[Android] SSL certificate error when run the AWS gem sample levels (#2060)

[Android] Add AWS CA Cert handling to fix SSL errors.

Code/Tools/AWSNativeSDKInit/source/AWSNativeSDKInit.cpp

@@ -25,6 +25,8 @@ namespace AWSNativeSDKInit
 #if defined(PLATFORM_SUPPORTS_AWS_NATIVE_SDK)
         void CustomizeSDKOptions(Aws::SDKOptions& options);
         void CustomizeShutdown();
+
+        void CopyCaCertBundle();
 #endif
     }
 
@@ -44,6 +46,8 @@ namespace AWSNativeSDKInit
     void InitializationManager::InitAwsApi()
     {
         s_initManager = AZ::Environment::CreateVariable<InitializationManager>(initializationManagerTag);
+
+        Platform::CopyCaCertBundle();
     }
 
     void InitializationManager::Shutdown()

Code/Tools/AWSNativeSDKInit/source/Platform/Android/InitializeCerts_Android.cpp

@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) Contributors to the Open 3D Engine Project. For complete copyright and license terms please see the LICENSE at the root of this distribution.
+ * 
+ * SPDX-License-Identifier: Apache-2.0 OR MIT
+ *
+ */
+
+#include <AzCore/PlatformDef.h>
+// The AWS Native SDK AWSAllocator triggers a warning due to accessing members of std::allocator directly.
+// AWSAllocator.h(70): warning C4996: 'std::allocator<T>::pointer': warning STL4010: Various members of std::allocator are deprecated in
+// C++17. Use std::allocator_traits instead of accessing these members directly. You can define
+// _SILENCE_CXX17_OLD_ALLOCATOR_MEMBERS_DEPRECATION_WARNING or _SILENCE_ALL_CXX17_DEPRECATION_WARNINGS to acknowledge that you have received
+// this warning.
+AZ_PUSH_DISABLE_WARNING(4251 4996, "-Wunknown-warning-option")
+#include <aws/core/utils/memory/stl/AWSString.h>
+AZ_POP_DISABLE_WARNING
+#include <AzCore/Android/Utils.h>
+#include <AzCore/IO/FileIO.h>
+#include <AzCore/IO/SystemFile.h>
+#include <AzCore/std/containers/vector.h>
+
+namespace AWSNativeSDKInit
+{
+    namespace Platform
+    {
+        void CopyCaCertBundle()
+        {
+            AZStd::vector<char> contents;
+            AZStd::string certificatePath = "@assets@/certificates/aws/cacert.pem";
+            AZStd::string publicStoragePath = AZ::Android::Utils::GetAppPublicStoragePath();
+            publicStoragePath.append("/certificates/aws/cacert.pem");
+
+            AZ::IO::FileIOBase* fileBase = AZ::IO::FileIOBase::GetInstance();
+
+            if (!fileBase->Exists(certificatePath.c_str()))
+            {
+                AZ_Error("AWSNativeSDKInit", false, "Certificate File(%s) does not exist.\n", certificatePath.c_str());
+            }
+
+            AZ::IO::HandleType fileHandle;
+            AZ::IO::Result fileResult = fileBase->Open(certificatePath.c_str(), AZ::IO::OpenMode::ModeRead, fileHandle);
+
+            if (!fileResult)
+            {
+                AZ_Error("AWSNativeSDKInit", false, "Failed to open certificate file with result %i\n", fileResult.GetResultCode());
+            }
+
+            AZ::u64 fileSize = 0;
+            fileBase->Size(fileHandle, fileSize);
+
+            if (fileSize == 0)
+            {
+                AZ_Error("AWSNativeSDKInit", false, "Given empty file(%s) as the certificate bundle.\n", certificatePath.c_str());
+            }
+
+            contents.resize(fileSize + 1);
+            fileResult = fileBase->Read(fileHandle, contents.data(), fileSize);
+
+            if (!fileResult)
+            {
+                AZ_Error(
+                    "AWSNativeSDKInit", false, "Failed to read from the certificate bundle(%s) with result code(%i).\n", certificatePath.c_str(),
+                    fileResult.GetResultCode());
+            }
+
+            AZ_Printf("AWSNativeSDKInit", "Certificate bundle is read successfully from %s", certificatePath.c_str());
+
+            AZ::IO::HandleType outFileHandle;
+
+            AZ::IO::Result outFileResult = fileBase->Open(publicStoragePath.c_str(), AZ::IO::OpenMode::ModeWrite, outFileHandle);
+
+            if (!outFileResult)
+            {
+                AZ_Error("AWSNativeSDKInit", false, "Failed to open the certificate bundle with result %i\n", fileResult.GetResultCode());
+            }
+
+            AZ::IO::Result writeFileResult = fileBase->Write(outFileHandle, contents.data(), fileSize);
+            if (!writeFileResult)
+            {
+                AZ_Error("AWSNativeSDKInit", false, "Failed to write the certificate bundle with result %i\n", writeFileResult.GetResultCode());
+            }
+
+            fileBase->Close(fileHandle);
+            fileBase->Close(outFileHandle);
+
+            AZ_Printf("AWSNativeSDKInit", "Certificate bundle successfully copied to %s", publicStoragePath.c_str());
+        }
+    } // namespace Platform
+}

Code/Tools/AWSNativeSDKInit/source/Platform/Android/platform_android_files.cmake

@@ -7,4 +7,5 @@
 
 set(FILES
     ../Common/Default/AWSNativeSDKInit_Default.cpp
+    InitializeCerts_Android.cpp
 )

Code/Tools/AWSNativeSDKInit/source/Platform/Common/Default/InitializeCerts_Null.cpp

@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) Contributors to the Open 3D Engine Project. For complete copyright and license terms please see the LICENSE at the root of this distribution.
+ * 
+ * SPDX-License-Identifier: Apache-2.0 OR MIT
+ *
+ */
+
+namespace AWSNativeSDKInit
+{
+    namespace Platform
+    {
+        void CopyCaCertBundle()
+        {
+        }
+    } // namespace Platform
+} // namespace AWSCore

Code/Tools/AWSNativeSDKInit/source/Platform/Linux/platform_linux_files.cmake

@@ -7,4 +7,5 @@
 
 set(FILES
     ../Common/Default/AWSNativeSDKInit_Default.cpp
+    ../Common/Default/InitializeCerts_Null.cpp
 )

Code/Tools/AWSNativeSDKInit/source/Platform/Mac/platform_mac_files.cmake

@@ -7,4 +7,5 @@
 
 set(FILES
     ../Common/Default/AWSNativeSDKInit_Default.cpp
+    ../Common/Default/InitializeCerts_Null.cpp
 )

Code/Tools/AWSNativeSDKInit/source/Platform/Windows/platform_windows_files.cmake

@@ -7,4 +7,5 @@
 
 set(FILES
     ../Common/Default/AWSNativeSDKInit_Default.cpp
+    ../Common/Default/InitializeCerts_Null.cpp
 )

Code/Tools/AWSNativeSDKInit/source/Platform/iOS/platform_ios_files.cmake

@@ -7,4 +7,5 @@
 
 set(FILES
     ../Common/Default/AWSNativeSDKInit_Default.cpp
+    ../Common/Default/InitializeCerts_Null.cpp
 )

Gems/AWSClientAuth/Code/Source/AWSClientAuthSystemComponent.cpp

@@ -13,6 +13,7 @@
 #include <Authorization/AWSCognitoAuthorizationController.h>
 #include <AzCore/std/smart_ptr/make_shared.h>
 #include <ResourceMapping/AWSResourceMappingBus.h>
+#include <Framework/AWSApiJobConfig.h>
 
 #include <aws/cognito-identity/CognitoIdentityClient.h>
 #include <aws/cognito-idp/CognitoIdentityProviderClient.h>
@@ -163,7 +164,11 @@ namespace AWSClientAuth
 
     void AWSClientAuthSystemComponent::OnSDKInitialized()
     {
-        Aws::Client::ClientConfiguration clientConfiguration;
+        AWSCore::AwsApiJobConfig* defaultConfig;
+        AWSCore::AWSCoreRequestBus::BroadcastResult(defaultConfig, &AWSCore::AWSCoreRequests::GetDefaultConfig);
+        Aws::Client::ClientConfiguration clientConfiguration =
+            defaultConfig ? defaultConfig->GetClientConfiguration() : Aws::Client::ClientConfiguration();
+
         AZStd::string region;
         AWSCore::AWSResourceMappingRequestBus::BroadcastResult(region, &AWSCore::AWSResourceMappingRequests::GetDefaultRegion);
 

Gems/AWSClientAuth/Code/Tests/AWSClientAuthGemMock.h

@@ -113,6 +113,27 @@ namespace AWSClientAuthUnitTest
         MOCK_METHOD1(ReloadConfigFile, void(bool isReloadingConfigFileName));
     };
 
+    class AWSCoreRequestBusMock
+        : public AWSCore::AWSCoreRequestBus::Handler
+    {
+    public:
+        AWSCoreRequestBusMock()
+        {
+            AWSCore::AWSCoreRequestBus::Handler::BusConnect();
+
+            ON_CALL(*this, GetDefaultJobContext).WillByDefault(testing::Return(nullptr));
+            ON_CALL(*this, GetDefaultConfig).WillByDefault(testing::Return(nullptr));
+        }
+
+        ~AWSCoreRequestBusMock()
+        {
+            AWSCore::AWSCoreRequestBus::Handler::BusDisconnect();
+        }
+
+        MOCK_METHOD0(GetDefaultJobContext, AZ::JobContext*());
+        MOCK_METHOD0(GetDefaultConfig, AWSCore::AwsApiJobConfig*());
+    };
+
     class HttpRequestorRequestBusMock
         : public HttpRequestor::HttpRequestorRequestBus::Handler
     {

Gems/AWSClientAuth/Code/Tests/AWSClientAuthSystemComponentTest.cpp

@@ -161,6 +161,7 @@ public:
     testing::NiceMock<AWSClientAuthUnitTest::AWSClientAuthSystemComponentMock> *m_awsClientAuthSystemsComponent;
     testing::NiceMock<AWSClientAuthUnitTest::AWSCoreSystemComponentMock> *m_awsCoreSystemsComponent;
     testing::NiceMock<AWSClientAuthUnitTest::AWSResourceMappingRequestBusMock> m_awsResourceMappingRequestBusMock;
+    testing::NiceMock<AWSClientAuthUnitTest::AWSCoreRequestBusMock> m_awsCoreRequestBusMock;
     AZ::Entity* m_entity = nullptr;
 };
 
@@ -176,6 +177,7 @@ TEST_F(AWSClientAuthSystemComponentTest, ActivateDeactivate_Success)
     EXPECT_CALL(*m_awsCoreSystemsComponent, Init()).Times(1).InSequence(s1);
     EXPECT_CALL(*m_awsClientAuthSystemsComponent, Init()).Times(1).InSequence(s1);
     EXPECT_CALL(*m_awsCoreSystemsComponent, Activate()).Times(1).InSequence(s1);
+    EXPECT_CALL(m_awsCoreRequestBusMock, GetDefaultConfig()).Times(1).InSequence(s1);
     EXPECT_CALL(m_awsResourceMappingRequestBusMock, GetDefaultRegion()).Times(1).InSequence(s1);
     EXPECT_CALL(*m_awsClientAuthSystemsComponent, Activate()).Times(1).InSequence(s1);
 

Gems/AWSCore/Code/CMakeLists.txt

@@ -6,12 +6,14 @@
 #
 
 ly_get_list_relative_pal_filename(pal_editor_include_dir ${CMAKE_CURRENT_LIST_DIR}/Include/Private/Editor/Platform/${PAL_PLATFORM_NAME})
+ly_get_list_relative_pal_filename(pal_cafile_include_dir ${CMAKE_CURRENT_LIST_DIR}/Source/Framework/Platform/${PAL_PLATFORM_NAME})
 
 ly_add_target(
     NAME AWSCore.Static STATIC
     NAMESPACE Gem
     FILES_CMAKE
         awscore_files.cmake
+         ${pal_cafile_include_dir}/platform_${PAL_PLATFORM_NAME_LOWERCASE}_files.cmake
     INCLUDE_DIRECTORIES
         PUBLIC
             Include/Public

Gems/AWSCore/Code/Source/Framework/AWSApiJob.cpp

@@ -9,6 +9,10 @@
 
 namespace AWSCore
 {
+    namespace Platform
+    {
+        Aws::String GetCaCertBundlePath();
+    }
 
     const char* AwsApiJob::COMPONENT_DISPLAY_NAME = "AWSCoreFramework";
 
@@ -29,6 +33,14 @@ namespace AWSCore
                 config.userAgent = "/O3DE_AwsApiJob";
                 config.requestTimeoutMs = 30000;
                 config.connectTimeoutMs = 30000;
+
+                // Instructs the HTTP client where to find the SSL certificate trust store.
+                // It is required to copy the cacert.pem to the expected file path for running the Android client.
+                Aws::String caFilePath = Platform::GetCaCertBundlePath();
+                if (!caFilePath.empty())
+                {
+                    config.caFile = caFilePath;
+                }
             }
         );
     };

Gems/AWSCore/Code/Source/Framework/Platform/Android/GetCertsPath_Android.cpp

@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) Contributors to the Open 3D Engine Project. For complete copyright and license terms please see the LICENSE at the root of this distribution.
+ * 
+ * SPDX-License-Identifier: Apache-2.0 OR MIT
+ *
+ */
+
+#include <AzCore/PlatformDef.h>
+// The AWS Native SDK AWSAllocator triggers a warning due to accessing members of std::allocator directly.
+// AWSAllocator.h(70): warning C4996: 'std::allocator<T>::pointer': warning STL4010: Various members of std::allocator are deprecated in
+// C++17. Use std::allocator_traits instead of accessing these members directly. You can define
+// _SILENCE_CXX17_OLD_ALLOCATOR_MEMBERS_DEPRECATION_WARNING or _SILENCE_ALL_CXX17_DEPRECATION_WARNINGS to acknowledge that you have received
+// this warning.
+AZ_PUSH_DISABLE_WARNING(4251 4996, "-Wunknown-warning-option")
+#include <aws/core/utils/memory/stl/AWSString.h>
+AZ_POP_DISABLE_WARNING
+#include <AzCore/Android/Utils.h>
+#include <AzCore/std/string/string.h>
+
+namespace AWSCore
+{
+    namespace Platform
+    {
+        Aws::String GetCaCertBundlePath()
+        {
+            AZStd::string publicStoragePath = AZ::Android::Utils::GetAppPublicStoragePath();
+            publicStoragePath.append("/certificates/aws/cacert.pem");
+
+            return publicStoragePath.c_str();
+        }
+    } // namespace Platform
+}

Gems/AWSCore/Code/Source/Framework/Platform/Android/platform_android_files.cmake

@@ -0,0 +1,10 @@
+#
+# Copyright (c) Contributors to the Open 3D Engine Project. For complete copyright and license terms please see the LICENSE at the root of this distribution.
+# 
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+#
+#
+
+set(FILES
+    GetCertsPath_Android.cpp
+)

Gems/AWSCore/Code/Source/Framework/Platform/Common/GetCertsPath_Null.cpp

@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) Contributors to the Open 3D Engine Project. For complete copyright and license terms please see the LICENSE at the root of this distribution.
+ * 
+ * SPDX-License-Identifier: Apache-2.0 OR MIT
+ *
+ */
+
+#include <AzCore/PlatformDef.h>
+// The AWS Native SDK AWSAllocator triggers a warning due to accessing members of std::allocator directly.
+// AWSAllocator.h(70): warning C4996: 'std::allocator<T>::pointer': warning STL4010: Various members of std::allocator are deprecated in
+// C++17. Use std::allocator_traits instead of accessing these members directly. You can define
+// _SILENCE_CXX17_OLD_ALLOCATOR_MEMBERS_DEPRECATION_WARNING or _SILENCE_ALL_CXX17_DEPRECATION_WARNINGS to acknowledge that you have received
+// this warning.
+AZ_PUSH_DISABLE_WARNING(4251 4996, "-Wunknown-warning-option")
+#include <aws/core/utils/memory/stl/AWSString.h>
+AZ_POP_DISABLE_WARNING
+
+namespace AWSCore
+{
+    namespace Platform
+    {
+        Aws::String GetCaCertBundlePath()
+        {
+            return ""; // no-op
+        }
+    } // namespace Platform
+} // namespace GridMate

Gems/AWSCore/Code/Source/Framework/Platform/Linux/platform_linux_files.cmake

@@ -0,0 +1,10 @@
+#
+# Copyright (c) Contributors to the Open 3D Engine Project. For complete copyright and license terms please see the LICENSE at the root of this distribution.
+# 
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+#
+#
+
+set(FILES
+    ../Common/GetCertsPath_Null.cpp
+)

Gems/AWSCore/Code/Source/Framework/Platform/Mac/platform_mac_files.cmake

@@ -0,0 +1,10 @@
+#
+# Copyright (c) Contributors to the Open 3D Engine Project. For complete copyright and license terms please see the LICENSE at the root of this distribution.
+# 
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+#
+#
+
+set(FILES
+    ../Common/GetCertsPath_Null.cpp
+)

Gems/AWSCore/Code/Source/Framework/Platform/Windows/platform_windows_files.cmake

@@ -0,0 +1,10 @@
+#
+# Copyright (c) Contributors to the Open 3D Engine Project. For complete copyright and license terms please see the LICENSE at the root of this distribution.
+# 
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+#
+#
+
+set(FILES
+    ../Common/GetCertsPath_Null.cpp
+)

Gems/AWSCore/Code/Source/Framework/Platform/iOS/platform_ios_files.cmake

@@ -0,0 +1,10 @@
+#
+# Copyright (c) Contributors to the Open 3D Engine Project. For complete copyright and license terms please see the LICENSE at the root of this distribution.
+# 
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+#
+#
+
+set(FILES
+    ../Common/GetCertsPath_Null.cpp
+)