Aws-sdk-android: AWSIotClient createKeysAndCertificate stopped working in Android Application

Created on 31 Oct 2020  路  24Comments  路  Source: aws-amplify/aws-sdk-android

Describe the bug
createKeysAndCertificate stopped working in our production application. It was working perfectly but suddenly started giving an UnknownOperationException with status code 400.

To Reproduce
Here is the code which is used to create keys and certificate: 

private void doCertificateInitialization(
        String deviceId, ObservableEmitter<Boolean> emitter) {
    Region region = Region.getRegion(MY_REGION);
    CognitoCachingCredentialsProvider credentialsProvider;
    // Initialize the AWS Cognito credentials provider
    credentialsProvider = new CognitoCachingCredentialsProvider(
        context, BuildConfig.COGNITO_POOL_ID, MY_REGION
    );
    // IoT Client (for creation of certificate if needed)
    mIotAndroidClient = new AWSIotClient(credentialsProvider);
    mIotAndroidClient.setRegion(region);
    keystorePath = context.getFilesDir().getPath();
    keystoreName = KEYSTORE_NAME;
    keystorePassword = KEYSTORE_PASSWORD;
    certificateId = CERTIFICATE_ID;
    boolean certAlreadyExists = isCertCreated(context);
    if (certAlreadyExists) {
        emitter.onNext(true);
        emitter.onComplete();
        return;
    }
    try {
        // Create a new private key and certificate. This call
        // creates both on the server and returns them to the
        // device.
        CreateKeysAndCertificateRequest createKeysAndCertificateRequest =
            new CreateKeysAndCertificateRequest();
        createKeysAndCertificateRequest.setSetAsActive(true);
        CreateKeysAndCertificateResult createKeysAndCertificateResult =
            mIotAndroidClient.createKeysAndCertificate(createKeysAndCertificateRequest);
        Log.i(LOG_TAG, "Cert ID: " +
            createKeysAndCertificateResult.getCertificateId() + " created.");

        // store in keystore for use in MQTT client
        // saved as alias "default" so a new certificate isn't
        // generated each run of this application
        AWSIotKeystoreHelper.saveCertificateAndPrivateKey(
            certificateId,
            createKeysAndCertificateResult.getCertificatePem(),
            createKeysAndCertificateResult.getKeyPair().getPrivateKey(),
            keystorePath,
            keystoreName,
            keystorePassword
        );

        // load keystore from file into memory to pass on
        // connection
        clientKeyStore = AWSIotKeystoreHelper.getIotKeystore(certificateId,
                keystorePath, keystoreName, keystorePassword);
        // Attach a policy to the newly created certificate.
        // This flow assumes the policy was already created in
        // AWS IoT and we are now just attaching it to the
        // certificate.
        AttachPrincipalPolicyRequest policyAttachRequest = new AttachPrincipalPolicyRequest();
        policyAttachRequest.setPolicyName(AWS_IOT_POLICY_NAME);
        policyAttachRequest.setPrincipal(createKeysAndCertificateResult.getCertificateArn());
        mIotAndroidClient.attachPrincipalPolicy(policyAttachRequest);
        long nowTime = System.currentTimeMillis();
        CertAssocModel certAssocModel = new CertAssocModel(
            deviceId,
            createKeysAndCertificateResult.getCertificateId(),
            createKeysAndCertificateResult.getCertificateArn(),
            false,
            new Date(nowTime)
        );
        String certAssocMessage = JsonHelper.toJsonCertAssocModel(certAssocModel);
        initConnection(certAssocMessage, context, emitter);
    } catch (Exception e) {
        e.printStackTrace();
        emitter.onError(e);
    }
}

Additional context
Here is exact log:

com.amazonaws.AmazonServiceException: (Service: AWSIot; Status Code: 400; Error Code: UnknownOperationException; Request ID: 36985e4f-8493-4ec6-a096-f6c6ffd1ab0f)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:731)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:405)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:212)
at com.amazonaws.services.iot.AWSIotClient.invoke(AWSIotClient.java:11411)
at com.amazonaws.services.iot.AWSIotClient.createKeysAndCertificate(AWSIotClient.java:1697)
at io.modifi.modifisensors.utils.AwsIotUtils.doCertificateInitialization(AwsIotUtils.java:126)
at io.modifi.modifisensors.utils.AwsIotUtils.lambda$doCertificateInit$0$AwsIotUtils(AwsIotUtils.java:91)
at io.modifi.modifisensors.utils.-$$Lambda$AwsIotUtils$eTvo8OxvDVrJI8eERraJ48WJzNE.subscribe(Unknown Source:2)
at io.reactivex.internal.operators.observable.ObservableCreate.subscribeActual(ObservableCreate.java:40)
at io.reactivex.Observable.subscribe(Observable.java:12267)
at io.reactivex.internal.operators.observable.ObservableObserveOn.subscribeActual(ObservableObserveOn.java:45)
at io.reactivex.Observable.subscribe(Observable.java:12267)
at io.reactivex.internal.operators.observable.ObservableSubscribeOn$SubscribeTask.run(ObservableSubscribeOn.java:96)
at io.reactivex.Scheduler$DisposeTask.run(Scheduler.java:578)
at io.reactivex.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:66)
at io.reactivex.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:57)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:764)
IoT
Source
picture nsspl-india

All 24 comments

I was also facing the same problem.
any help would be appreciated!

vansubkfet123 picture vansubkfet123 on 1 Nov 2020

Would you be able to provide the version of the SDK you're currently using? Is this something that's happening consistently?

UnknownOperationException typically indicates that the request payload sent to the service was somehow malformed. I've looked back in the AWSIotClient.java file history and that operation has been there, unchanged, for quite a while.

rjuliano picture rjuliano on 2 Nov 2020

@rjuliano These are the SDKs which we are using for IoT:

  1. 'com.amazonaws:aws-android-sdk-core:2.19.1'
  2. 'com.amazonaws:aws-android-sdk-iot:2.19.1'

In the current production app, we are using these SDKs:

  1. 'com.amazonaws:aws-android-sdk-core:2.16.13'
  2. 'com.amazonaws:aws-android-sdk-iot:2.16.13'
nsspl-india picture nsspl-india on 2 Nov 2020

Same problem. Our code looks very similar to OP.

This fails every time:

iotAndroidClient.createKeysAndCertificate(createKeysAndCertificateRequest)

We haven't changed it for a month or two. Was definitely working on Friday. These are the versions we are using in the Gradle file:

def aws_version = '2.16.11'
implementation("com.amazonaws:aws-android-sdk-mobile-client:$aws_version@aar") { transitive = true }
implementation("com.amazonaws:aws-android-sdk-auth-userpools:$aws_version@aar") { transitive = true }
implementation("com.amazonaws:aws-android-sdk-auth-ui:$aws_version@aar") { transitive = true }
implementation("com.amazonaws:aws-android-sdk-iot:$aws_version@aar") { transitive = true }
martinxluptak picture martinxluptak on 2 Nov 2020

Currently investigating this.

rjuliano picture rjuliano on 2 Nov 2020

Same problem for us too...

implementation 'com.amazonaws:aws-android-sdk-mobile-client:2.16.12'
implementation group: 'com.amazonaws', name: 'aws-android-sdk-iot', version: '2.16.12'

(Service: AWSIot; Status Code: 400; Error Code: UnknownOperationException; Request ID: 6979d575-xxxx-xxxx-xxxx-96cf8bdbca55)
        at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:730)
        at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:405)
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:212)
        at com.amazonaws.services.iot.AWSIotClient.invoke(AWSIotClient.java:11411)
        at com.amazonaws.services.iot.AWSIotClient.createKeysAndCertificate(AWSIotClient.java:1697)
pokmis picture pokmis on 2 Nov 2020

I'm also facing the same issue since Friday.

meashumishra picture meashumishra on 2 Nov 2020

We've reached out to the service team for help on this and will provide an update as soon as it's available.

rjuliano picture rjuliano on 2 Nov 2020
👍1

@rjuliano When can i get update about this issue??

nsspl-india picture nsspl-india on 3 Nov 2020

Hi @nsspl-india - we've raised a high severity ticket internally against the service team since it appears the problem is on their end and broke iOS as well. We'll post here as soon as the issue is resolved.

TrekSoft picture TrekSoft on 3 Nov 2020
👍1

Same issue with 2.19.1 version creathing thing: mIotClient.createThing(createThingRequest);
com.amazonaws.AmazonServiceException: (Service: AWSIot; Status Code: 400; Error Code: UnknownOperationException; Request ID: daafa55e-a656-4ab2-b54e-0a5b92056d04)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:731)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:405)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:212)
at com.amazonaws.services.iot.AWSIotClient.invoke(AWSIotClient.java:11411)
at com.amazonaws.services.iot.AWSIotClient.createThing(AWSIotClient.java:2367)
at com.tumble.controller.ui.machinesetup.MachineSetupViewModel.lambda$initIoT$3$MachineSetupViewModel(MachineSetupViewModel.java:178)
at com.tumble.controller.ui.machinesetup.-$$Lambda$MachineSetupViewModel$PqCIWLBWQe0OZogqJY2RPinmQBA.run(Unknown Source:6)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)

joccjo picture joccjo on 3 Nov 2020

Hi @nsspl-india - we've raised a high severity ticket internally against the service team since it appears the problem is on their end and broke iOS as well. We'll post here as soon as the issue is resolved.

@TrekSoft Thanks for update.

nsspl-india picture nsspl-india on 3 Nov 2020
👍1

Hi @TrekSoft - Thanks for the update, I'm facing the same issue, and it could be region specific?
Works with us-east-1 and fails with us-west-2 + other regions.

Sample endpoint:
Working endpoint: a1a1a1a1a1a1a1.iot.us-east-1.amazonaws.com
Not working endpoint: a1a1a1a1a1a1a1..iot.us-west-2.amazonaws.com

-VP

VEERESHPHOOLBHAVI picture VEERESHPHOOLBHAVI on 3 Nov 2020

Yep, they did a recent deployment to us-west-2 and two other regions but not us-east-1 so working with them on addressing it.

TrekSoft picture TrekSoft on 3 Nov 2020

Perfect! Thanks, @TrekSoft; currently, this issue blocks our production devices; it would be great if the team can close this issue sooner.

VEERESHPHOOLBHAVI picture VEERESHPHOOLBHAVI on 3 Nov 2020
👍1

I am still blocked on the server us-west-2 in the android library.

dabitdev picture dabitdev on 3 Nov 2020

The rollback has just been completed - could you please verify now if it's working?

TrekSoft picture TrekSoft on 3 Nov 2020
👍1

Hi @TrekSoft I can confirm that my apps are back up on us-west-2. OP is the same team as me. Thank you for moving on this quickly.

ashishmodifi picture ashishmodifi on 3 Nov 2020
👍1

@TrekSoft , I got my app working too (us-west-2) android sdk.

dabitdev picture dabitdev on 3 Nov 2020
👍1

Great! Thanks for the quick response @TrekSoft, confirming apps pointing to us-west-2 are working now.

VEERESHPHOOLBHAVI picture VEERESHPHOOLBHAVI on 3 Nov 2020

The app is still not working on ap-northeast-2.....

duqrlpig picture duqrlpig on 4 Nov 2020

Apps are now working normally on ap-northeast-2. I checked it 2 hours ago and just now.

cchcch2 picture cchcch2 on 4 Nov 2020

Apps are now working normally on ap-northeast-2. I checked it 2 hours ago and just now.

Thank you.

duqrlpig picture duqrlpig on 4 Nov 2020

Thanks everyone - glad to hear it's resolved!

TrekSoft picture TrekSoft on 4 Nov 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

chorniyn picture chorniyn  路  3Comments
slomin picture slomin  路  4Comments
zgao67 picture zgao67  路  4Comments
osugikoji picture osugikoji  路  4Comments
logo17 picture logo17  路  3Comments