1

I'm adding AWS connectivity to an existing Java application using the AWS IoT SDK for Java v2 (common-runtime-based), and I want to use a certificate and private key in my existing keystore to establish the connection to MQTT.

There's an API and fairly straightforward instructions for doing this for the old v1 (Paho-based) library: https://github.com/aws/aws-iot-device-sdk-java#load-keystore-from-file-to-initialize-the-client, but I'd like to follow recommendations and use the newer/better-supported v2 library if possible. It looks like the v2 library does not have a straightforward API for interacting with Java keystores -- the closest thing is the newMtlsBuilder function which takes PEM-format strings.

Is the best answer here that I have to load the certificates using the Java keystore APIs and then translate them to PEM myself, with something like this Write x509 certificate into PEM formatted string in java?? Or else use the v1 SDK even though it's deprecated? Or am I missing something in the v2 SDK?

More broadly, could anyone recommend a good Java-oriented write-up of CRT concepts and usage anywhere? Or maybe a guide for how to migrate from v1 to v2 of the SDK? The github docs for the C libraries are somewhat useful (e.g. https://github.com/awslabs/aws-c-io) but I'm not very familiar with C and it's a little tricky to figure out how the C concepts/methods/structs will map to the Java bindings.

zoesnape
  • 56
  • 1
  • 5
  • Did you manage anywhere to find a solution for this? – SadClown Jan 27 '22 at 20:20
  • Yeah, my research did not turn up any Java-oriented write-up of CRT concepts unfortunately. I did end up getting something working, which I shared on this github issue on the project: https://github.com/aws/aws-iot-device-sdk-java-v2/issues/180, but for the project we ended up pivoting to use the v1 library instead for it's more robust Java feature set – zoesnape Feb 04 '22 at 04:33
  • I will check that topic on GH. Thanks :) – SadClown Feb 04 '22 at 15:33

0 Answers0