From b342ded7e8f0fd4208fb5a2fe081edeb3529d806 Mon Sep 17 00:00:00 2001
From: Michael Dombrowski <mdombro@amazon.com>
Date: Mon, 7 Jun 2021 10:46:56 -0700
Subject: [PATCH] fix(mqtt): mqtt over proxy no longer requires websockets

---
 .../easysetup/DeviceProvisioningHelper.java   |  4 --
 .../mqttclient/AwsIotMqttClient.java          |  7 ---
 .../aws/greengrass/mqttclient/MqttClient.java | 47 +++----------------
 3 files changed, 7 insertions(+), 51 deletions(-)

diff --git a/src/main/java/com/aws/greengrass/easysetup/DeviceProvisioningHelper.java b/src/main/java/com/aws/greengrass/easysetup/DeviceProvisioningHelper.java
index ad4703a52f..2d03d585e1 100644
--- a/src/main/java/com/aws/greengrass/easysetup/DeviceProvisioningHelper.java
+++ b/src/main/java/com/aws/greengrass/easysetup/DeviceProvisioningHelper.java
@@ -102,10 +102,6 @@ public class DeviceProvisioningHelper {
                     + "                \"logs:CreateLogStream\",\n"
                     + "                \"logs:PutLogEvents\",\n"
                     + "                \"logs:DescribeLogStreams\",\n"
-                    + "                \"iot:Connect\",\n"
-                    + "                \"iot:Publish\",\n"
-                    + "                \"iot:Subscribe\",\n"
-                    + "                \"iot:Receive\",\n"
                     + "                \"s3:GetBucketLocation\"\n"
                     + "            ],\n"
                     + "            \"Resource\": \"*\"\n"
diff --git a/src/main/java/com/aws/greengrass/mqttclient/AwsIotMqttClient.java b/src/main/java/com/aws/greengrass/mqttclient/AwsIotMqttClient.java
index 0f03602200..ad14364df9 100644
--- a/src/main/java/com/aws/greengrass/mqttclient/AwsIotMqttClient.java
+++ b/src/main/java/com/aws/greengrass/mqttclient/AwsIotMqttClient.java
@@ -9,7 +9,6 @@
 import com.aws.greengrass.logging.api.Logger;
 import com.aws.greengrass.logging.impl.LogManager;
 import com.aws.greengrass.util.Coerce;
-import com.aws.greengrass.util.ProxyUtils;
 import lombok.AccessLevel;
 import lombok.Getter;
 import lombok.Setter;
@@ -248,12 +247,6 @@ private CompletableFuture<Boolean> establishConnection(boolean overrideCleanSess
                 if (error != null) {
                     connectionCleanup();
                     logger.atError().log("Unable to connect to AWS IoT Core", error);
-                    if (ProxyUtils.getProxyConfiguration() != null) {
-                        logger.atInfo().log("You are using a proxy which uses a websocket connection and "
-                                + "TokenExchangeService credentials. Verify that the IAM role which the IoT Role "
-                                + "Alias is aliasing has a policy which allows for iot:Connect, iot:Subscribe, "
-                                + "iot:Publish, and iot:Receive.");
-                    }
                 }
             });
         }
diff --git a/src/main/java/com/aws/greengrass/mqttclient/MqttClient.java b/src/main/java/com/aws/greengrass/mqttclient/MqttClient.java
index 29838174ab..1d9c7f52db 100644
--- a/src/main/java/com/aws/greengrass/mqttclient/MqttClient.java
+++ b/src/main/java/com/aws/greengrass/mqttclient/MqttClient.java
@@ -23,11 +23,9 @@
 import software.amazon.awssdk.crt.auth.credentials.X509CredentialsProvider;
 import software.amazon.awssdk.crt.http.HttpProxyOptions;
 import software.amazon.awssdk.crt.io.ClientBootstrap;
-import software.amazon.awssdk.crt.io.ClientTlsContext;
 import software.amazon.awssdk.crt.io.EventLoopGroup;
 import software.amazon.awssdk.crt.io.HostResolver;
 import software.amazon.awssdk.crt.io.SocketOptions;
-import software.amazon.awssdk.crt.io.TlsContextOptions;
 import software.amazon.awssdk.crt.mqtt.MqttClientConnectionEvents;
 import software.amazon.awssdk.crt.mqtt.MqttMessage;
 import software.amazon.awssdk.iot.AwsIotMqttConnectionBuilder;
@@ -164,10 +162,8 @@ public MqttClient(DeviceConfiguration deviceConfiguration, ScheduledExecutorServ
                       ExecutorService executorService) {
         this(deviceConfiguration, null, ses, executorService);
 
-        HttpProxyOptions httpProxyOptions = ProxyUtils.getHttpProxyOptions(deviceConfiguration);
-
-        if (httpProxyOptions == null) {
-            this.builderProvider = (clientBootstrap) -> AwsIotMqttConnectionBuilder
+        this.builderProvider = (clientBootstrap) -> {
+            AwsIotMqttConnectionBuilder builder = AwsIotMqttConnectionBuilder
                     .newMtlsBuilderFromPath(Coerce.toString(deviceConfiguration.getCertificateFilePath()),
                             Coerce.toString(deviceConfiguration.getPrivateKeyFilePath()))
                     .withCertificateAuthorityFromPath(null, Coerce.toString(deviceConfiguration.getRootCAFilePath()))
@@ -180,41 +176,12 @@ public MqttClient(DeviceConfiguration deviceConfiguration, ScheduledExecutorServ
                             Coerce.toInt(mqttTopics.findOrDefault(DEFAULT_MQTT_PING_TIMEOUT, MQTT_PING_TIMEOUT_KEY)))
                     .withSocketOptions(new SocketOptions()).withTimeoutMs(Coerce.toInt(
                             mqttTopics.findOrDefault(DEFAULT_MQTT_SOCKET_TIMEOUT, MQTT_SOCKET_TIMEOUT_KEY)));
-        } else {
-            String tesRoleAlias = Coerce.toString(deviceConfiguration.getIotRoleAlias());
-
-            try (TlsContextOptions x509TlsOptions = TlsContextOptions
-                    .createWithMtlsFromPath(Coerce.toString(deviceConfiguration.getCertificateFilePath()),
-                            Coerce.toString(deviceConfiguration.getPrivateKeyFilePath()))) {
-
-                x509TlsOptions.withCertificateAuthorityFromPath(null,
-                        Coerce.toString(deviceConfiguration.getRootCAFilePath()));
-
-                try (ClientTlsContext x509TlsContext = new ClientTlsContext(x509TlsOptions)) {
-                    this.credentialsProvider = new X509CredentialsProvider.X509CredentialsProviderBuilder()
-                            .withClientBootstrap(clientBootstrap).withTlsContext(x509TlsContext)
-                            .withEndpoint(Coerce.toString(deviceConfiguration.getIotCredentialEndpoint()))
-                            .withRoleAlias(tesRoleAlias)
-                            .withThingName(Coerce.toString(deviceConfiguration.getThingName()))
-                            .withProxyOptions(httpProxyOptions).build();
-
-                    this.builderProvider =
-                            (clientBootstrap) -> AwsIotMqttConnectionBuilder.newMtlsBuilderFromPath(null, null)
-                                    .withEndpoint(Coerce.toString(deviceConfiguration.getIotDataEndpoint()))
-                                    .withCleanSession(false).withBootstrap(clientBootstrap).withKeepAliveMs(
-                                            Coerce.toInt(mqttTopics.findOrDefault(DEFAULT_MQTT_KEEP_ALIVE_TIMEOUT,
-                                                    MQTT_KEEP_ALIVE_TIMEOUT_KEY)))
-                                    .withProtocolOperationTimeoutMs(getMqttOperationTimeoutMillis())
-                                    .withPingTimeoutMs(Coerce.toInt(
-                                            mqttTopics.findOrDefault(DEFAULT_MQTT_PING_TIMEOUT, MQTT_PING_TIMEOUT_KEY)))
-                                    .withSocketOptions(new SocketOptions()).withTimeoutMs(Coerce.toInt(mqttTopics
-                                            .findOrDefault(DEFAULT_MQTT_SOCKET_TIMEOUT, MQTT_SOCKET_TIMEOUT_KEY)))
-                                    .withWebsockets(true).withWebsocketCredentialsProvider(credentialsProvider)
-                                    .withWebsocketSigningRegion(Coerce.toString(deviceConfiguration.getAWSRegion()))
-                                    .withWebsocketProxyOptions(httpProxyOptions);
-                }
+            HttpProxyOptions httpProxyOptions = ProxyUtils.getHttpProxyOptions(deviceConfiguration);
+            if (httpProxyOptions != null) {
+                builder.withHttpProxyOptions(httpProxyOptions);
             }
-        }
+            return builder;
+        };
     }
 
     protected MqttClient(DeviceConfiguration deviceConfiguration,