Aws-sdk-android: Support IPv4 fallback

Likely, this will require support in Paho, too. See related: https://github.com/eclipse/paho.mqtt.android/issues/385.

Hi, @Shay-repos have you found a solution to this issue?

I have no idea why such a fundamental feature hasn't add to the Android SDK. Ios and Android Simulator can connect to AWS IoT smoothly, can't connect to AWS IoT in the Ipv4-only environment is a big problem for android device

I had to modify the SDK to bypass domain checking and passed in IPv4 of aws endpoint.
Not optimal solution though.

@Shay-repos Great idea. Your method seems to be the most effective so far. I had tried to modify the Android SDK as what you said, but get an error:

MqttException (0) - javax.net.ssl.SSLHandshakeException: No subjectAltNames on the certificate match

Could you teach me how to bypass domain checking, please? This issue has been bothering me for weeks

There is a private field named "endpoint" in class AWSIotMqttManager. I just changed it to public and set it to IPv4 string right after creating new AWSIotMqttManager instance.

@Shay-repos There are constructors which accept an endpoint. You should be able to set that field directly when you construct the AWSIotMqttManager, instead of using reflection as you propose.

Hi @jamesonwilliams, could you modify endpoint from private to public, or modify private AWSIotMqttManager(final Region region, final String mqttClientId, final String endpoint) to public in AWSIotMqttManager.java, please? So that we could force the android device to connect to the server in IPv4.

@shawzyen Did you see my comment, here? Can't you use this version?

@Shay-repos There are constructors which accept an endpoint. You should be able to set that field directly when you construct the AWSIotMqttManager, instead of using reflection as you propose.

Constructor has region checking, it will throw error if endpoint is IP Address

@Shay-repos Can you use this factory method?

val region = Region.getRegion(Regions.CN_NORTH_1)
val endpoint = Endpoint.fromString("....")
val clientId = ClientId.fromString("....")
val iotManager = AWSIotMqttManager.from(region, clientId, endpoint)

@jamesonwilliams oh thanks, that worked.

@Shay-repos Hi Shay, did you add the IP address in the certificate's Subject Alternative Name list? I have tried to connect to the server in IPv4 address, and it throws an error:

MqttException (0) - javax.net.ssl.SSLHandshakeException: No subjectAltNames on the certificate match

It seems caused by the certificate, but I'm not sure.

@shawzyen If I understand that error correctly:

The certificate lives on an AWS IoT endpoint, and can't be modified by you, the customer. A Subject Alternate Name on a certificate basically says ("In addition to my real name system.whatever.com, you can refer to me as 123.44.66.19, if you'd like.) However, the IP addresses of the endpoint is probably not listed in the SAN portion of the SSL certificate, since AWS would need to frequently invalidate the certificate, when the IP set changes.

A client can theoretically disable SAN validation, though. Some discussion on achieving that with Paho, here: https://github.com/eclipse/paho.mqtt.java/issues/341. At first glance, the AWS IoT SDK doesn't have a pathway to achieve this, at the moment. Support would need to be added.

@jamesonwilliams Thanks for your reply. You explained it clearly, But I am curious how does @Shay-repos connect to the server by IP address?

Hi @Shay-repos, did you connect to the endpoint with IPv4 address successfully? After tried the serval ways but got all failed, I doubt whether the way manually input ipv4 to connect to the endpoint is feasible. I am glad if you could give me some advice, thank you!