Java Bindings for the AWS Common Runtime
This library is licensed under the Apache 2.0 License.
Jump To:
- Platform Specific Building
- Java CRT Documentation
- Installing
- Platform-Specific JARs
- FIPS Compliance
- GraalVM support
- System Properties
- TLS Behavior
- Testing
- IDEs
- Debugging
Requirements:
- Clang 3.9+ or GCC 4.4+
- cmake 3.9+
- Java: Any JDK8 or above, ensure
JAVA_HOME
is set - Maven
Building:
apt-get install cmake3 maven openjdk-8-jdk-headless -y
git clone https://github.com/awslabs/aws-crt-java.git
cd aws-crt-java
git submodule update --init --recursive
mvn compile
Requirements:
- cmake 3.9+
- ninja
- Java: Any JDK8 or above, ensure
JAVA_HOME
is set - Maven
Building:
brew install maven cmake
(if you have homebrew installed, otherwise install these manually)git clone https://github.com/awslabs/aws-crt-java.git
cd aws-crt-java
git submodule update --init --recursive
mvn compile
Requirements:
- Visual Studio 2015 or above
- CMake 3.9+
- Java: Any JDK8 or above, ensure
JAVA_HOME
is set - Maven
Building:
choco install maven
(if you have chocolatey installed), otherwise install maven and the JDK manuallygit clone https://github.com/awslabs/aws-crt-java.git
cd aws-crt-java
git submodule update --init --recursive
mvn compile
NOTE: Make sure you run this from a VS Command Prompt or have run VCVARSALL.BAT
in your current shell so
CMake can find Visual Studio.
From the aws-crt-java directory:
mvn install
From maven: (https://search.maven.org/artifact/software.amazon.awssdk.crt/aws-crt/)
The aws-crt
JAR in Maven Central is a large "uber" jar that contains compiled C libraries for many different platforms (Windows, Linux, etc). If size is an issue, you can pick a smaller platform-specific JAR by setting the <classifier>
.
Sample to use classifier from aws-crt:
<!-- Platform-specific Linux x86_64 JAR -->
<dependency>
<groupId>software.amazon.awssdk.crt</groupId>
<artifactId>aws-crt</artifactId>
<version>0.20.5</version>
<classifier>linux-x86_64</classifier>
</dependency>
<!-- "Uber" JAR that works on all platforms -->
<dependency>
<groupId>software.amazon.awssdk.crt</groupId>
<artifactId>aws-crt</artifactId>
<version>0.20.5</version>
</dependency>
- linux-armv6 (no auto-detect)
- linux-armv7 (no auto-detect)
- linux-aarch_64
- linux-x86_32
- linux-x86_64
- linux-x86_64-musl (no auto-detect)
- linux-armv7-musl (no auto-detect)
- linux-aarch_64-musl (no auto-detect)
- osx-aarch_64
- osx-x86_64
- windows-x86_32
- windows-x86_64
- fips-where-available (no auto-detect)
The os-maven-plugin can automatically detect your platform's classifier at build time.
NOTES: The auto-detected linux-arm_32
platform classifier is not supported, you must specify linux-armv6
or linux-armv7
.
Additionally, musl vs glibc detection is not supported either. If you are deploying to a musl-based system and wish to use
a classifier-based jar, you must specify the classifier name yourself.
<build>
<extensions>
<!-- Generate os.detected.classifier property -->
<extension>
<groupId>kr.motd.maven</groupId>
<artifactId>os-maven-plugin</artifactId>
<version>1.7.0</version>
</extension>
</extensions>
</build>
<dependencies>
<dependency>
<groupId>software.amazon.awssdk.crt</groupId>
<artifactId>aws-crt</artifactId>
<version>0.20.5</version>
<classifier>${os.detected.classifier}</classifier>
</dependency>
<dependencies>
Currently the classifier fips-where-available
provides an "uber" jar with FIPS compliance on some platforms.
Platforms without FIPS compliance are also included in this jar, for compatibility's sake. Check CRT.isFIPS()
at runtime to ensure you are on a FIPS compliant platform. The current breakdown is:
- FIPS compliant: linux-aarch_64, linux-x86_64
- NOT compliant: linux-armv6, linux-armv7, linux-armv7-musl, linux-aarch_64-musl, linux-x86_32, linux-x86_64-musl, osx-aarch_64, osx-x86_64, windows-x86_32, windows-x86_64
Warning
The classifier, and platforms with FIPS compliance are subject to change in the future.
Platforms with FIPS compliance use AWS-LC as their cryptographic module (NIST Certificate #4816).
Since version v0.29.20, GraalVM native image was supported. You can compile your application with AWS CRT in a GraalVM native image project without any additional configuration.
Since version v0.31.1, GraalVM support was updated. Instead of packaging the JNI shared libraries with native image as resources, the corresponding shared lib will be written to the same directory as the native image. In this way, it reduces the native image size around 30% (142 MB to 101 MB for a sample application), and avoids the extra loading time needed for extracting the JNI lib to the temporary path for load. No additional configuration needed.
Note
The JNI shared lib must be in the same directory as the GraalVM native image. If you move the native image, you must move this file too. It is aws-crt-jni.dll
on Windows, libaws-crt-jni.dylib
on macOS, and libaws-crt-jni.so
on Unix.
- To enable logging, set
aws.crt.log.destination
oraws.crt.log.level
:aws.crt.log.level
- Log level. May be: "None", "Fatal", "Error", "Warn" (default), "Info", "Debug", "Trace".aws.crt.log.destination
- Log destination. May be: "Stderr" (default), "Stdout", "File", "None".aws.crt.log.filename
- File to use whenaws.crt.log.destination
is "File".
aws.crt.libc
- (Linux only) Set to "musl" or "glibc" if CRT cannot properly detect which to use.aws.crt.lib.dir
- Set directory where CRT may extract its native library (by default,java.io.tmpdir
is used)aws.crt.memory.tracing
- May be: "0" (default, no tracing), "1" (track bytes), "2" (more detail). Allows the CRT.nativeMemory() and CRT.dumpNativeMemory() functions to report native memory usage.
The CRT uses native libraries for TLS, rather than Java's typical Secure Socket Extension (JSSE), KeyStore, and TrustStore. On Windows and Apple devices, the built-in OS libraries are used. On Linux/Unix/etc s2n-tls is used.
If you need to add certificates to the trust store, add them to your OS trust store. The CRT does not use the Java TrustStore. For more customization options, see TlsContextOptions and TlsConnectionOptions.
Please note that on Mac, once a private key is used with a certificate, that certificate-key pair is imported into the Mac Keychain. All subsequent uses of that certificate will use the stored private key and ignore anything passed in programmatically. Beginning in v0.6.6, when a stored private key from the Keychain is used, the following will be logged at the "info" log level:
static: certificate has an existing certificate-key pair that was previously imported into the Keychain. Using key from Keychain instead of the one provided.
Some tests require pre-configured resources and proper environment variables to be set to run properly. These tests will be quietly skipped if the environment variables they require are not set.
Many IoT related tests require that you have set up an AWS IoT Thing.
- Some required environment variables
AWS_TEST_MQTT311_IOT_CORE_HOST
: AWS IoT service endpoint hostname for MQTT3AWS_TEST_MQTT311_IOT_CORE_RSA_CERT
: Path to the IoT thing certificate for MQTT3AWS_TEST_MQTT311_IOT_CORE_RSA_KEY
: Path to the IoT thing private key for MQTT3AWS_TEST_MQTT311_IOT_CORE_ECC_CERT
: Path to the IoT thing with EC-based certificate for MQTT3AWS_TEST_MQTT311_IOT_CORE_ECC_KEY
: Path to the IoT thing with ECC private key for MQTT3 (The ECC key file should only contains the ECC Private Key section to working on MacOS.)AWS_TEST_MQTT311_ROOT_CA
: Path to the root certificate
Other Environment Variables that can be set can be found in the SetupTestProperties()
function in CrtTestFixture.java
These can be set persistently via Maven settings (usually in ~/.m2/settings.xml
):
<settings>
...
<profiles>
<profile>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<crt.test.endpoint>XXXXXXXXXX-ats.iot.us-east-1.amazonaws.com</crt.test.endpoint>
<crt.test.certificate>/path/to/XXXXXXXX-certificate.pem.crt</crt.test.certificate>
<crt.test.privatekey>/path/to/XXXXXXXX-private.pem.key</crt.test.privatekey>
<crt.test.rootca>/path/to/AmazonRootCA1.pem</crt.test.rootca>
... etc ...
</properties>
</profile>
</profiles>
</settings>%
Most of proxy related tests need pre-configured Proxy host to run the tests properly.
- Required environment variables:
AWS_TEST_HTTP_PROXY_HOST
: Hostname of proxyAWS_TEST_HTTP_PROXY_PORT
: Port of proxyNETWORK_TESTS_DISABLED
: Set this if tests are running in a constrained environment where network access is not guaranteed/allowed.
Most of S3 related tests require AWS credentials and a set of pre-configured S3 buckets. There is a helper script from aws-c-s3 that can be used to set up the test environment, here.
Example to use the helper and run the S3 tests:
cd aws-crt-java
python3 -m pip install boto3
export CRT_S3_TEST_BUCKET_NAME=<bucket_name>
python3 crt/aws-c-s3/tests/test_helper/test_helper.py init
# Run S3ClientTest. eg: mvn -Dtest=S3ClientTest test
more details about the helper can be found from here.
- Required environment variable:
CRT_S3_TEST_BUCKET_NAME
: The basic bucket name for S3 tests.
- CMake is configured to export a compilation database at target/cmake-build/compile_commands.json
- CLion: Build once with maven, then import the project as a Compilation Database Project
- VSCode: will detect that this is both a java project and if you have the CMake extension, you can point that at CMakeLists.txt and the compilation database
Tests can be debugged in Java/Kotlin via the built-in tooling in VSCode and IntelliJ. If you need to debug the native code, it's a bit trickier.
To debug native code with VSCode or CLion or any other IDE:
-
Find your
mvn
launch script(e.g.realpath $(which mvn)
) and pull the command line at the bottom from it. This changes between versions of maven, so it is difficult to give consistent directions.As an example, for Maven 3.6.0 on Linux:
/path/to/java -classpath /usr/share/java/plexus-classworlds-2.5.2.jar -Dclassworlds.conf=/usr/share/maven/bin/m2.conf -Dmaven.home=/usr/share/maven -Dlibrary.jansi.path=/usr/share/maven/lib/jansi-native -Dmaven.multiModuleProjectDirectory=. org.codehaus.plexus.classworlds.launcher.Launcher test -DforkCount=0 -Ddebug.native -Dtest=HttpClientConnectionManager#testMaxParallelConnections
The important parts are:
-DforkCount=0
- prevents the Maven process from forking to run tests, so your debugger will be attached to the right process. You can ignore this if you configure your debugger to attach to child processes.-Ddebug.native
- Makes CMake compile the JNI bindings and core libraries in debug. By default, we compile in release with symbols, which will help for call stacks, but less so for live debugging.
-
Set the executable to launch to be your java binary (e.g.
/usr/bin/java
) -
Set the parameters to be the ones used by the
mvn
script, as per above -
Set the working directory to the
aws-crt-java
directory -
On windows, you will need to manually load the PDB via the Modules window in Visual Studio, as it is not embedded in the JAR. It will be in the
target/cmake-build/lib/windows/<arch>
folder.