aws-crt - npm Package Compare versions

lib/browser/aws_iot.spec.ts

lib/native/aws_iot.spec.ts

16

dist.browser/browser/aws_iot.d.ts

		@@ -151,10 +151,20 @@ /**
		* username is set then no username will be passed with the MQTT connection.
		* @param authorizerName The name of the custom authorizer. If an empty string is passed, then
		* @param authorizer_name The name of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-name' will not be added with the MQTT connection.
		* @param authorizerSignature The signature of the custom authorizer. If an empty string is passed, then
		* @param authorizer_signature The signature of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-signature' will not be added with the MQTT connection.
		* The signature must be based on the private key associated with the custom authorizer.
		* The signature must be base64 encoded.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param password The password to use with the custom authorizer. If null is passed, then no password will
		* be set.
		* @param token_key_name Key used to extract the custom authorizer token from MQTT username query-string properties.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param token_value An opaque token value.
		* Required if the custom authorizer has signing enabled. This value must be signed by the private
		* key associated with the custom authorizer and the result placed in the authorizer_signature argument.
		*/
		with_custom_authorizer(username: string, authorizer_name: string, authorizer_signature: string, password: string): this;
		with_custom_authorizer(username: string, authorizer_name: string, authorizer_signature: string, password: string, token_key_name?: string, token_value?: string): this;
		/**
		@@ -161,0 +171,0 @@ * Sets username for the connection

18

dist.browser/browser/aws_iot.js

		@@ -286,11 +286,21 @@ "use strict";
		* username is set then no username will be passed with the MQTT connection.
		* @param authorizerName The name of the custom authorizer. If an empty string is passed, then
		* @param authorizer_name The name of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-name' will not be added with the MQTT connection.
		* @param authorizerSignature The signature of the custom authorizer. If an empty string is passed, then
		* @param authorizer_signature The signature of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-signature' will not be added with the MQTT connection.
		* The signature must be based on the private key associated with the custom authorizer.
		* The signature must be base64 encoded.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param password The password to use with the custom authorizer. If null is passed, then no password will
		* be set.
		* @param token_key_name Key used to extract the custom authorizer token from MQTT username query-string properties.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param token_value An opaque token value.
		* Required if the custom authorizer has signing enabled. This value must be signed by the private
		* key associated with the custom authorizer and the result placed in the authorizer_signature argument.
		*/
		AwsIotMqttConnectionConfigBuilder.prototype.with_custom_authorizer = function (username, authorizer_name, authorizer_signature, password) {
		var username_string = iot_shared.populate_username_string_with_custom_authorizer("", username, authorizer_name, authorizer_signature, this.params.username);
		AwsIotMqttConnectionConfigBuilder.prototype.with_custom_authorizer = function (username, authorizer_name, authorizer_signature, password, token_key_name, token_value) {
		var username_string = iot_shared.populate_username_string_with_custom_authorizer("", username, authorizer_name, authorizer_signature, this.params.username, token_key_name, token_value);
		this.params.username = username_string;
		@@ -297,0 +307,0 @@ this.params.password = password;

4

dist.browser/common/aws_iot_shared.d.ts

		@@ -21,2 +21,4 @@ import * as mqtt5_packet from "./mqtt5_packet";
		* @param input_builder_username the username from the MQTT builder
		* @param input_token_key_name the token key name
		* @param input_token_value the token key value
		* @returns The finished username with the additions added to it
		@@ -26,3 +28,3 @@ *
		*/
		export declare function populate_username_string_with_custom_authorizer(current_username?: string, input_username?: string, input_authorizer?: string, input_signature?: string, input_builder_username?: string): string;
		export declare function populate_username_string_with_custom_authorizer(current_username?: string, input_username?: string, input_authorizer?: string, input_signature?: string, input_builder_username?: string, input_token_key_name?: string, input_token_value?: string): string;
		/**
		@@ -29,0 +31,0 @@ * Configuration options specific to

15

dist.browser/common/aws_iot_shared.js

		@@ -76,2 +76,4 @@ "use strict";
		* @param input_builder_username the username from the MQTT builder
		* @param input_token_key_name the token key name
		* @param input_token_value the token key value
		* @returns The finished username with the additions added to it
		@@ -81,3 +83,3 @@ *
		*/
		function populate_username_string_with_custom_authorizer(current_username, input_username, input_authorizer, input_signature, input_builder_username) {
		function populate_username_string_with_custom_authorizer(current_username, input_username, input_authorizer, input_signature, input_builder_username, input_token_key_name, input_token_value) {
		var username_string = "";
		@@ -100,3 +102,14 @@ if (current_username) {
		username_string = add_to_username_parameter(username_string, input_signature, "x-amz-customauthorizer-signature=");
		if ((is_string_and_not_empty(input_token_key_name) && input_token_key_name) \|\| (is_string_and_not_empty(input_token_value) && input_token_value)) {
		console.log("Warning: Signed custom authorizers with signature will not work without a token key name and " +
		"token value. Your connection may be rejected/stalled on the IoT Core side due to this. Please " +
		"set the token key name and token value to connect to a signed custom authorizer.");
		}
		}
		if (is_string_and_not_empty(input_signature) \|\| is_string_and_not_empty(input_token_value) \|\| is_string_and_not_empty(input_token_key_name)) {
		if (!input_token_value \|\| !input_token_key_name) {
		throw new Error("Token-based custom authentication requires all token-related properties to be set");
		}
		username_string = add_to_username_parameter(username_string, input_token_value, input_token_key_name + "=");
		}
		return username_string;
		@@ -103,0 +116,0 @@ }

4

dist/common/aws_iot_shared.d.ts

		@@ -21,2 +21,4 @@ import * as mqtt5_packet from "./mqtt5_packet";
		* @param input_builder_username the username from the MQTT builder
		* @param input_token_key_name the token key name
		* @param input_token_value the token key value
		* @returns The finished username with the additions added to it
		@@ -26,3 +28,3 @@ *
		*/
		export declare function populate_username_string_with_custom_authorizer(current_username?: string, input_username?: string, input_authorizer?: string, input_signature?: string, input_builder_username?: string): string;
		export declare function populate_username_string_with_custom_authorizer(current_username?: string, input_username?: string, input_authorizer?: string, input_signature?: string, input_builder_username?: string, input_token_key_name?: string, input_token_value?: string): string;
		/**
		@@ -29,0 +31,0 @@ * Configuration options specific to

15

dist/common/aws_iot_shared.js

		@@ -76,2 +76,4 @@ "use strict";
		* @param input_builder_username the username from the MQTT builder
		* @param input_token_key_name the token key name
		* @param input_token_value the token key value
		* @returns The finished username with the additions added to it
		@@ -81,3 +83,3 @@ *
		*/
		function populate_username_string_with_custom_authorizer(current_username, input_username, input_authorizer, input_signature, input_builder_username) {
		function populate_username_string_with_custom_authorizer(current_username, input_username, input_authorizer, input_signature, input_builder_username, input_token_key_name, input_token_value) {
		let username_string = "";
		@@ -100,3 +102,14 @@ if (current_username) {
		username_string = add_to_username_parameter(username_string, input_signature, "x-amz-customauthorizer-signature=");
		if ((is_string_and_not_empty(input_token_key_name) && input_token_key_name) \|\| (is_string_and_not_empty(input_token_value) && input_token_value)) {
		console.log("Warning: Signed custom authorizers with signature will not work without a token key name and " +
		"token value. Your connection may be rejected/stalled on the IoT Core side due to this. Please " +
		"set the token key name and token value to connect to a signed custom authorizer.");
		}
		}
		if (is_string_and_not_empty(input_signature) \|\| is_string_and_not_empty(input_token_value) \|\| is_string_and_not_empty(input_token_key_name)) {
		if (!input_token_value \|\| !input_token_key_name) {
		throw new Error("Token-based custom authentication requires all token-related properties to be set");
		}
		username_string = add_to_username_parameter(username_string, input_token_value, input_token_key_name + "=");
		}
		return username_string;
		@@ -103,0 +116,0 @@ }

10

dist/native/aws_iot_mqtt5.d.ts

		@@ -81,2 +81,12 @@ /**
		* Create a new MQTT5 client builder that will create MQTT5 clients that connect to AWS IoT Core via mutual TLS
		* using a PKCS12 file.
		*
		* Note: This configuration only works on MacOS devices.
		*
		* @param hostName - AWS IoT endpoint to connect to
		* @param pkcs12_options - The PKCS#12 options to use in the builder.
		*/
		static newDirectMqttBuilderWithMtlsFromPkcs12(hostName: string, pkcs12_options: io.Pkcs12Options): AwsIotMqtt5ClientConfigBuilder;
		/**
		* Create a new MQTT5 client builder that will create MQTT5 clients that connect to AWS IoT Core via mutual TLS
		* using a certificate entry in a Windows certificate store.
		@@ -83,0 +93,0 @@ *

16

dist/native/aws_iot_mqtt5.js

		@@ -126,2 +126,18 @@ "use strict";
		* Create a new MQTT5 client builder that will create MQTT5 clients that connect to AWS IoT Core via mutual TLS
		* using a PKCS12 file.
		*
		* Note: This configuration only works on MacOS devices.
		*
		* @param hostName - AWS IoT endpoint to connect to
		* @param pkcs12_options - The PKCS#12 options to use in the builder.
		*/
		static newDirectMqttBuilderWithMtlsFromPkcs12(hostName, pkcs12_options) {
		let builder = new AwsIotMqtt5ClientConfigBuilder(hostName, AwsIotMqtt5ClientConfigBuilder.DEFAULT_DIRECT_MQTT_PORT, io.TlsContextOptions.create_client_with_mtls_pkcs12_from_path(pkcs12_options.pkcs12_file, pkcs12_options.pkcs12_password));
		if (io.is_alpn_available()) {
		builder.tlsContextOptions.alpn_list.unshift('x-amzn-mqtt-ca');
		}
		return builder;
		}
		/**
		* Create a new MQTT5 client builder that will create MQTT5 clients that connect to AWS IoT Core via mutual TLS
		* using a certificate entry in a Windows certificate store.
		@@ -128,0 +144,0 @@ *

24

dist/native/aws_iot.d.ts

		@@ -60,2 +60,10 @@ /**
		/**
		* Create a new builder with mTLS using a PKCS#12 file for private key operations.
		*
		* Note: This configuration only works on MacOS devices.
		*
		* @param pkcs12_options - The PKCS#12 options to use in the builder.
		*/
		static new_mtls_pkcs12_builder(pkcs12_options: io.Pkcs12Options): AwsIotMqttConnectionConfigBuilder;
		/**
		* Create a new builder with mTLS using a certificate in a Windows certificate store.
		@@ -167,10 +175,20 @@ *
		* username is set then no username will be passed with the MQTT connection.
		* @param authorizerName The name of the custom authorizer. If an empty string is passed, then
		* @param authorizer_name The name of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-name' will not be added with the MQTT connection.
		* @param authorizerSignature The signature of the custom authorizer. If an empty string is passed, then
		* @param authorizer_signature The signature of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-signature' will not be added with the MQTT connection.
		* The signature must be based on the private key associated with the custom authorizer.
		* The signature must be base64 encoded.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param password The password to use with the custom authorizer. If null is passed, then no password will
		* be set.
		* @param token_key_name Key used to extract the custom authorizer token from MQTT username query-string properties.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param token_value An opaque token value.
		* Required if the custom authorizer has signing enabled. This value must be signed by the private
		* key associated with the custom authorizer and the result placed in the token_signature argument.
		*/
		with_custom_authorizer(username: string, authorizer_name: string, authorizer_signature: string, password: string): this;
		with_custom_authorizer(username: string, authorizer_name: string, authorizer_signature: string, password: string, token_key_name?: string, token_value?: string): this;
		/**
		@@ -177,0 +195,0 @@ * Sets username for the connection

33

dist/native/aws_iot.js

		@@ -114,2 +114,17 @@ "use strict";
		/**
		* Create a new builder with mTLS using a PKCS#12 file for private key operations.
		*
		* Note: This configuration only works on MacOS devices.
		*
		* @param pkcs12_options - The PKCS#12 options to use in the builder.
		*/
		static new_mtls_pkcs12_builder(pkcs12_options) {
		let builder = new AwsIotMqttConnectionConfigBuilder(io_1.TlsContextOptions.create_client_with_mtls_pkcs12_from_path(pkcs12_options.pkcs12_file, pkcs12_options.pkcs12_password));
		builder.params.port = 8883;
		if (io.is_alpn_available()) {
		builder.tls_ctx_options.alpn_list.unshift('x-amzn-mqtt-ca');
		}
		return builder;
		}
		/**
		* Create a new builder with mTLS using a certificate in a Windows certificate store.
		@@ -326,12 +341,22 @@ *
		* username is set then no username will be passed with the MQTT connection.
		* @param authorizerName The name of the custom authorizer. If an empty string is passed, then
		* @param authorizer_name The name of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-name' will not be added with the MQTT connection.
		* @param authorizerSignature The signature of the custom authorizer. If an empty string is passed, then
		* @param authorizer_signature The signature of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-signature' will not be added with the MQTT connection.
		* The signature must be based on the private key associated with the custom authorizer.
		* The signature must be base64 encoded.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param password The password to use with the custom authorizer. If null is passed, then no password will
		* be set.
		* @param token_key_name Key used to extract the custom authorizer token from MQTT username query-string properties.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param token_value An opaque token value.
		* Required if the custom authorizer has signing enabled. This value must be signed by the private
		* key associated with the custom authorizer and the result placed in the token_signature argument.
		*/
		with_custom_authorizer(username, authorizer_name, authorizer_signature, password) {
		with_custom_authorizer(username, authorizer_name, authorizer_signature, password, token_key_name, token_value) {
		this.is_using_custom_authorizer = true;
		let username_string = iot_shared.populate_username_string_with_custom_authorizer("", username, authorizer_name, authorizer_signature, this.params.username);
		let username_string = iot_shared.populate_username_string_with_custom_authorizer("", username, authorizer_name, authorizer_signature, this.params.username, token_key_name, token_value);
		this.params.username = username_string;
		@@ -338,0 +363,0 @@ this.params.password = password;

14

dist/native/io.d.ts

		@@ -98,2 +98,16 @@ /// <reference types="node" />
		/**
		* Interface used to hold the options for creating a PKCS#12 connection in the builder.
		*
		* Note: Only supported on MacOS devices.
		*
		* NodeJS only
		* @category TLS
		*/
		export interface Pkcs12Options {
		/** Path to the PKCS#12 file */
		pkcs12_file: string;
		/** The password for the PKCS#12 file */
		pkcs12_password: string;
		}
		/**
		* Options for creating a {@link ClientTlsContext} or {@link ServerTlsContext}.
		@@ -100,0 +114,0 @@ *

18

lib/browser/aws_iot.ts

		@@ -250,12 +250,22 @@ /*
		* username is set then no username will be passed with the MQTT connection.
		* @param authorizerName The name of the custom authorizer. If an empty string is passed, then
		* @param authorizer_name The name of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-name' will not be added with the MQTT connection.
		* @param authorizerSignature The signature of the custom authorizer. If an empty string is passed, then
		* @param authorizer_signature The signature of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-signature' will not be added with the MQTT connection.
		* The signature must be based on the private key associated with the custom authorizer.
		* The signature must be base64 encoded.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param password The password to use with the custom authorizer. If null is passed, then no password will
		* be set.
		* @param token_key_name Key used to extract the custom authorizer token from MQTT username query-string properties.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param token_value An opaque token value.
		* Required if the custom authorizer has signing enabled. This value must be signed by the private
		* key associated with the custom authorizer and the result placed in the authorizer_signature argument.
		*/
		with_custom_authorizer(username : string, authorizer_name : string, authorizer_signature : string, password : string) {
		with_custom_authorizer(username : string, authorizer_name : string, authorizer_signature : string, password : string, token_key_name? : string, token_value? : string) {
		let username_string = iot_shared.populate_username_string_with_custom_authorizer(
		"", username, authorizer_name, authorizer_signature, this.params.username);
		"", username, authorizer_name, authorizer_signature, this.params.username, token_key_name, token_value);
		this.params.username = username_string;
		@@ -262,0 +272,0 @@ this.params.password = password;

20

lib/common/aws_iot_shared.ts

		@@ -55,2 +55,4 @@ /*
		* @param input_builder_username the username from the MQTT builder
		* @param input_token_key_name the token key name
		* @param input_token_value the token key value
		* @returns The finished username with the additions added to it
		@@ -62,3 +64,4 @@ *
		current_username? : string, input_username? : string, input_authorizer? : string,
		input_signature? : string, input_builder_username? : string) {
		input_signature? : string, input_builder_username? : string,
		input_token_key_name? : string, input_token_value? : string) {

		@@ -84,4 +87,17 @@ let username_string = "";
		username_string = add_to_username_parameter(username_string, input_signature, "x-amz-customauthorizer-signature=");
		if ((is_string_and_not_empty(input_token_key_name) && input_token_key_name) \|\| (is_string_and_not_empty(input_token_value) && input_token_value))
		{
		console.log("Warning: Signed custom authorizers with signature will not work without a token key name and " +
		"token value. Your connection may be rejected/stalled on the IoT Core side due to this. Please " +
		"set the token key name and token value to connect to a signed custom authorizer.");
		}
		}

		if (is_string_and_not_empty(input_signature) \|\| is_string_and_not_empty(input_token_value) \|\| is_string_and_not_empty(input_token_key_name)) {
		if (!input_token_value \|\| !input_token_key_name) {
		throw new Error("Token-based custom authentication requires all token-related properties to be set");
		}
		username_string = add_to_username_parameter(username_string, input_token_value, input_token_key_name + "=");
		}

		return username_string;
		@@ -225,2 +241,2 @@ }
		throw new Error("AWS region could not be extracted from endpoint. Use 'region' property on WebsocketConfig to set manually.");
		}
		}

28

lib/native/aws_iot_mqtt5.spec.ts

		@@ -39,3 +39,3 @@ /*

		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasIotCoreEnvironment())('Aws Iot Core Direct Mqtt Non-Signing Custom Auth - Connection Success', async () => {
		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasCustomAuthEnvironment())('Aws Iot Core Direct Mqtt Non-Signing Custom Auth - Connection Success', async () => {
		let customAuthConfig : iot.MqttConnectCustomAuthConfig = {
		@@ -55,3 +55,3 @@ authorizerName: test_utils.ClientEnvironmentalConfig.AWS_IOT_NO_SIGNING_AUTHORIZER_NAME,

		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasIotCoreEnvironment())('Aws Iot Core Direct Mqtt Signing Custom Auth - Connection Success', async () => {
		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasCustomAuthEnvironment())('Aws Iot Core Direct Mqtt Signing Custom Auth - Connection Success', async () => {
		let customAuthConfig : iot.MqttConnectCustomAuthConfig = {
		@@ -92,3 +92,3 @@ authorizerName: test_utils.ClientEnvironmentalConfig.AWS_IOT_SIGNING_AUTHORIZER_NAME,

		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasIotCoreEnvironment())('Aws Iot Core Direct Mqtt Non-Signing Custom Auth - Connection Failure Bad Password', async () => {
		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasCustomAuthEnvironment())('Aws Iot Core Direct Mqtt Non-Signing Custom Auth - Connection Failure Bad Password', async () => {
		let customAuthConfig : iot.MqttConnectCustomAuthConfig = {
		@@ -108,3 +108,3 @@ authorizerName: test_utils.ClientEnvironmentalConfig.AWS_IOT_NO_SIGNING_AUTHORIZER_NAME,

		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasIotCoreEnvironment())('Aws Iot Core Direct Mqtt Signing Custom Auth - Connection Failure Bad Password', async () => {
		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasCustomAuthEnvironment())('Aws Iot Core Direct Mqtt Signing Custom Auth - Connection Failure Bad Password', async () => {
		let customAuthConfig : iot.MqttConnectCustomAuthConfig = {
		@@ -127,3 +127,3 @@ authorizerName: test_utils.ClientEnvironmentalConfig.AWS_IOT_SIGNING_AUTHORIZER_NAME,

		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasIotCoreEnvironment())('Aws Iot Core Direct Mqtt Signing Custom Auth - Connection Failure Bad Token Value', async () => {
		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasCustomAuthEnvironment())('Aws Iot Core Direct Mqtt Signing Custom Auth - Connection Failure Bad Token Value', async () => {
		let customAuthConfig : iot.MqttConnectCustomAuthConfig = {
		@@ -146,3 +146,3 @@ authorizerName: test_utils.ClientEnvironmentalConfig.AWS_IOT_SIGNING_AUTHORIZER_NAME,

		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasIotCoreEnvironment())('Aws Iot Core Direct Mqtt Signing Custom Auth - Connection Failure Bad Token Signature', async () => {
		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasCustomAuthEnvironment())('Aws Iot Core Direct Mqtt Signing Custom Auth - Connection Failure Bad Token Signature', async () => {
		let customAuthConfig : iot.MqttConnectCustomAuthConfig = {
		@@ -165,3 +165,3 @@ authorizerName: test_utils.ClientEnvironmentalConfig.AWS_IOT_SIGNING_AUTHORIZER_NAME,

		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasIotCoreEnvironment())('Aws Iot Core Websocket Mqtt Non-Signing Custom Auth - Connection Success', async () => {
		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasCustomAuthEnvironment())('Aws Iot Core Websocket Mqtt Non-Signing Custom Auth - Connection Success', async () => {
		let customAuthConfig : iot.MqttConnectCustomAuthConfig = {
		@@ -181,3 +181,3 @@ authorizerName: test_utils.ClientEnvironmentalConfig.AWS_IOT_NO_SIGNING_AUTHORIZER_NAME,

		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasIotCoreEnvironment())('Aws Iot Core Websocket Mqtt Signing Custom Auth - Connection Success', async () => {
		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasCustomAuthEnvironment())('Aws Iot Core Websocket Mqtt Signing Custom Auth - Connection Success', async () => {
		let customAuthConfig : iot.MqttConnectCustomAuthConfig = {
		@@ -199,1 +199,13 @@ authorizerName: test_utils.ClientEnvironmentalConfig.AWS_IOT_SIGNING_AUTHORIZER_NAME,
		});

		test_utils.conditional_test(test_utils.ClientEnvironmentalConfig.hasPKCS12Environment())('Aws Iot Core PKCS12 - Connection Success', async () => {
		let builder = iot.AwsIotMqtt5ClientConfigBuilder.newDirectMqttBuilderWithMtlsFromPkcs12(
		test_utils.ClientEnvironmentalConfig.AWS_IOT_HOST,
		{
		pkcs12_file : test_utils.ClientEnvironmentalConfig.AWS_TEST_MQTT311_IOT_CORE_PKCS12_KEY,
		pkcs12_password : test_utils.ClientEnvironmentalConfig.AWS_TEST_MQTT311_IOT_CORE_PKCS12_KEY_PASSWORD
		}
		);
		await test_utils.testConnect(new mqtt5.Mqtt5Client(builder.build()));
		});

22

lib/native/aws_iot_mqtt5.ts

		@@ -145,2 +145,24 @@ /*
		* Create a new MQTT5 client builder that will create MQTT5 clients that connect to AWS IoT Core via mutual TLS
		* using a PKCS12 file.
		*
		* Note: This configuration only works on MacOS devices.
		*
		* @param hostName - AWS IoT endpoint to connect to
		* @param pkcs12_options - The PKCS#12 options to use in the builder.
		*/
		static newDirectMqttBuilderWithMtlsFromPkcs12(hostName : string, pkcs12_options: io.Pkcs12Options) : AwsIotMqtt5ClientConfigBuilder {
		let builder = new AwsIotMqtt5ClientConfigBuilder(
		hostName,
		AwsIotMqtt5ClientConfigBuilder.DEFAULT_DIRECT_MQTT_PORT,
		io.TlsContextOptions.create_client_with_mtls_pkcs12_from_path(pkcs12_options.pkcs12_file, pkcs12_options.pkcs12_password));

		if (io.is_alpn_available()) {
		builder.tlsContextOptions.alpn_list.unshift('x-amzn-mqtt-ca');
		}

		return builder;
		}

		/**
		* Create a new MQTT5 client builder that will create MQTT5 clients that connect to AWS IoT Core via mutual TLS
		* using a certificate entry in a Windows certificate store.
		@@ -147,0 +169,0 @@ *

37

lib/native/aws_iot.ts

		@@ -131,2 +131,21 @@ /*
		/**
		* Create a new builder with mTLS using a PKCS#12 file for private key operations.
		*
		* Note: This configuration only works on MacOS devices.
		*
		* @param pkcs12_options - The PKCS#12 options to use in the builder.
		*/
		static new_mtls_pkcs12_builder(pkcs12_options: io.Pkcs12Options) {
		let builder = new AwsIotMqttConnectionConfigBuilder(TlsContextOptions.create_client_with_mtls_pkcs12_from_path(
		pkcs12_options.pkcs12_file, pkcs12_options.pkcs12_password));
		builder.params.port = 8883;

		if (io.is_alpn_available()) {
		builder.tls_ctx_options.alpn_list.unshift('x-amzn-mqtt-ca');
		}

		return builder;
		}

		/**
		* Create a new builder with mTLS using a certificate in a Windows certificate store.
		@@ -372,13 +391,23 @@ *
		* username is set then no username will be passed with the MQTT connection.
		* @param authorizerName The name of the custom authorizer. If an empty string is passed, then
		* @param authorizer_name The name of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-name' will not be added with the MQTT connection.
		* @param authorizerSignature The signature of the custom authorizer. If an empty string is passed, then
		* @param authorizer_signature The signature of the custom authorizer. If an empty string is passed, then
		* 'x-amz-customauthorizer-signature' will not be added with the MQTT connection.
		* The signature must be based on the private key associated with the custom authorizer.
		* The signature must be base64 encoded.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param password The password to use with the custom authorizer. If null is passed, then no password will
		* be set.
		* @param token_key_name Key used to extract the custom authorizer token from MQTT username query-string properties.
		* Required if the custom authorizer has signing enabled. It is strongly suggested to URL-encode
		* this value; the SDK will not do so for you.
		* @param token_value An opaque token value.
		* Required if the custom authorizer has signing enabled. This value must be signed by the private
		* key associated with the custom authorizer and the result placed in the token_signature argument.
		*/
		with_custom_authorizer(username : string, authorizer_name : string, authorizer_signature : string, password : string) {
		with_custom_authorizer(username : string, authorizer_name : string, authorizer_signature : string, password : string, token_key_name? : string, token_value? : string) {
		this.is_using_custom_authorizer = true;
		let username_string = iot_shared.populate_username_string_with_custom_authorizer(
		"", username, authorizer_name, authorizer_signature, this.params.username);
		"", username, authorizer_name, authorizer_signature, this.params.username, token_key_name, token_value);
		this.params.username = username_string;
		@@ -385,0 +414,0 @@ this.params.password = password;

16

lib/native/io.ts

		@@ -164,2 +164,18 @@ /*
		/**
		* Interface used to hold the options for creating a PKCS#12 connection in the builder.
		*
		* Note: Only supported on MacOS devices.
		*
		* NodeJS only
		* @category TLS
		*/
		export interface Pkcs12Options {
		/** Path to the PKCS#12 file */
		pkcs12_file: string;

		/** The password for the PKCS#12 file */
		pkcs12_password : string;
		}

		/**
		* Options for creating a {@link ClientTlsContext} or {@link ServerTlsContext}.
		@@ -166,0 +182,0 @@ *

40

MQTT5-UserGuide.md

		@@ -23,2 +23,4 @@ # MQTT 5
		* [Direct MQTT with Custom Authentication](#direct-mqtt-with-custom-authentication)
		* [Direct MQTT with PKCS11](#direct-mqtt-with-pkcs11-method)
		* [Direct MQTT with PKCS12](#direct-mqtt-with-pkcs12-method)
		* [HTTP Proxy](#http-proxy)
		@@ -271,2 +273,40 @@ * [Browser](#browser)

		#### Direct MQTT with PKCS11 Method

		A MQTT5 direct connection can be made using a PKCS11 device rather than using a PEM encoded private key, the private key for mutual TLS is stored on a PKCS#11 compatible smart card or Hardware Security Module (HSM). To create a MQTT5 builder configured for this connection, see the following code:

		```typescript
		let pkcs11Options : Pkcs11Options = {
		pkcs11_lib: "<path to PKCS11 library>",
		user_pin: "<Optional pin for PKCS11 device>",
		slot_id: "<Optional slot ID containing PKCS11 token>",
		token_label: "<Optional label of the PKCS11 token>",
		private_key_object_label: "<Optional label of the private key object on the PKCS#11 token>",
		cert_file_path: "<Path to certificate file. Not necessary if cert_file_contents is used>",
		cert_file_contents: "<Contents of certificate file. Not necessary if cert_file_path is used>"
		};
		let builder = AwsIotMqtt5ClientConfigBuilder.newDirectMqttBuilderWithMtlsFromPkcs11(
		"<account-specific endpoint>",
		pkcs11Options
		);
		let client : Mqtt5Client = new mqtt5.Mqtt5Client(builder.build());
		```

		Note: Currently, TLS integration with PKCS#11 is only available on Unix devices.

		#### Direct MQTT with PKCS12 Method

		A MQTT5 direct connection can be made using a PKCS12 file rather than using a PEM encoded private key. To create a MQTT5 builder configured for this connection, see the following code:

		```typescript
		let builder = AwsIotMqtt5ClientConfigBuilder.newDirectMqttBuilderWithMtlsFromPkcs12(
		"<account-specific endpoint>",
		"<PKCS12 file>",
		"<PKCS12 password>"
		);
		let client : Mqtt5Client = new mqtt5.Mqtt5Client(builder.build());
		```

		Note: Currently, TLS integration with PKCS#12 is only available on MacOS devices.

		#### HTTP Proxy
		@@ -273,0 +313,0 @@ No matter what your connection transport or authentication method is, you may connect through an HTTP proxy

2

package.json

		{
		"name": "aws-crt",
		"version": "1.15.15",
		"version": "1.15.16",
		"description": "NodeJS/browser bindings to the aws-c-* libraries",
		@@ -5,0 +5,0 @@ "homepage": "https://github.com/awslabs/aws-crt-nodejs",

dist.browser/browser/aws_iot.js.map