MQTT and TLS Implementation (#287)

MQTT5 bindings and support
iOS and tvOS dispatch queue and SecItem support

Co-authored-by: Vera Xia <[email protected]>

Author: sbSteveK

.builder/actions/crt-ci-prep-xcodebuild.py

@@ -0,0 +1,9 @@
+import Builder
+
+class CrtCiPrepXCodebuild(Builder.Action):
+    def run(self, env):
+        env.shell.setenv("TEST_RUNNER_AWS_TESTING_STS_ROLE_ARN", env.shell.get_secret("aws-c-auth-testing/sts-role-arn"))
+        actions = [
+            Builder.SetupCrossCICrtEnvironment(use_xcodebuild=True)
+        ]
+        return Builder.Script(actions, name='crt-ci-prep-xcodebuild')

.github/workflows/ci.yml

@@ -6,7 +6,7 @@ on:
       - 'main'
 
 env:
-  BUILDER_VERSION: v0.9.73
+  BUILDER_VERSION: v0.9.77
   BUILDER_SOURCE: releases
   BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
   PACKAGE_NAME: aws-crt-swift
@@ -80,7 +80,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        # This matrix runs tests on iOS, tvOS & watchOS, on oldest & newest supported Xcodes
+        # This matrix runs tests on iOS and tvOS on oldest & newest supported Xcodes
         runner:
           - macos-13 # x64
           - macos-14
@@ -90,9 +90,7 @@ jobs:
           [{ os: ios, destination: 'iOS Simulator,OS=16.1,name=iPhone 14'},
            { os: ios, destination: 'iOS Simulator,OS=17.2,name=iPhone 15'},
            { os: tvos, destination: 'tvOS Simulator,OS=16.1,name=Apple TV 4K (3rd generation) (at 1080p)'},
-           { os: tvos, destination: 'tvOS Simulator,OS=17.2,name=Apple TV 4K (3rd generation) (at 1080p)'},
-           { os: watchos, destination: 'watchOS Simulator,OS=10.2,name=Apple Watch SE (40mm) (2nd generation)'},
-           { os: watchos, destination: 'watchOS Simulator,OS=9.1,name=Apple Watch Series 5 (40mm)'}]
+           { os: tvos, destination: 'tvOS Simulator,OS=17.2,name=Apple TV 4K (3rd generation) (at 1080p)'}]
         xcode:
           - Xcode_14.1
           - Xcode_15.2
@@ -102,6 +100,10 @@ jobs:
             xcode: Xcode_15.2
           - runner: macos-13
             xcode: Xcode_15.2
+          - runner: macos-13-xlarge
+            target: { os: ios, destination: 'iOS Simulator,OS=16.1,name=iPhone 14'}
+          - runner: macos-13
+            target: { os: ios, destination: 'iOS Simulator,OS=16.1,name=iPhone 14'}
           # Don't run new macOS with old Xcode
           - runner: macos-14-large
             xcode: Xcode_14.1
@@ -117,10 +119,6 @@ jobs:
             xcode: Xcode_14.1
           - target: { os: ios, destination: 'iOS Simulator,OS=17.2,name=iPhone 15'}
             xcode: Xcode_14.1
-          - target: { os: watchos, destination: 'watchOS Simulator,OS=10.2,name=Apple Watch SE (40mm) (2nd generation)'}
-            xcode: Xcode_14.1
-          - target: { os: watchos, destination: 'watchOS Simulator,OS=9.1,name=Apple Watch Series 5 (40mm)'}
-            xcode: Xcode_15.2
     steps:
     - uses: aws-actions/configure-aws-credentials@v4
       with:

.gitignore

@@ -7,3 +7,23 @@ cmake-build-debug
 .DS_Store
 .swiftpm
 .vscode
+
+# Ignore XCode project local user data
+### Xcode ###
+## User settings
+**/xcuserdata/
+
+## Xcode 8 and earlier
+*.xcscmblueprint
+*.xccheckout
+
+### Xcode Patch ###
+*.xcodeproj/*
+!*.xcodeproj/project.pbxproj
+!*.xcodeproj/xcshareddata/
+!*.xcodeproj/project.xcworkspace/
+!*.xcworkspace/contents.xcworkspacedata
+/*.gcno
+**/xcshareddata/WorkspaceSettings.xcsettings
+
+# End of https://www.toptal.com/developers/gitignore/api/xcode

.gitmodules

@@ -28,3 +28,6 @@
 [submodule "aws-common-runtime/aws-c-event-stream"]
 	path = aws-common-runtime/aws-c-event-stream
 	url = https://github.com/awslabs/aws-c-event-stream
+[submodule "aws-common-runtime/aws-c-mqtt"]
+	path = aws-common-runtime/aws-c-mqtt
+	url = https://github.com/awslabs/aws-c-mqtt.git

.swiftlint.yml

@@ -7,8 +7,6 @@ analyzer_rules:
 
 disabled_rules:
   - trailing_whitespace
-  - todo
-  - identifier_name
   - compiler_protocol_init
   - function_parameter_count
   - multiple_closures_with_trailing_closure
@@ -17,37 +15,32 @@ disabled_rules:
   - syntactic_sugar
   - unused_capture_list
   - blanket_disable_command
+  - identifier_name
   - trailing_comma
 
 opt_in_rules:
-  - empty_count
   - vertical_parameter_alignment_on_call
+  - empty_count
 
 # configurable rules can be customized from this configuration file
 force_cast: warning
+opening_brace: error
 closing_brace: error
 colon:
   severity: error
 comma: error
-empty_count: warning
 empty_enum_arguments: error
 function_body_length:
   warning: 100
   error: 150
-identifier_name:
-  excluded:
-    - id
-    - of
-    - or
 line_length:
-  warning: 120
+  warning: 140
   error: 160
   ignores_comments: true
-opening_brace: error
 return_arrow_whitespace: error
 statement_position:
   severity: error
-todo: warning
 trailing_semicolon: error
 vertical_parameter_alignment: error
-vertical_parameter_alignment_on_call: true
+vertical_parameter_alignment_on_call:
+  severity: error

Package.swift

@@ -22,6 +22,9 @@ let cSettings: [CSetting] = [
     .define("AWS_APPSTORE_SAFE"),
 ]
 
+/// Store any defines that will be used by Swift Tests in swiftTestSettings
+var swiftTestSettings: [SwiftSetting] = []
+
 //////////////////////////////////////////////////////////////////////
 /// Configure C targets.
 /// Note: We can not use unsafe flags because SwiftPM makes the target ineligible for use by other packages.
@@ -113,7 +116,6 @@ packageTargets.append(.target(
         .define("S2N_BUILD_RELEASE"),
         .define("_FORTIFY_SOURCE", to: "2"),
         .define("POSIX_C_SOURCE", to: "200809L"),
-
     ]
 ))
 #endif
@@ -137,16 +139,25 @@ awsCIoPlatformExcludes.append("source/linux")
 awsCIoPlatformExcludes.append("source/s2n")
 awsCIoPlatformExcludes.append("source/darwin")
 cSettingsIO.append(.define("AWS_ENABLE_IO_COMPLETION_PORTS"))
+swiftTestSettings.append(.define("AWS_ENABLE_IO_COMPLETION_PORTS"))
 #elseif os(Linux)
 awsCIoPlatformExcludes.append("source/windows")
 awsCIoPlatformExcludes.append("source/bsd")
 awsCIoPlatformExcludes.append("source/darwin")
 cSettingsIO.append(.define("AWS_ENABLE_EPOLL"))
+swiftTestSettings.append(.define("AWS_ENABLE_EPOLL"))
 #else  // macOS, iOS, watchOS, tvOS
 awsCIoPlatformExcludes.append("source/windows")
 awsCIoPlatformExcludes.append("source/linux")
 awsCIoPlatformExcludes.append("source/s2n")
-cSettingsIO.append(.define("AWS_ENABLE_KQUEUE"))
+cSettingsIO.append(.define("__APPLE__"))
+cSettingsIO.append(.define("AWS_ENABLE_DISPATCH_QUEUE", .when(platforms: [.iOS, .tvOS, .macOS])))
+cSettingsIO.append(.define("AWS_USE_SECITEM", .when(platforms: [.iOS, .tvOS])))
+cSettingsIO.append(.define("AWS_ENABLE_KQUEUE", .when(platforms: [.macOS])))
+swiftTestSettings.append(.define("__APPLE__"))
+swiftTestSettings.append(.define("AWS_ENABLE_DISPATCH_QUEUE", .when(platforms: [.iOS, .tvOS, .macOS])))
+swiftTestSettings.append(.define("AWS_USE_SECITEM", .when(platforms: [.iOS, .tvOS])))
+swiftTestSettings.append(.define("AWS_ENABLE_KQUEUE", .when(platforms: [.macOS])))
 #endif
 
 //////////////////////////////////////////////////////////////////////
@@ -204,6 +215,15 @@ let awsCEventStreamExcludes = [
     "CODE_OF_CONDUCT.md",
     "clang-tidy/run-clang-tidy.sh"] + excludesFromAll
 
+//////////////////////////////////////////////////////////////////////
+/// aws-c-mqtt
+//////////////////////////////////////////////////////////////////////
+
+let awsCMqttExcludes = [
+    "bin",
+    "CODE_OF_CONDUCT.md"
+] + excludesFromAll
+
 packageTargets.append(contentsOf: [
     .target(
         name: "AwsCPlatformConfig",
@@ -274,6 +294,16 @@ packageTargets.append(contentsOf: [
         exclude: awsCEventStreamExcludes,
         cSettings: cSettings
     ),
+    .target(
+        name: "AwsCMqtt",
+        dependencies: ["AwsCHttp", "AwsCCal", "AwsCIo", "AwsCCommon"],
+        path: "aws-common-runtime/aws-c-mqtt",
+        exclude: awsCMqttExcludes,
+        cSettings: cSettings
+    ),
+    .systemLibrary(
+        name: "LibNative"
+    ),
     .target(
         name: "AwsCommonRuntimeKit",
         dependencies: [ "AwsCAuth",
@@ -283,7 +313,9 @@ packageTargets.append(contentsOf: [
                         "AwsCIo",
                         "AwsCCommon",
                         "AwsCChecksums",
-                        "AwsCEventStream"],
+                        "AwsCEventStream",
+                        "AwsCMqtt",
+                        "LibNative"],
         path: "Source/AwsCommonRuntimeKit",
         resources: [
             .copy("PrivacyInfo.xcprivacy")
@@ -295,7 +327,8 @@ packageTargets.append(contentsOf: [
         path: "Test/AwsCommonRuntimeKitTests",
         resources: [
             .process("Resources")
-        ]
+        ],
+        swiftSettings: swiftTestSettings
     ),
     .executableTarget(
         name: "Elasticurl",

README.md

@@ -1,5 +1,5 @@
 # AwsCommonRuntimeKit
-The AWS CRT for Swift is currently in developer preview and is intended strictly for feedback purposes only. 
+The AWS CRT for Swift is currently in developer preview and is intended strictly for feedback purposes only.
 Do not use this for production workloads.
 
 ## Building
@@ -29,4 +29,4 @@ Required Reading:
 Useful Videos:
 - [Safely manage pointers in Swift](https://developer.apple.com/videos/play/wwdc2020/10167/)
 - [Unsafe Swift](https://developer.apple.com/videos/play/wwdc2020/10648)
-- [Swift and C Interoperability](https://youtu.be/0kim9mxBOA8)
+- [Swift and C Interoperability](https://youtu.be/0kim9mxBOA8)

Source/AwsCommonRuntimeKit/CommonRuntimeKit.swift

@@ -1,5 +1,7 @@
 import AwsCEventStream
 import AwsCAuth
+import AwsCMqtt
+import LibNative
 
 /**
  * Initializes the library.
@@ -12,6 +14,8 @@ public struct CommonRuntimeKit {
     public static func initialize() {
         aws_auth_library_init(allocator.rawValue)
         aws_event_stream_library_init(allocator.rawValue)
+        aws_mqtt_library_init(allocator.rawValue)
+        aws_register_error_info(&s_crt_swift_error_list)
     }
 
     /**
@@ -20,8 +24,11 @@ public struct CommonRuntimeKit {
      * Warning: It will hang if you are still holding references to any CRT objects such as HostResolver.
      */
     public static func cleanUp() {
-        aws_auth_library_clean_up()
+        aws_unregister_error_info(&s_crt_swift_error_list)
+        aws_mqtt_library_clean_up()
         aws_event_stream_library_clean_up()
+        aws_auth_library_clean_up()
+
     }
 
     private init() {}

Source/AwsCommonRuntimeKit/auth/credentials/CredentialsProvider.swift

@@ -10,6 +10,30 @@ public protocol CredentialsProviding {
     func getCredentials() async throws -> Credentials
 }
 
+/// A pair defining an identity provider and a valid login token sourced from it.
+public struct CognitoLoginPair: CStruct {
+    public var IdentityProviderName: String
+    public var IdentityProviderToken: String
+    
+    public init(identityProviderName: String,
+                identityProviderToken: String) {
+        self.IdentityProviderName = identityProviderName
+        self.IdentityProviderToken = identityProviderToken
+    }
+    
+    typealias RawType = aws_cognito_identity_provider_token_pair
+    func withCStruct<Result>(_ body: (aws_cognito_identity_provider_token_pair) -> Result) -> Result {
+        var token_pair = aws_cognito_identity_provider_token_pair()
+        
+        return withByteCursorFromStrings(IdentityProviderName,
+                                         IdentityProviderToken) { identityProviderNameCursor, IdentityProviderTokenCursor in
+            token_pair.identity_provider_name = identityProviderNameCursor
+            token_pair.identity_provider_token = IdentityProviderTokenCursor
+            return body(token_pair)
+        }
+    }
+}
+
 public class CredentialsProvider: CredentialsProviding {
 
     let rawValue: UnsafeMutablePointer<aws_credentials_provider>
@@ -294,6 +318,7 @@ extension CredentialsProvider.Source {
     /// - Throws: CommonRuntimeError.crtError
     public static func `defaultChain`(bootstrap: ClientBootstrap,
                                       fileBasedConfiguration: FileBasedConfiguration,
+                                      tlsContext: TLSContext? = nil,
                                       shutdownCallback: ShutdownCallback? = nil) -> Self {
         Self {
             let shutdownCallbackCore = ShutdownCallbackCore(shutdownCallback)
@@ -302,6 +327,7 @@ extension CredentialsProvider.Source {
             chainDefaultOptions.bootstrap = bootstrap.rawValue
             chainDefaultOptions.profile_collection_cached = fileBasedConfiguration.rawValue
             chainDefaultOptions.shutdown_options = shutdownCallbackCore.getRetainedCredentialProviderShutdownOptions()
+            chainDefaultOptions.tls_ctx = tlsContext?.rawValue
 
             guard let provider = aws_credentials_provider_new_chain_default(allocator.rawValue,
                                                                             &chainDefaultOptions)
@@ -567,6 +593,64 @@ extension CredentialsProvider.Source {
             return provider
         }
     }
+    
+    /// Credential Provider that sources credentials from Cognito Identity service
+    ///  - Parameters:
+    ///    - bootstrap: Connection bootstrap to use for any network connections made while sourcing credentials
+    ///    - tlsContext: TLS configuration for secure socket connections.
+    ///    - endpoint: Cognito service regional endpoint to source credentials from.
+    ///    - identity: Cognito identity to fetch credentials relative to.
+    ///    - logins: (Optional) set of identity provider token pairs to allow for authenticated identity access.
+    ///    - customRoleArn: (Optional) ARN of the role to be assumed when multiple roles were received in the token from the identity provider.
+    ///    - proxyOptions: (Optional) Http proxy configuration for the http request that fetches credentials
+    ///   - shutdownCallback:  (Optional) shutdown callback
+    /// - Returns: `CredentialsProvider`
+    /// - Throws: CommonRuntimeError.crtError
+    public static func `cognito`(bootstrap: ClientBootstrap,
+                                 tlsContext: TLSContext,
+                                 endpoint: String,
+                                 identity: String,
+                                 logins: [CognitoLoginPair] = [],
+                                 customRoleArn: String? = nil,
+                                 proxyOptions: HTTPProxyOptions? = nil,
+                                 shutdownCallback: ShutdownCallback? = nil) -> Self {
+        Self {
+            var cognitoOptions = aws_credentials_provider_cognito_options()
+            cognitoOptions.bootstrap = bootstrap.rawValue
+            cognitoOptions.tls_ctx = tlsContext.rawValue
+            let shutdownCallbackCore = ShutdownCallbackCore(shutdownCallback)
+            cognitoOptions.shutdown_options = shutdownCallbackCore.getRetainedCredentialProviderShutdownOptions()
+            
+            guard let provider: UnsafeMutablePointer<aws_credentials_provider> = (withByteCursorFromStrings(
+                endpoint,
+                identity) { endpointCursor, identityCursor in
+                    
+                    cognitoOptions.endpoint = endpointCursor
+                    cognitoOptions.identity = identityCursor
+                    
+                    return withOptionalCStructPointer(to: proxyOptions) { proxyOptionsPointer in
+                        cognitoOptions.http_proxy_options = proxyOptionsPointer
+                        
+                        return logins.withAWSArrayList { loginArrayPointer in
+                            cognitoOptions.logins = UnsafeMutablePointer<aws_cognito_identity_provider_token_pair>(loginArrayPointer)
+                            cognitoOptions.login_count = logins.count
+                            
+                            return withOptionalByteCursorPointerFromString(customRoleArn, { customRoleArnCursor in
+                                if let customRoleArnCursor {
+                                    cognitoOptions.custom_role_arn = UnsafeMutablePointer<aws_byte_cursor>(mutating: customRoleArnCursor)
+                                }
+                                return aws_credentials_provider_new_cognito_caching(allocator.rawValue, &cognitoOptions)
+                            })
+                        }
+                    }
+                })
+                else {
+                    shutdownCallbackCore.release()
+                    throw CommonRunTimeError.crtError(CRTError.makeFromLastError())
+                }
+            return provider
+        }
+    }
 }
 
 private func onGetCredentials(credentials: OpaquePointer?,