on_http_conn_manager_shutdown_complete_callback(void *user_data) {
     aws_mem_release(aws_jni_get_allocator(), user_data);
 }
 
+void aws_http_proxy_options_jni_init(
+    JNIEnv *env,
+    struct aws_http_proxy_options *options,
+    struct aws_tls_connection_options *tls_options,
+    jstring proxy_host,
+    uint16_t proxy_port,
+    jstring proxy_authorization_username,
+    jstring proxy_authorization_password,
+    int proxy_authorization_type,
+    struct aws_tls_ctx *proxy_tls_ctx) {
+
+    struct aws_allocator *allocator = aws_jni_get_allocator();
+
+    options->port = proxy_port;
+    options->auth_type = proxy_authorization_type;
+
+    if (proxy_host != NULL) {
+        options->host = aws_jni_byte_cursor_from_jstring_acquire(env, proxy_host);
+    }
+
+    if (proxy_authorization_username != NULL) {
+        options->auth_username = aws_jni_byte_cursor_from_jstring_acquire(env, proxy_authorization_username);
+    }
+
+    if (proxy_authorization_password != NULL) {
+        options->auth_password = aws_jni_byte_cursor_from_jstring_acquire(env, proxy_authorization_password);
+    }
+
+    if (proxy_tls_ctx != NULL) {
+        aws_tls_connection_options_init_from_ctx(tls_options, proxy_tls_ctx);
+        aws_tls_connection_options_set_server_name(tls_options, allocator, &options->host);
+        options->tls_options = tls_options;
+    }
+}
+
+void aws_http_proxy_options_jni_clean_up(
+    JNIEnv *env,
+    struct aws_http_proxy_options *options,
+    jstring proxy_host,
+    jstring proxy_authorization_username,
+    jstring proxy_authorization_password) {
+
+    if (options->host.ptr != NULL) {
+        aws_jni_byte_cursor_from_jstring_release(env, proxy_host, options->host);
+    }
+
+    if (options->auth_username.ptr != NULL) {
+        aws_jni_byte_cursor_from_jstring_release(env, proxy_authorization_username, options->auth_username);
+    }
+
+    if (options->auth_password.ptr != NULL) {
+        aws_jni_byte_cursor_from_jstring_release(env, proxy_authorization_password, options->auth_password);
+    }
+
+    if (options->tls_options != NULL) {
+        aws_tls_connection_options_clean_up(options->tls_options);
+    }
+}
+
 JNIEXPORT jlong JNICALL Java_software_amazon_awssdk_crt_http_HttpClientConnectionManager_httpClientConnectionManagerNew(
     JNIEnv *env,
     jclass jni_class,
@@ -172,66 +226,33 @@ JNIEXPORT jlong JNICALL Java_software_amazon_awssdk_crt_http_HttpClientConnectio
     struct aws_http_proxy_options proxy_options;
     AWS_ZERO_STRUCT(proxy_options);
 
-    struct aws_byte_cursor proxy_host;
-    AWS_ZERO_STRUCT(proxy_host);
-    if (jni_proxy_host != NULL) {
-        proxy_host = aws_jni_byte_cursor_from_jstring_acquire(env, jni_proxy_host);
-    }
-
-    struct aws_byte_cursor proxy_authorization_username;
-    AWS_ZERO_STRUCT(proxy_authorization_username);
-    if (jni_proxy_authorization_username != NULL) {
-        proxy_authorization_username = aws_jni_byte_cursor_from_jstring_acquire(env, jni_proxy_authorization_username);
-    }
-
-    struct aws_byte_cursor proxy_authorization_password;
-    AWS_ZERO_STRUCT(proxy_authorization_password);
-    if (jni_proxy_authorization_password != NULL) {
-        proxy_authorization_password = aws_jni_byte_cursor_from_jstring_acquire(env, jni_proxy_authorization_password);
-    }
-
     struct aws_tls_connection_options proxy_tls_conn_options;
     AWS_ZERO_STRUCT(proxy_tls_conn_options);
 
-    if (jni_proxy_host != NULL) {
-        proxy_options.host = proxy_host;
-        proxy_options.port = (uint16_t)jni_proxy_port;
-        proxy_options.auth_type = jni_proxy_authorization_type;
-        proxy_options.auth_username = proxy_authorization_username;
-        proxy_options.auth_password = proxy_authorization_password;
-
-        if (jni_proxy_tls_context != 0) {
-            struct aws_tls_ctx *proxy_tls_ctx = (struct aws_tls_ctx *)jni_proxy_tls_context;
-            aws_tls_connection_options_init_from_ctx(&proxy_tls_conn_options, proxy_tls_ctx);
-            aws_tls_connection_options_set_server_name(&proxy_tls_conn_options, allocator, &proxy_options.host);
-            proxy_options.tls_options = &proxy_tls_conn_options;
-        }
+    aws_http_proxy_options_jni_init(
+        env,
+        &proxy_options,
+        &proxy_tls_conn_options,
+        jni_proxy_host,
+        jni_proxy_port,
+        jni_proxy_authorization_username,
+        jni_proxy_authorization_password,
+        jni_proxy_authorization_type,
+        (struct aws_tls_ctx *)jni_proxy_tls_context);
 
+    if (jni_proxy_host != NULL) {
         manager_options.proxy_options = &proxy_options;
     }
 
     conn_manager = aws_http_connection_manager_new(allocator, &manager_options);
 
-    if (jni_proxy_host != NULL) {
-        aws_jni_byte_cursor_from_jstring_release(env, jni_proxy_host, proxy_host);
-    }
-
-    if (jni_proxy_authorization_username != NULL) {
-        aws_jni_byte_cursor_from_jstring_release(env, jni_proxy_authorization_username, proxy_authorization_username);
-    }
-
-    if (jni_proxy_authorization_password != NULL) {
-        aws_jni_byte_cursor_from_jstring_release(env, jni_proxy_authorization_password, proxy_authorization_password);
-    }
+    aws_http_proxy_options_jni_clean_up(
+        env, &proxy_options, jni_proxy_host, jni_proxy_authorization_username, jni_proxy_authorization_password);
 
     if (use_tls) {
         aws_tls_connection_options_clean_up(&tls_conn_options);
     }
 
-    if (proxy_options.tls_options) {
-        aws_tls_connection_options_clean_up(&proxy_tls_conn_options);
-    }
-
 cleanup:
     aws_jni_byte_cursor_from_jstring_release(env, jni_endpoint, endpoint);
 

diff --git a/src/native/http_connection_manager.h b/src/native/http_connection_manager.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+#ifndef AWS_JNI_CRT_HTTP_CONNECTION_MANAGER_H
+#define AWS_JNI_CRT_HTTP_CONNECTION_MANAGER_H
+
+#include <jni.h>
+
+struct aws_http_proxy_options;
+struct aws_tls_connection_options;
+struct aws_tls_ctx;
+
+void aws_http_proxy_options_jni_init(
+    JNIEnv *env,
+    struct aws_http_proxy_options *options,
+    struct aws_tls_connection_options *tls_options,
+    jstring proxy_host,
+    uint16_t proxy_port,
+    jstring proxy_authorization_username,
+    jstring proxy_authorization_password,
+    int proxy_authorization_type,
+    struct aws_tls_ctx *proxy_tls_ctx);
+
+void aws_http_proxy_options_jni_clean_up(
+    JNIEnv *env,
+    struct aws_http_proxy_options *options,
+    jstring proxy_host,
+    jstring proxy_authorization_username,
+    jstring proxy_authorization_password);
+
+#endif /* AWS_JNI_CRT_HTTP_CONNECTION_MANAGER_H */
+9 −1		include/aws/auth/credentials.h
+1 −0		source/credentials_provider_x509.c