update error print for DDTestRun, remove ca_file

xiazhvera · xiazhvera · commit d61186727434 · 2025-09-24T09:35:53.000-07:00
diff --git a/devicedefender/script/DDTestRun.py b/devicedefender/script/DDTestRun.py
@@ -242,7 +242,7 @@ def delete_thing_with_certi(thingName, certiId, certiArn):
     arguments = [exe_path, "--endpoint", endpoint_response, "--cert",
                  certificate_path, "--key", key_path, "--thing_name", thing_name, "--count", "2"]
     result = subprocess.run(arguments, timeout=60*2, check=True)
-    print("[Device Defender]Info: Sample finished running.")
+    print(f"[Device Defender]Info: Sample finished running, with result {result.returncode}")
 
     # There does not appear to be any way to get the metrics from the device - so we'll assume that if it didn't return -1, then it worked
 
@@ -264,7 +264,7 @@ def delete_thing_with_certi(thingName, certiId, certiArn):
     if client_made_policy:
         client.delete_policy(policyName=thing_name + "_policy")
 
-    print("[Device Defender]Error: Failed to test: Basic Report")
+    print(f"[Device Defender]Error: Failed to test: Basic Report {e}")
     exit(-1)
 
 print("[Device Defender]Info: Basic Report sample test passed")
diff --git a/samples/README.md b/samples/README.md
@@ -118,7 +118,6 @@ required arguments:
   --key         Path to the private key file to use during mTLS connection establishment
 optional arguments:
   --client_id   Client ID (default: mqtt5-sample-<uuid>)
-  --ca_file     Path to optional CA bundle (PEM)
   --topic       Topic (default: test/topic)
   --message     Message payload (default: Hello from mqtt5 sample)
   --count       Messages to publish (0 = infinite) (default: 5)
diff --git a/samples/greengrass/basic_discovery/main.cpp b/samples/greengrass/basic_discovery/main.cpp
@@ -23,7 +23,6 @@ struct CmdArgs
     String endpoint;
     String cert;
     String key;
-    String caFile;
     String thingName;
     String topic = "test/topic";
     String message;
@@ -157,7 +156,6 @@ void printHelp()
     printf("  --thing_name  Thing name\n");
     printf("optional arguments:\n");
     printf("  --client_id   Client ID (default: test-<uuid>)\n");
-    printf("  --ca_file     Path to optional CA bundle (PEM)\n");
     printf("  --topic       Topic (default: test/topic)\n");
     printf("  --message     Message to publish\n");
     printf("  --mode        Mode: publish, subscribe, both (default: both)\n");
@@ -191,10 +189,7 @@ CmdArgs parseArgs(int argc, char *argv[])
             {
                 args.thingName = argv[++i];
             }
-            else if (strcmp(argv[i], "--ca_file") == 0)
-            {
-                args.caFile = argv[++i];
-            }
+
             else if (strcmp(argv[i], "--topic") == 0)
             {
                 args.topic = argv[++i];
@@ -260,11 +255,6 @@ int main(int argc, char *argv[])
         exit(-1);
     }
 
-    if (!cmdData.caFile.empty())
-    {
-        tlsCtxOptions.OverrideDefaultTrustStore(nullptr, cmdData.caFile.c_str());
-    }
-
     Io::TlsContext tlsCtx(tlsCtxOptions, Io::TlsMode::CLIENT);
 
     if (!tlsCtx)
diff --git a/samples/mqtt/mqtt5_aws_websocket/README.md b/samples/mqtt/mqtt5_aws_websocket/README.md
@@ -104,7 +104,6 @@ required arguments:
 
 optional arguments:
   --client_id        Client ID (default: mqtt5-sample-<uuid>)
-  --ca_file          Path to optional CA bundle (PEM)
   --topic            Topic (default: test/topic)
   --message          Message payload (default: Hello from mqtt5 sample)
   --count            Messages to publish (0 = infinite) (default: 5)
diff --git a/samples/mqtt/mqtt5_aws_websocket/main.cpp b/samples/mqtt/mqtt5_aws_websocket/main.cpp
@@ -18,7 +18,6 @@ struct CmdArgs
     String endpoint;
     String signingRegion;
     String clientId;
-    String caFile;
     String topic = "test/topic";
     String message = "Hello from mqtt5 sample";
     uint32_t count = 5;
@@ -37,7 +36,6 @@ void printHelp()
     printf("\n");
     printf("optional arguments:\n");
     printf("  --client_id        Client ID (default: mqtt5-sample-<uuid>)\n");
-    printf("  --ca_file          Path to optional CA bundle (PEM)\n");
     printf("  --topic            Topic (default: test/topic)\n");
     printf("  --message          Message payload (default: Hello from mqtt5 sample)\n");
     printf("  --count            Messages to publish (0 = infinite) (default: 5)\n");
@@ -63,10 +61,7 @@ CmdArgs parseArgs(int argc, char *argv[])
             {
                 args.signingRegion = argv[++i];
             }
-            else if (strcmp(argv[i], "--ca_file") == 0)
-            {
-                args.caFile = argv[++i];
-            }
+
             else if (strcmp(argv[i], "--client_id") == 0)
             {
                 args.clientId = argv[++i];
@@ -151,12 +146,6 @@ int main(int argc, char *argv[])
         exit(1);
     }
 
-    // Setup CA file if provided
-    if (!cmdData.caFile.empty())
-    {
-        builder->WithCertificateAuthority(cmdData.caFile.c_str());
-    }
-
     // Setup connection options
     std::shared_ptr<Mqtt5::ConnectPacket> connectOptions =
         Aws::Crt::MakeShared<Mqtt5::ConnectPacket>(Aws::Crt::DefaultAllocatorImplementation());
diff --git a/samples/mqtt/mqtt5_pkcs11/README.md b/samples/mqtt/mqtt5_pkcs11/README.md
@@ -116,7 +116,6 @@ optional arguments:
   --token_label   Label of the PKCS#11 token to use (optional). (default: None)
   --slot_id       Slot ID containing the PKCS#11 token to use (optional). (default: None)
   --key_label     Label of private key on the PKCS#11 token (optional). (default: None)
-  --ca_file       Path to optional CA bundle (PEM) (default: None)
   --topic         Topic (default: test/topic)
   --message       Message payload (default: Hello from mqtt5 sample)
   --count         Messages to publish (0 = infinite) (default: 5)
@@ -176,8 +175,7 @@ The steps to use [SoftHSM2](https://www.opendnssec.org/softhsm/) as the PKCS#11
 6. Now you can run the sample with the following:
 
     ```sh
-    # For Windows: replace 'python3' with 'python' and '/' with '\'
-    python3 mqtt5_pkcs11_connect.py --endpoint <endpoint> --ca_file <path to root CA> --cert <path to certificate> --pkcs11_lib <path to PKCS11 lib> --pin <user-pin> --token_label <token-label> --key_label <key-label>
+    ./mqtt5_pkcs11 --endpoint <endpoint> --cert <path to certificate> --pkcs11_lib <path to PKCS11 lib> --pin <user-pin> --token_label <token-label> --key_label <key-label>
     ```
   
 ## Additional Information
diff --git a/samples/mqtt/mqtt5_pkcs11/main.cpp b/samples/mqtt/mqtt5_pkcs11/main.cpp
@@ -22,7 +22,6 @@ struct CmdArgs
     String pkcs11TokenLabel;
     String pkcs11KeyLabel;
     String clientId;
-    String caFile;
     String topic = "test/topic";
     String message = "Hello from mqtt5 sample";
     uint32_t port = 8883;
@@ -50,7 +49,6 @@ void printHelp()
     printf("  --token_label      Label of the PKCS#11 token to use\n");
     printf("  --slot_id          Slot ID containing the PKCS#11 token to use\n");
     printf("  --key_label        Label of private key on the PKCS#11 token\n");
-    printf("  --ca_file          Path to optional CA bundle (PEM)\n");
     printf("  --topic            Topic (default: test/topic)\n");
     printf("  --message          Message payload (default: Hello from mqtt5 sample)\n");
     printf("  --count            Messages to publish (0 = infinite) (default: 5)\n");
@@ -98,10 +96,7 @@ CmdArgs parseArgs(int argc, char *argv[])
             {
                 args.pkcs11KeyLabel = argv[++i];
             }
-            else if (strcmp(argv[i], "--ca_file") == 0)
-            {
-                args.caFile = argv[++i];
-            }
+
             else if (strcmp(argv[i], "--client_id") == 0)
             {
                 args.clientId = argv[++i];
@@ -210,12 +205,6 @@ int main(int argc, char *argv[])
 
     // Setup port if not default
     builder->WithPort(cmdData.port);
-    
-    // Setup CA file if provided
-    if (!cmdData.caFile.empty())
-    {
-        builder->WithCertificateAuthority(cmdData.caFile.c_str());
-    }
 
     // Setup connection options
     std::shared_ptr<Mqtt5::ConnectPacket> connectOptions =
diff --git a/samples/mqtt/mqtt5_x509/README.md b/samples/mqtt/mqtt5_x509/README.md
@@ -101,7 +101,6 @@ required arguments:
   --key         Path to the private key file to use during mTLS connection establishment
 optional arguments:
   --client_id   Client ID (default: mqtt5-sample-<uuid>)
-  --ca_file     Path to optional CA bundle (PEM)
   --topic       Topic (default: test/topic)
   --message     Message payload (default: Hello from mqtt5 sample)
   --count       Messages to publish (0 = infinite) (default: 5)
diff --git a/samples/mqtt/mqtt5_x509/main.cpp b/samples/mqtt/mqtt5_x509/main.cpp
@@ -18,7 +18,6 @@ struct CmdArgs
     String cert;
     String key;
     String clientId;
-    String caFile;
     String topic = "test/topic";
     String message = "Hello from mqtt5 sample";
     uint32_t count = 5;
@@ -37,7 +36,6 @@ void printHelp()
         "  --key         Path to the private key file to use during mTLS connection establishment\n");
     printf("optional arguments:\n");
     printf("  --client_id   Client ID (default: mqtt5-sample-<uuid>)\n");
-    printf("  --ca_file     Path to optional CA bundle (PEM)\n");
     printf("  --topic       Topic (default: test/topic)\n");
     printf("  --message     Message payload (default: Hello from mqtt5 sample)\n");
     printf("  --count       Messages to publish (0 = infinite) (default: 5)\n");
@@ -67,10 +65,7 @@ CmdArgs parseArgs(int argc, char *argv[])
             {
                 args.key = argv[++i];
             }
-            else if (strcmp(argv[i], "--ca_file") == 0)
-            {
-                args.caFile = argv[++i];
-            }
+
             else if (strcmp(argv[i], "--client_id") == 0)
             {
                 args.clientId = argv[++i];
@@ -143,12 +138,6 @@ int main(int argc, char *argv[])
         exit(1);
     }
 
-    // Setup CA file if provided
-    if (!cmdData.caFile.empty())
-    {
-        builder->WithCertificateAuthority(cmdData.caFile.c_str());
-    }
-
     // Setup connection options
     std::shared_ptr<Mqtt5::ConnectPacket> connectOptions =
         Aws::Crt::MakeShared<Mqtt5::ConnectPacket>(Aws::Crt::DefaultAllocatorImplementation());
diff --git a/samples/others/device_defender/mqtt5_basic_report/README.md b/samples/others/device_defender/mqtt5_basic_report/README.md
@@ -66,13 +66,7 @@ This sample expects and requires the following custom metrics:
 To run the Device Defender sample, use the following command:
 
 ``` sh
-./mqtt5-basic-report --endpoint <endpoint> --cert <path to the certificate> --key <path to the private key> --thing_name <thing name> --ca_file <path to root CA>
-```
-
-You can also pass a Certificate Authority file (CA) if your certificate and key combination requires it:
-
-``` sh
-./mqtt5-basic-report --endpoint <endpoint> --cert <path to the certificate> --key <path to the private key> --thing_name <thing name> --ca_file <path to root CA>
+./mqtt5-basic-report --endpoint <endpoint> --cert <path to the certificate> --key <path to the private key> --thing_name <thing name>
 ```
 
 ### Device Defender Data Requirements
diff --git a/samples/others/device_defender/mqtt5_basic_report/main.cpp b/samples/others/device_defender/mqtt5_basic_report/main.cpp
@@ -63,7 +63,6 @@ struct CmdArgs
     String cert;
     String key;
     String clientId;
-    String caFile;
     String thingName = "TestThing";
     String proxyHost;
     uint32_t port = 0;
@@ -83,7 +82,6 @@ void printHelp()
     printf("  --key         Path to the private key file\n");
     printf("optional arguments:\n");
     printf("  --client_id   Client ID (default: test-<uuid>)\n");
-    printf("  --ca_file     Path to optional CA bundle (PEM)\n");
     printf("  --thing_name  Thing name (default: TestThing)\n");
     printf("  --proxy_host  HTTP proxy host\n");
     printf("  --proxy_port  HTTP proxy port (default: 8080)\n");
@@ -120,10 +118,7 @@ CmdArgs parseArgs(int argc, char *argv[])
             {
                 args.clientId = argv[++i];
             }
-            else if (strcmp(argv[i], "--ca_file") == 0)
-            {
-                args.caFile = argv[++i];
-            }
+
             else if (strcmp(argv[i], "--thing_name") == 0)
             {
                 args.thingName = argv[++i];
@@ -194,10 +189,6 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    if (!cmdData.caFile.empty())
-    {
-        clientConfigBuilder->WithCertificateAuthority(cmdData.caFile.c_str());
-    }
     if (!cmdData.proxyHost.empty())
     {
         Aws::Crt::Http::HttpClientConnectionProxyOptions proxyOptions;
diff --git a/samples/others/secure_tunneling/secure_tunnel/main.cpp b/samples/others/secure_tunneling/secure_tunnel/main.cpp
@@ -152,7 +152,6 @@ int main(int argc, char *argv[])
     {
         String accessToken;
         String endpoint;
-        String caFile;
         String clientToken;
         String localProxyModeSource = "destination";
         String proxyHost;
@@ -171,7 +170,6 @@ int main(int argc, char *argv[])
         printf("  --access_token    Access token for secure tunnel\n");
         printf("  --endpoint        Secure tunnel endpoint\n");
         printf("optional arguments:\n");
-        printf("  --ca_file         Path to optional CA bundle (PEM)\n");
         printf("  --client_token    Client token\n");
         printf("  --local_proxy_mode_source  Local proxy mode (default: destination)\n");
         printf("  --proxy_host      HTTP proxy host\n");
@@ -201,10 +199,7 @@ int main(int argc, char *argv[])
                 {
                     args.endpoint = argv[++i];
                 }
-                else if (strcmp(argv[i], "--ca_file") == 0)
-                {
-                    args.caFile = argv[++i];
-                }
+
                 else if (strcmp(argv[i], "--client_token") == 0)
                 {
                     args.clientToken = argv[++i];
@@ -279,11 +274,6 @@ int main(int argc, char *argv[])
     SecureTunnelBuilder builder = SecureTunnelBuilder(
         allocator, cmdData.accessToken.c_str(), localProxyMode, cmdData.endpoint.c_str());
 
-    if (!cmdData.caFile.empty())
-    {
-        builder.WithRootCa(cmdData.caFile.c_str());
-    }
-
     /* Proxy Options */
     if (!cmdData.proxyHost.empty())
     {
diff --git a/samples/others/secure_tunneling/tunnel_notification/main.cpp b/samples/others/secure_tunneling/tunnel_notification/main.cpp
@@ -37,7 +37,6 @@ int main(int argc, char *argv[])
         String cert;
         String key;
         String clientId;
-        String caFile;
         String thingName;
     };
 
@@ -52,7 +51,6 @@ int main(int argc, char *argv[])
         printf("  --thing_name  Thing name\n");
         printf("optional arguments:\n");
         printf("  --client_id   Client ID (default: test-<uuid>)\n");
-        printf("  --ca_file     Path to optional CA bundle (PEM)\n");
     };
 
     auto parseArgs = [&](int argc, char *argv[]) -> CmdArgs {
@@ -86,10 +84,7 @@ int main(int argc, char *argv[])
                 {
                     args.clientId = argv[++i];
                 }
-                else if (strcmp(argv[i], "--ca_file") == 0)
-                {
-                    args.caFile = argv[++i];
-                }
+
                 else
                 {
                     fprintf(stderr, "Unknown argument: %s\n", argv[i]);
@@ -117,10 +112,6 @@ int main(int argc, char *argv[])
     auto clientConfigBuilder =
         Aws::Iot::MqttClientConnectionConfigBuilder(cmdData.cert.c_str(), cmdData.key.c_str());
     clientConfigBuilder.WithEndpoint(cmdData.endpoint);
-    if (!cmdData.caFile.empty())
-    {
-        clientConfigBuilder.WithCertificateAuthority(cmdData.caFile.c_str());
-    }
 
     // Create the MQTT connection from the MQTT builder
     auto clientConfig = clientConfigBuilder.Build();
diff --git a/samples/service_clients/commands/commands-sandbox/main.cpp b/samples/service_clients/commands/commands-sandbox/main.cpp
@@ -192,7 +192,6 @@ struct CmdArgs
     Aws::Crt::String cert;
     Aws::Crt::String key;
     Aws::Crt::String clientId;
-    Aws::Crt::String caFile;
     Aws::Crt::String thingName;
 };
 
@@ -208,7 +207,6 @@ void printHelp()
     printf("  --thing_name  Thing name\n");
     printf("optional arguments:\n");
     printf("  --client_id   Client ID (default: test-<uuid>)\n");
-    printf("  --ca_file     Path to optional CA bundle (PEM)\n");
 }
 
 CmdArgs parseArgs(int argc, char *argv[])
@@ -243,10 +241,7 @@ CmdArgs parseArgs(int argc, char *argv[])
             {
                 args.clientId = argv[++i];
             }
-            else if (strcmp(argv[i], "--ca_file") == 0)
-            {
-                args.caFile = argv[++i];
-            }
+
             else
             {
                 fprintf(stderr, "Unknown argument: %s\n", argv[i]);
@@ -297,12 +292,6 @@ int main(int argc, char *argv[])
         Aws::Crt::MakeShared<Aws::Crt::Mqtt5::ConnectPacket>(Aws::Crt::DefaultAllocatorImplementation());
     connectPacket->WithClientId(cmdData.clientId);
 
-    // Setup CA file if provided
-    if (!cmdData.caFile.empty())
-    {
-        builder->WithCertificateAuthority(cmdData.caFile.c_str());
-    }
-
     builder->WithConnectOptions(connectPacket);
 
     std::promise<bool> connectedWaiter;
diff --git a/samples/service_clients/fleet_provisioning/provision-basic/main.cpp b/samples/service_clients/fleet_provisioning/provision-basic/main.cpp
diff --git a/samples/service_clients/fleet_provisioning/provision-csr/main.cpp b/samples/service_clients/fleet_provisioning/provision-csr/main.cpp
diff --git a/samples/service_clients/jobs/jobs-sandbox/main.cpp b/samples/service_clients/jobs/jobs-sandbox/main.cpp
diff --git a/samples/service_clients/shadow/shadow-sandbox/main.cpp b/samples/service_clients/shadow/shadow-sandbox/main.cpp
