Windows support for AWS IoT Client

.gitignore

@@ -15,4 +15,13 @@ docs/latex/
 .vscode/
 
 # Mac
-.DS_Store
+.DS_Store
+.vs/VSWorkspaceState.json
+.vs/slnx.sqlite
+.vs/ProjectSettings.json
+.vs/CMake Overview
+.vs/cmake.db
+.vs/aws-iot-device-client/FileContentIndex/21ee8aa1-3595-428d-9ba2-0211ac531d8f.vsidx
+.vs/aws-iot-device-client/v17/.wsuo
+.vs/aws-iot-device-client/v17/Browse.VC.db
+.vs/aws-iot-device-client/v17/DocumentLayout.json

CMakeLists.txt

@@ -16,7 +16,12 @@ option(EXCLUDE_CONFIG_SHADOW "Builds the device client without the IoT Config Sh
 option(EXCLUDE_SAMPLE_SHADOW "Builds the device client without the IoT Sample Shadow Feature." OFF)
 option(EXCLUDE_SECURE_ELEMENT "Builds the device client without the support for storing/accessing keys stored in a secure module using PKCS#11." ON)
 option(EXCLUDE_SENSOR_PUBLISH "Builds the device client without the Sensor Publish over MQTT Feature." OFF)
-option(EXCLUDE_SENSOR_PUBLISH_SAMPLES "Builds the device client without the Sensor Publish sample servers." OFF)
+if (WIN32)
+    option(EXCLUDE_SENSOR_PUBLISH_SAMPLES "Builds the device client without the Sensor Publish sample servers." ON)
+else()
+    # Exclude this example from windows version as it uses Linux sockets and needs to be reworked for Window
+    option(EXCLUDE_SENSOR_PUBLISH_SAMPLES "Builds the device client without the Sensor Publish sample servers." OFF)
+endif ()    
 option(GIT_VERSION "Updates the version number using the Git commit history" ON)
 
 if (EXCLUDE_JOBS)
@@ -71,6 +76,10 @@ if (EXCLUDE_SENSOR_PUBLISH_SAMPLES)
     add_definitions(-DEXCLUDE_SENSOR_PUBLISH_SAMPLES)
 endif()
 
+if (WIN32)
+    add_definitions(-D_CRT_SECURE_NO_WARNINGS)
+endif()
+
 list(APPEND CMAKE_MODULE_PATH "./sdk-cpp-workspace/lib/cmake")
 
 file(GLOB CONFIG_SRC "source/config/*.cpp")
@@ -159,6 +168,15 @@ configure_file("source/Version.h.in" "${PROJECT_BINARY_DIR}/Version.h")
 set(OPENSSL_USE_STATIC_LIBS TRUE)
 find_package(OpenSSL REQUIRED)
 
+#########################################
+# Get unistd implementation for Windows #
+#########################################
+if (WIN32)
+    file(GLOB ST_WIN32 "source/win32/*.cpp")
+    list(APPEND DC_SRC ${ST_WIN32})
+    include_directories("source/win32")
+endif ()
+
 #########################################
 # AWS IoT v2 SDK C++ dependency         #
 #########################################
@@ -245,6 +263,22 @@ if (LINK_DL)
     target_link_libraries(${DC_PROJECT_NAME} dl)
 endif ()
 
+# Copy OpenSSL DLLs on Windows
+# Set the output directory for the executable
+# Use generator expressions to handle Debug/Release subfolders
+if (WIN32)
+    set(OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/${CMAKE_BUILD_TYPE})
+    # Define a post-build step to copy multiple DLLs
+    add_custom_command(TARGET ${DC_PROJECT_NAME} POST_BUILD
+        COMMAND ${CMAKE_COMMAND} -E copy_if_different
+        "${OPENSSL_INCLUDE_DIR}/../bin/libcrypto-3-x64.dll"
+        "${OUTPUT_DIRECTORY}/libcrypto-3-x64.dll"
+        COMMAND ${CMAKE_COMMAND} -E copy_if_different
+        "${OPENSSL_INCLUDE_DIR}/../bin/libssl-3-x64.dll"
+        "${OUTPUT_DIRECTORY}/libssl-3-x64.dll"
+    )
+endif()
+
 if (BUILD_TEST_DEPS)
     # Download and unpack googletest at configure time
     configure_file(CMakeLists.txt.gtest

README.md

@@ -53,7 +53,7 @@ The modular IoT Device Client consists of a “base client” and discrete “cl
   when you onboard a fleet of devices using the [Fleet Provisioning capability](https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html) of AWS IoT Core. It creates a device specific certificate and private key, and registers the device on AWS IoT Core.
 * The client-side Named Shadows feature enables you to control your IoT device using [AWS IoT Named Shadows](https://docs.aws.amazon.com/iot/latest/developerguide/iot-device-shadows.html). Shadows can store your device's state information and make it available to your device, AWS IoT services, your custom  apps and other AWS services whether the device is online and connected to AWS IoT or not.
 ### List of Supported Platforms
-The AWS IoT Device Client is currently compatible with x86_64, aarch64, armv7l, mips32, ppc64, and ppc64le architectures and common Linux software environments (Debian, Ubuntu, and RHEL).
+The AWS IoT Device Client is currently compatible with x86_64, aarch64, armv7l, mips32, ppc64, and ppc64le architectures, common Linux software environments (Debian, Ubuntu, and RHEL) and Windows 11.
 
 ## Installation
 *__Sections:__*
@@ -91,12 +91,14 @@ from our repository [here](https://gallery.ecr.aws/aws-iot-device-client/aws-iot
 ### Building from source
 
 To use the AWS IoT Device Client, you'll need to compile an executable using the source code provided by this
-repository. Below, you'll find instructions for how to build the AWS IoT Device Client for your target machine.
+repository. Below, you'll find instructions for how to build the AWS IoT Device Client for your target machine (Note: for Windows use PowerShell)
 
 ### Quick Start
 
 The following commands should work for most users when you plan to run the AWS IoT Device Client on the same machine
-that you're performing the compilation on:
+that you're performing the compilation on.
+
+#### Step 1: Building (Linux and Window)
 
 ```
 # Building
@@ -106,11 +108,25 @@ mkdir build
 cd build
 cmake ../
 cmake --build . --target aws-iot-device-client
+```
 
+#### Step 2: Setup (Linux)
+```
 # Setup
 cd ../
 ./setup.sh # At this point you'll need to respond to prompts for information, including paths to your thing certs
+```
 
+#### Step 2: Setup (Windows)
+```
+# Setup
+cd ../
+./setup.ps1 # At this point you'll need to respond to prompts for information, including paths to your thing certs
+```
+
+#### Step 3: Run the Client
+
+```
 # Run the AWS IoT Device Client
 ./aws-iot-device-client # This command runs the executable
 ```

docs/CONFIG.md

@@ -11,9 +11,11 @@ file, or both. For a complete list of available command line arguments, pass `--
 Note: Parameters that are passed through the command line take precedence and overwrite any values that may have been written in the JSON configuration file. 
 
 To configure the AWS IoT Device Client via the JSON configuration file, you can also modify our configuration template 
-`config-template.json` located in the root of this package and store it at `~/.aws-iot-device-client/aws-iot-device-client.conf`
-where `~/` refers to the home directory of the user running the Device Client. If you'd like to specify a different location
-for your configuration file, you can pass the `--config-file <your-path>` flag to the AWS IoT Device Client. 
+`config-template.json` located in the root of this package and store it at 
++ Linux: `~/.aws-iot-device-client/aws-iot-device-client.conf` where `~/` refers to the home directory of the user running the Device Client
++ Windows:  `%USERPROFILE%\.aws-iot-device-client/aws-iot-device-client.conf` where `%USERPROFILE%` is an environment variable that contains the path to the profile directory of the user running the Device Client.
+
+If you'd like to specify a different location for your configuration file, you can pass the `--config-file <your-path>` flag to the AWS IoT Device Client. 
 
 There are four (4) fields that MUST be passed to the AWS IoT Device Client through some combination of either CLI arguments, 
 JSON configuration, or both:

docs/ENV.md

@@ -19,7 +19,7 @@ In addition to the application configuration settings described in [Configuring
     * Enabling memory allocation tracing has a nontrivial cost and we do not recommend that customers enable this by default for production deployments.
 
 * `LOCK_FILE_PATH`
-  * To enforce single instance creation, device client writes a file to a specific directory. By default, the device client will write the lockfile to `/run/lock/` and name it "devicecl.lock". 
+  * To enforce single instance creation, device client writes a file to a specific directory. By default, the device client will write the lockfile "devicecl.lock" to `/run/lock/` in Linux or `%LOCALAPPDATA%\aws-iot-device-client\lock\` in Windows. 
   * To override the default directory, set `LOCK_FILE_PATH` to a writable directory e.g. `LOCK_FILE_PATH=/my/dir/`. Permissions still apply when writing to restricted directories.
   * While this should in theory enforce a single instance of device client, double check with `ps` if device client is not starting properly.
 

docs/HTTP_PROXY.md

@@ -21,7 +21,7 @@ The AWS IoT Device Client initiates the MQTT connection based on the implementat
 ### Configuring HTTP Proxy via the JSON configuration file
 An HTTP Proxy configuration file is a JSON document that uses parameters to describe the proxy options used to interact with AWS IoT.
 
-The default HTTP proxy config file should be placed on your device at `~/.aws-iot-device-client/http-proxy.conf`. AWS IoT Device Client would establish MQTT connect with HTTP proxy **only if the `http-proxy-enabled` flag in the configuration is set to `true`**.
+The default HTTP proxy config file should be placed on your device at `~/.aws-iot-device-client/http-proxy.conf` in Linux and `%USERPROFILE%\.aws-iot-device-client/http-proxy.conf` in Windows. AWS IoT Device Client would establish MQTT connect with HTTP proxy **only if the `http-proxy-enabled` flag in the configuration is set to `true`**.
 #### Sample HTTP proxy configuration
 ```
 {
@@ -65,11 +65,18 @@ For more information regarding permission recommandations, check out the [permis
 
 ### Overriding the default configuration file from command line interface
 
-User can switch between different HTTP proxy config files without modifying the default config. To override the default HTTP proxy config under the file path `~/.aws-iot-device-client/http-proxy.conf`, start the AWS IoT Device Client with the `--http-proxy-config` parameter and the file path of the overriding HTTP proxy config file.
+User can switch between different HTTP proxy config files without modifying the default config. To override the default HTTP proxy config under the file path `~/.aws-iot-device-client/http-proxy.conf` in Linux or `%USERPROFILE%\.aws-iot-device-client/aws-iot-device-client.conf` in Windows, start the AWS IoT Device Client with the `--http-proxy-config` parameter and the file path of the overriding HTTP proxy config file.
 
+#### Linux
 ```
 $ ./aws-iot-device-client --http-proxy-config ~/.aws-iot-device-client/MyProxyConfig1.conf
 ```
+
+#### Windows
+```
+$ .\aws-iot-device-client --http-proxy-config '%USERPROFILE%\.aws-iot-device-client\MyProxyConfig1.conf'
+```
+
 *Note:* User still need to follow the example format of the HTTP proxy configuration file. HTTP proxy will be enabled only if the `http-proxy-enabled` is set to `true`.
 
 *Note:* File and parent folder permissions will also be enforced on the overriding configuration file.

docs/PERMISSIONS.md

@@ -10,7 +10,8 @@
 ## File and Directory Permissions
 The AWS IoT Device Client requires specific permissions on files and directory storing these files. Please make sure these permissions are applied on files and directories which are created manually by user before starting the Device Client.
 
-*Note: The numbers mentioned bellow are Chmod Permissions for File or Directory*
+
+*Note: The numbers mentioned bellow are Chmod Permissions for File or Directory. In Windows refer to [Linux Chmod to Windows Permissions Mapping](#linux-chmod-to-windows-permissions-mapping).*
 
 #### Recommended and Required permissions on files
 File          | Chmod Permissions | Required |
@@ -42,6 +43,27 @@ Directory Storing PKCS11 Library File  | 700               | **Yes**
 
 *Note: It is worth noting here that files are directories storing these files created by AWS IoT Device Client will have the above mentioned permissions set by default*
 
+### Linux Chmod to Windows Permissions Mapping
+For simplicity and corss-compatibility Linux Chmod permissions were mapped to Windows File SEcurity Permissions. The following tables provide the mapping:
+
+#### Classes of Users
+Linux       | Windows   |
+--------    |--------   |
+user / owner     | User under which AWS IoT Device Client is running
+group       | Local Users group
+others      | Local Everyone group
+
+#### Access Modes
+Linux       | Windows   |
+--------    |--------   |
+r / read     | Read
+w / write    | Write
+x / execute     | Read & Execute
+
+
+*Note: AWS IoT Device CLient will remove permission inheritance from its files and folders and will always add Full Access for the local Administrators group.*
+
+
 **Next**: [Environment Variables](ENV.md)
 
 [*Back To The Top*](#permissions)

docs/SETUP.md

@@ -5,6 +5,7 @@
 
 ## Setting Up The Device Client
 
+### Setting Up On Linux
 This package comes with an interactive script for setting up the Device Client. This script can be used to generate
 initial Device Client configuration, as well as setup the Device Client as a service.
 
@@ -30,6 +31,25 @@ By default, this will be `~/.aws-iot-device-client/aws-iot-device-client.conf` o
 
 *Note: The Jobs and Secure Tunneling features are **enabled** by default, while all other Device Client features are **disabled** by default. You can use the JSON config file and/or CLI options to enable/disable any of these features.*
 
+### Setting Up On Windows
+This package comes with an interactive PowerShell script for setting up the Device Client. This script can be used to generate
+initial Device Client configuration in the similar way as it is done for Linux. However, setting up Device Client as Windows Service is not supported at the moment.
+
+To use the script, run the following command.
+
+```
+./setup.ps1
+```
+
+You should also make sure to run the script as Administrator or as a user with enough permissions to set / change file and folder security settings. The script will also ask you to provide a username under which you are planning to run AWS IoT Device Client. The script will use provided account to setup AWS IoT Device Client's file and folder permissions appropriately (refer to [Permissions Page][PERMISSIONS.md]).
+
+After completing the prompts, check if the config file exists in the proper directory. 
+By default, this will be `%USERPROFILE%/.aws-iot-device-client/aws-iot-device-client.conf` (Note, it will the the %USERPROFILE% of the provided user account or the current user if none provided).
+
+*Note: The Jobs and Secure Tunneling features are **enabled** by default, while all other Device Client features are **disabled** by default. You can use the JSON config file and/or CLI options to enable/disable any of these features.*
+
+### Additional / Other Settings
+
 You can use the following command to see all of the CLI options available for the Device Client
 
  ```

sample-job-docs/win32/download-file.json

@@ -0,0 +1,21 @@
+{
+  "_comment": "This sample JSON file can be used for downloading specific file from cloud storage. The arguments passed here in `steps`->`action`->`args` are valid file URL and path where we want to store the downloaded file on the device.",
+  "version": "1.0",
+  "steps": [
+    {
+      "action": {
+        "name": "Download File",
+        "type": "runHandler",
+        "input": {
+          "handler": "download-file.ps1",
+          "args": [
+            "https://github.com/awslabs/aws-iot-device-client/archive/refs/tags/v1.3.tar.gz",
+            "C:\\tmp\\Downloaded_File.tar.gz"
+          ],
+          "path": "default"
+        },
+        "runAsUser": "root"
+      }
+    }
+  ]
+}

sample-job-docs/win32/echo.json

@@ -0,0 +1,18 @@
+{
+  "_comment": "This sample JSON file can be used for running the echo command on the device side.",
+  "version": "1.0",
+  "steps": [
+    {
+      "action": {
+        "name": "Echo Messages",
+        "type": "runHandler",
+        "input": {
+          "handler": "echo",
+          "args": [
+            "Hello IoT World!"
+          ]
+        }
+      }
+    }
+  ]
+}

sample-job-docs/win32/health-check.json

@@ -0,0 +1,19 @@
+{
+  "_comment": "This sample JSON file can be used to check device responsiveness to Jobs",
+  "version": "1.0",
+  "steps": [
+    {
+      "action": {
+        "name": "Health Check",
+        "type": "runHandler",
+        "input": {
+          "handler": "health-check.ps1",
+          "args": [
+          ],
+          "path": "default"
+        },
+        "runAsUser": "root"
+      }
+    }
+  ]
+}

sample-job-docs/win32/run-shellcommand.json

@@ -0,0 +1,16 @@
+{
+  "_comment": "This sample JSON file can be used for creating a new directory newDir at the current filepath.",
+  "version": "1.0",
+  "steps": [
+    {
+      "action": {
+        "name": "Create New Directory",
+        "type": "runCommand",
+        "input": {
+          "command": "mkdir,newDir"
+        },
+        "runAsUser": "root"
+      }
+    }
+  ]
+}

sample-job-handlers/win32/download-file.ps1

@@ -0,0 +1,18 @@
+# Capture parameters
+$user = $args[0]
+$fileUrl = $args[1]
+$outputFile = $args[2]
+
+$ErrorActionPreference = "Stop"
+
+Write-Host ("Username (ignored in Windows): " + $user)
+Write-Host ("File URL: $fileUrl")
+Write-Host ("Write documents to file: $outputFile")
+
+# Check target folder and create it if missing
+$outputPath = Split-Path -Path $outputFile -Parent
+if (-Not (Test-Path $outputPath)) {
+    New-Item -Path $outputPath -ItemType Directory -Force | Out-Null
+}
+
+Invoke-WebRequest -Uri $fileUrl -OutFile $outputFile

sample-job-handlers/win32/health-check.ps1

@@ -0,0 +1,7 @@
+# This handler simply exits 0 so that the simplest possible Job may be run to confirm the devices connectivity and ability
+# to process Jobs.
+# Set error action preference to stop on any error
+$ErrorActionPreference = "Stop"
+
+# Exit the script with a status code of 0
+exit 0