sdk layer metrics features

rakshil14-2 · rakshil14-2 · commit d4cd73c53951 · 2026-06-08T11:40:36.000-07:00
diff --git a/sdk/src/main/java/software/amazon/awssdk/iot/AwsIotMqtt5ClientBuilder.java b/sdk/src/main/java/software/amazon/awssdk/iot/AwsIotMqtt5ClientBuilder.java
@@ -37,6 +37,7 @@
 import software.amazon.awssdk.crt.mqtt5.TopicAliasingOptions;
 import software.amazon.awssdk.crt.utils.PackageInfo;
 import software.amazon.awssdk.crt.mqtt5.packets.UserProperty;
+import software.amazon.awssdk.crt.internal.IoTDeviceSDKMetrics;
 
 /**
  * Builders for making MQTT5 clients with different connection methods for AWS IoT Core.
@@ -50,6 +51,7 @@ public class AwsIotMqtt5ClientBuilder extends software.amazon.awssdk.crt.CrtReso
     private ConnectPacketBuilder configConnect;
     private TlsContextOptions configTls;
     private MqttConnectCustomAuthConfig configCustomAuth;
+    private CertificateSource certificateSource = null;
 
     private AwsIotMqtt5ClientBuilder(String hostName, Long port, TlsContextOptions tlsContext) {
         config = new Mqtt5ClientOptionsBuilder(hostName, port);
@@ -80,6 +82,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithMtlsFromPath(Stri
         if (TlsContextOptions.isAlpnSupported()) {
             builder.configTls.withAlpnList("x-amzn-mqtt-ca");
         }
+        builder.certificateSource = CertificateSource.CERTIFICATE_FILES;
         return builder;
     }
 
@@ -98,6 +101,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithMtlsFromMemory(St
         if (TlsContextOptions.isAlpnSupported()) {
             builder.configTls.withAlpnList("x-amzn-mqtt-ca");
         }
+        builder.certificateSource = CertificateSource.CERTIFICATE_FILES;
         return builder;
     }
 
@@ -117,6 +121,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithMtlsFromPkcs11(St
         if (TlsContextOptions.isAlpnSupported()) {
             builder.configTls.withAlpnList("x-amzn-mqtt-ca");
         }
+        builder.certificateSource = CertificateSource.PKCS11;
         return builder;
     }
 
@@ -136,6 +141,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMtlsCustomKeyOperationsBuilder(S
         if (TlsContextOptions.isAlpnSupported()) {
             builder.configTls.withAlpnList("x-amzn-mqtt-ca");
         }
+        builder.certificateSource = CertificateSource.CERTIFICATE_FILES;
         return builder;
     }
 
@@ -157,6 +163,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithMtlsFromWindowsCe
         if (TlsContextOptions.isAlpnSupported()) {
             builder.configTls.withAlpnList("x-amzn-mqtt-ca");
         }
+        builder.certificateSource = CertificateSource.WINDOWS_CERT_STORE;
         return builder;
     }
 
@@ -214,6 +221,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithMtlsFromPkcs12(St
         if (TlsContextOptions.isAlpnSupported()) {
             builder.configTls.withAlpnList("x-amzn-mqtt-ca");
         }
+        builder.certificateSource = CertificateSource.PKCS12_FILE;
         return builder;
     }
 
@@ -328,6 +336,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithJavaKeystore(
         if (TlsContextOptions.isAlpnSupported()) {
             builder.configTls.withAlpnList("x-amzn-mqtt-ca");
         }
+        builder.certificateSource = CertificateSource.JAVA_KEYSTORE;
         return builder;
     }
 
@@ -866,6 +875,10 @@ public Mqtt5Client build() {
 
         this.config.withConnectOptions(this.configConnect.build());
 
+        // Set SDK metrics for the CRT layer to embed in the CONNECT packet username
+        IoTDeviceSDKMetrics sdkMetrics = IoTSdkMetrics.buildSdkMetrics(this.certificateSource);
+        this.config.withMetrics(sdkMetrics);
+
         Mqtt5Client returnClient = new Mqtt5Client(this.config.build());
 
         // Keep a reference to the TLS configuration so any possible Websockets-related CrtResources are kept alive
diff --git a/sdk/src/main/java/software/amazon/awssdk/iot/AwsIotMqttConnectionBuilder.java b/sdk/src/main/java/software/amazon/awssdk/iot/AwsIotMqttConnectionBuilder.java
@@ -36,6 +36,7 @@
 import software.amazon.awssdk.crt.mqtt.MqttMessage;
 import software.amazon.awssdk.crt.mqtt.QualityOfService;
 import software.amazon.awssdk.crt.mqtt.WebsocketHandshakeTransformArgs;
+import software.amazon.awssdk.crt.internal.IoTDeviceSDKMetrics;
 
 /**
  * A central class for building Mqtt connections without manually managing a large variety of native objects (some
@@ -60,6 +61,7 @@ public final class AwsIotMqttConnectionBuilder extends CrtResource {
     private boolean resetLazilyCreatedResources = true;
     // Used to detect if we need to set the ALPN list for custom authorizer
     private boolean isUsingCustomAuthorizer = false;
+    private CertificateSource certificateSource = null;
 
     private void resetDefaultPort() {
         if (TlsContextOptions.isAlpnSupported()) {
@@ -106,7 +108,9 @@ protected void releaseNativeHandle() {}
      */
     public static AwsIotMqttConnectionBuilder newMtlsBuilderFromPath(String certPath, String privateKeyPath) {
         try (TlsContextOptions tlsContextOptions = TlsContextOptions.createWithMtlsFromPath(certPath, privateKeyPath)) {
-            return new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            AwsIotMqttConnectionBuilder builder = new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            builder.certificateSource = CertificateSource.CERTIFICATE_FILES;
+            return builder;
         }
     }
 
@@ -119,7 +123,9 @@ public static AwsIotMqttConnectionBuilder newMtlsBuilderFromPath(String certPath
      */
     public static AwsIotMqttConnectionBuilder newMtlsBuilder(String certificate, String privateKey) {
         try (TlsContextOptions tlsContextOptions = TlsContextOptions.createWithMtls(certificate, privateKey)) {
-            return new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            AwsIotMqttConnectionBuilder builder = new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            builder.certificateSource = CertificateSource.CERTIFICATE_FILES;
+            return builder;
         }
     }
 
@@ -146,7 +152,9 @@ public static AwsIotMqttConnectionBuilder newMtlsBuilder(byte[] certificate, byt
      */
     public static AwsIotMqttConnectionBuilder newMtlsPkcs11Builder(TlsContextPkcs11Options pkcs11Options) {
         try (TlsContextOptions tlsContextOptions = TlsContextOptions.createWithMtlsPkcs11(pkcs11Options)) {
-            return new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            AwsIotMqttConnectionBuilder builder = new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            builder.certificateSource = CertificateSource.PKCS11;
+            return builder;
         }
     }
 
@@ -158,7 +166,9 @@ public static AwsIotMqttConnectionBuilder newMtlsPkcs11Builder(TlsContextPkcs11O
      */
     public static AwsIotMqttConnectionBuilder newMtlsCustomKeyOperationsBuilder(TlsContextCustomKeyOperationOptions operationOptions) {
         try (TlsContextOptions tlsContextOptions = TlsContextOptions.createWithMtlsCustomKeyOperations(operationOptions)) {
-            return new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            AwsIotMqttConnectionBuilder builder = new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            builder.certificateSource = CertificateSource.CERTIFICATE_FILES;
+            return builder;
         }
     }
 
@@ -176,7 +186,9 @@ public static AwsIotMqttConnectionBuilder newMtlsCustomKeyOperationsBuilder(TlsC
     public static AwsIotMqttConnectionBuilder newMtlsWindowsCertStorePathBuilder(String certificatePath) {
         try (TlsContextOptions tlsContextOptions = TlsContextOptions
                 .createWithMtlsWindowsCertStorePath(certificatePath)) {
-            return new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            AwsIotMqttConnectionBuilder builder = new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            builder.certificateSource = CertificateSource.WINDOWS_CERT_STORE;
+            return builder;
         }
     }
 
@@ -195,7 +207,9 @@ public static AwsIotMqttConnectionBuilder newJavaKeystoreBuilder(
         java.security.KeyStore keyStore, String certificateAlias, String certificatePassword) throws CrtRuntimeException {
         try (TlsContextOptions tlsContextOptions = TlsContextOptions
                 .createWithMtlsJavaKeystore(keyStore, certificateAlias, certificatePassword)) {
-            return new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            AwsIotMqttConnectionBuilder builder = new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            builder.certificateSource = CertificateSource.JAVA_KEYSTORE;
+            return builder;
         }
     }
 
@@ -211,7 +225,9 @@ public static AwsIotMqttConnectionBuilder newJavaKeystoreBuilder(
     public static AwsIotMqttConnectionBuilder newMtlsPkcs12Builder(
             String pkcs12Path, String pkcs12Password) {
         try (TlsContextOptions tlsContextOptions = TlsContextOptions.createWithMtlsPkcs12(pkcs12Path, pkcs12Password)) {
-            return new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            AwsIotMqttConnectionBuilder builder = new AwsIotMqttConnectionBuilder(tlsContextOptions);
+            builder.certificateSource = CertificateSource.PKCS12_FILE;
+            return builder;
         }
     }
 
@@ -759,6 +775,10 @@ public MqttClientConnection build() {
 
         resetLazilyCreatedResources = false;
 
+        // Set SDK metrics for the CRT layer to embed in the CONNECT packet username
+        IoTDeviceSDKMetrics sdkMetrics = IoTSdkMetrics.buildSdkMetrics(this.certificateSource);
+        config.setMetrics(sdkMetrics);
+
         // Connection create
         try (MqttConnectionConfig connectionConfig = config.clone()) {
 
diff --git a/sdk/src/main/java/software/amazon/awssdk/iot/CertificateSource.java b/sdk/src/main/java/software/amazon/awssdk/iot/CertificateSource.java
@@ -0,0 +1,41 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+package software.amazon.awssdk.iot;
+
+/**
+ * Certificate source identifiers for metrics feature I.
+ * Each value corresponds to a specific authentication method used by MQTT connection.
+ * The single-character value is what gets encoded into the metrics string.
+ */
+public enum CertificateSource {
+    /** Client certificate and private key provided as file paths or in-memory bytes.*/
+    CERTIFICATE_FILES("A"),
+
+    /** Private key stored in a PKCS#11 compatible hardware security module. */
+    PKCS11("B"),
+
+    /** Certificate retrieved from the windows system certificate source. */
+    WINDOWS_CERT_STORE("C"),
+
+    /** Certificate and private key loaded from a Java keyStore. */
+    JAVA_KEYSTORE("D"),
+
+    /** Certificate and private key bundled in a PKCS#12 file. */
+    PKCS12_FILE("E");
+
+    private final String value;
+
+    CertificateSource(String value) {
+        this.value = value;
+    }
+
+    /**
+     * @return the single-character identifier encoded into the metrics string.
+     */
+    public String getValue() {
+        return value;
+    }
+}
diff --git a/sdk/src/main/java/software/amazon/awssdk/iot/IoTSdkMetrics.java b/sdk/src/main/java/software/amazon/awssdk/iot/IoTSdkMetrics.java
@@ -0,0 +1,78 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+package software.amazon.awssdk.iot;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import software.amazon.awssdk.crt.internal.IoTDeviceSDKMetrics;
+import software.amazon.awssdk.crt.internal.IoTMetricsMetadata;
+import software.amazon.awssdk.crt.internal.IoTMetricEncoder;
+
+/**
+ * Builds SDK-layer metrics for embedding in the MQTT CONNECT packet username field.
+ * Collects SDK-layer feature usage (e.g., CERTIFICATE_SOURCE) and packages it
+ * into an IoTDeviceSDKMetrics object for the CRT layer to merge with CRT features.
+ */
+public class IoTSdkMetrics {
+
+    private static final String CERTIFICATE_SOURCE = "I";
+
+    /**
+     * Returns the installed SDK version string.
+     */
+    private static String getSdkVersion(){
+        try{
+            Package pkg = IoTSdkMetrics.class.getPackage();
+            String version = pkg.getSpecificationVersion();
+            if(version == null){
+                version = pkg.getImplementationVersion();
+            }
+            if(version == null){
+                version = "dev";
+            }
+            return version;
+        }catch (Exception e){
+            return "dev";
+        }
+    }
+
+    /**
+     * Encodes SDK features into "ID/Value" format.
+     * @param certificateSource the certificate method in use or null if none
+     * @return encoded feature string (e.g., "I/A"), or empty string if no feature.
+     */
+    private static String encodedFeatureList(CertificateSource certificateSource){
+        if(certificateSource!=null){
+            return CERTIFICATE_SOURCE + "/" + certificateSource.getValue();
+        }
+        return "";
+    }
+
+    /**
+     * Builds an IoTDeviceSDKMetrics instance for CRT layer.
+     * Always include IoTSDKVersion. When a certificate source is provided,
+     * also includes IoTSDKFeature and IoTSDKMetricsVersion.
+     *
+     * @param certificateSource the certificate method used, or null for connections
+     *                           without client certs (websocket, custom auth)
+     * @return metrics object ready to pass to CRT via withMetrics() or setMetrics()
+     */
+    public static IoTDeviceSDKMetrics buildSdkMetrics(CertificateSource certificateSource) {
+        List<IoTMetricsMetadata> metadata = new ArrayList<>();
+
+        metadata.add(new IoTMetricsMetadata("IoTSDKVersion", getSdkVersion()));
+
+        String featureList = encodedFeatureList(certificateSource);
+        if (!featureList.isEmpty()) {
+            metadata.add(new IoTMetricsMetadata("IoTSDKFeature", featureList));
+            metadata.add(new IoTMetricsMetadata("IoTSDKMetricsVersion",
+            String.valueOf(IoTMetricEncoder.IOT_SDK_METRICS_FEATURE_VERSION)));
+        }
+        return new IoTDeviceSDKMetrics("IoTDeviceSDK/Java", metadata);
+    }
+
+}
diff --git a/sdk/tests/mqtt5/IoTSdkMetricsTest.java b/sdk/tests/mqtt5/IoTSdkMetricsTest.java

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@`
`37`	`37`	`import software.amazon.awssdk.crt.mqtt5.TopicAliasingOptions;`
`38`	`38`	`import software.amazon.awssdk.crt.utils.PackageInfo;`
`39`	`39`	`import software.amazon.awssdk.crt.mqtt5.packets.UserProperty;`
	`40`	`+import software.amazon.awssdk.crt.internal.IoTDeviceSDKMetrics;`
`40`	`41`
`41`	`42`	`/**`
`42`	`43`	`* Builders for making MQTT5 clients with different connection methods for AWS IoT Core.`
`@@ -50,6 +51,7 @@ public class AwsIotMqtt5ClientBuilder extends software.amazon.awssdk.crt.CrtReso`
`50`	`51`	`private ConnectPacketBuilder configConnect;`
`51`	`52`	`private TlsContextOptions configTls;`
`52`	`53`	`private MqttConnectCustomAuthConfig configCustomAuth;`
	`54`	`+ private CertificateSource certificateSource = null;`
`53`	`55`
`54`	`56`	`private AwsIotMqtt5ClientBuilder(String hostName, Long port, TlsContextOptions tlsContext) {`
`55`	`57`	`config = new Mqtt5ClientOptionsBuilder(hostName, port);`
`@@ -80,6 +82,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithMtlsFromPath(Stri`
`80`	`82`	`if (TlsContextOptions.isAlpnSupported()) {`
`81`	`83`	`builder.configTls.withAlpnList("x-amzn-mqtt-ca");`
`82`	`84`	`}`
	`85`	`+ builder.certificateSource = CertificateSource.CERTIFICATE_FILES;`
`83`	`86`	`return builder;`
`84`	`87`	`}`
`85`	`88`
`@@ -98,6 +101,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithMtlsFromMemory(St`
`98`	`101`	`if (TlsContextOptions.isAlpnSupported()) {`
`99`	`102`	`builder.configTls.withAlpnList("x-amzn-mqtt-ca");`
`100`	`103`	`}`
	`104`	`+ builder.certificateSource = CertificateSource.CERTIFICATE_FILES;`
`101`	`105`	`return builder;`
`102`	`106`	`}`
`103`	`107`
`@@ -117,6 +121,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithMtlsFromPkcs11(St`
`117`	`121`	`if (TlsContextOptions.isAlpnSupported()) {`
`118`	`122`	`builder.configTls.withAlpnList("x-amzn-mqtt-ca");`
`119`	`123`	`}`
	`124`	`+ builder.certificateSource = CertificateSource.PKCS11;`
`120`	`125`	`return builder;`
`121`	`126`	`}`
`122`	`127`
`@@ -136,6 +141,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMtlsCustomKeyOperationsBuilder(S`
`136`	`141`	`if (TlsContextOptions.isAlpnSupported()) {`
`137`	`142`	`builder.configTls.withAlpnList("x-amzn-mqtt-ca");`
`138`	`143`	`}`
	`144`	`+ builder.certificateSource = CertificateSource.CERTIFICATE_FILES;`
`139`	`145`	`return builder;`
`140`	`146`	`}`
`141`	`147`
`@@ -157,6 +163,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithMtlsFromWindowsCe`
`157`	`163`	`if (TlsContextOptions.isAlpnSupported()) {`
`158`	`164`	`builder.configTls.withAlpnList("x-amzn-mqtt-ca");`
`159`	`165`	`}`
	`166`	`+ builder.certificateSource = CertificateSource.WINDOWS_CERT_STORE;`
`160`	`167`	`return builder;`
`161`	`168`	`}`
`162`	`169`
`@@ -214,6 +221,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithMtlsFromPkcs12(St`
`214`	`221`	`if (TlsContextOptions.isAlpnSupported()) {`
`215`	`222`	`builder.configTls.withAlpnList("x-amzn-mqtt-ca");`
`216`	`223`	`}`
	`224`	`+ builder.certificateSource = CertificateSource.PKCS12_FILE;`
`217`	`225`	`return builder;`
`218`	`226`	`}`
`219`	`227`
`@@ -328,6 +336,7 @@ public static AwsIotMqtt5ClientBuilder newDirectMqttBuilderWithJavaKeystore(`
`328`	`336`	`if (TlsContextOptions.isAlpnSupported()) {`
`329`	`337`	`builder.configTls.withAlpnList("x-amzn-mqtt-ca");`
`330`	`338`	`}`
	`339`	`+ builder.certificateSource = CertificateSource.JAVA_KEYSTORE;`
`331`	`340`	`return builder;`
`332`	`341`	`}`
`333`	`342`
`@@ -866,6 +875,10 @@ public Mqtt5Client build() {`
`866`	`875`
`867`	`876`	`this.config.withConnectOptions(this.configConnect.build());`
`868`	`877`
	`878`	`+ // Set SDK metrics for the CRT layer to embed in the CONNECT packet username`
	`879`	`+ IoTDeviceSDKMetrics sdkMetrics = IoTSdkMetrics.buildSdkMetrics(this.certificateSource);`
	`880`	`+ this.config.withMetrics(sdkMetrics);`
	`881`	`+`
`869`	`882`	`Mqtt5Client returnClient = new Mqtt5Client(this.config.build());`
`870`	`883`
`871`	`884`	`// Keep a reference to the TLS configuration so any possible Websockets-related CrtResources are kept alive`