2 files changed, 204 insertions, 0 deletions
diff --git a/tools/generate_certificate.sh b/tools/generate_certificate.sh
new file mode 100755
index 0000000..08bfd28
--- /dev/null
+++ b/tools/generate_certificate.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+# generate_certificate.sh — Create a self-signed X.509 certificate for
+# open62541 OPC UA applications.  Outputs DER-encoded certificate and
+# private-key files suitable for the demo programs in this project.
+
+set -euo pipefail
+
+if [ $# -lt 2 ] || [ $# -gt 3 ]; then
+  echo "Usage: generate_certificate.sh <certs_dir> <name> [uri]" >&2
+  exit 1
+fi
+
+certs_dir="$1"
+name="$2"
+cn="${name}@localhost"
+uri="${3:-urn:bobink.${name}}"
+
+mkdir -p "$certs_dir"
+
+cnf="$certs_dir/${name}.cnf"
+cat >"$cnf" <<EOF
+[req]
+distinguished_name = req_dn
+x509_extensions = v3_ext
+prompt = no
+
+[req_dn]
+C  = FR
+O  = Bobink
+CN = ${cn}
+
+[v3_ext]
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment, nonRepudiation, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = DNS:localhost, URI:${uri}
+EOF
+
+openssl req -x509 -newkey rsa:2048 -nodes -sha256 \
+  -days 365 \
+  -config "$cnf" \
+  -keyout "$certs_dir/${name}_key.pem" \
+  -out "$certs_dir/${name}_cert.pem" \
+  2>/dev/null
+
+openssl x509 -in "$certs_dir/${name}_cert.pem" -outform der \
+  -out "$certs_dir/${name}_cert.der"
+openssl rsa -in "$certs_dir/${name}_key.pem" -outform der \
+  -out "$certs_dir/${name}_key.der" 2>/dev/null
+
+rm -f "$certs_dir/${name}_cert.pem" "$certs_dir/${name}_key.pem" "$cnf"
+
+echo "Generated certificate '$name' (CN=$cn, URI=$uri):"
+echo "  $certs_dir/${name}_cert.der"
+echo "  $certs_dir/${name}_key.der"
+echo "  $certs_dir/${name}_key.der"
diff --git a/tools/launch.sh b/tools/launch.sh
new file mode 100755
index 0000000..7691baf
--- /dev/null
+++ b/tools/launch.sh
@@ -0,0 +1,148 @@
+#!/bin/bash
+# launch.sh — Generate certificates and launch N RegisterServers + 1 LDS.
+#
+# Usage: tools/launch.sh [N] [extra_cert1.der ...]
+#   N             Number of RegisterServer instances to launch (default: 1).
+#   extra certs   Additional certificates to add to the LDS and every
+#                 RegisterServer trustlist (e.g. external client certs).
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
+BUILD_DIR="$PROJECT_DIR/build"
+CERTS_DIR="$PROJECT_DIR/certs"
+GEN_CERT="$SCRIPT_DIR/generate_certificate.sh"
+
+N="${1:-1}"
+
+if ! [[ "$N" =~ ^[1-9][0-9]*$ ]]; then
+  echo "Usage: $0 [N] [extra_cert1.der ...]" >&2
+  echo "  N = number of RegisterServers (default 1)" >&2
+  exit 1
+fi
+
+shift || true
+EXTRA_TRUST=("$@")
+
+LDS_PORT=4840
+BASE_REGISTER_PORT=4841
+
+# ------------------------------------------------------------------
+# Certificate generation (only creates missing ones)
+# ------------------------------------------------------------------
+
+generate_if_missing() {
+  local name="$1"
+  local uri="${2:-}"
+  if [ ! -f "$CERTS_DIR/${name}_cert.der" ] ||
+    [ ! -f "$CERTS_DIR/${name}_key.der" ]; then
+    "$GEN_CERT" "$CERTS_DIR" "$name" ${uri:+"$uri"}
+  fi
+}
+
+generate_if_missing "ServerLDS"
+generate_if_missing "ClientFindServers"
+
+for i in $(seq 1 "$N"); do
+  generate_if_missing "ServerRegister${i}"
+  # The client cert must carry the server's ApplicationUri so the LDS
+  # can verify the certificate against the ApplicationDescription.
+  generate_if_missing "ServerRegisterClient${i}" "urn:bobink.ServerRegister${i}"
+done
+
+# ------------------------------------------------------------------
+# Cleanup on exit
+# ------------------------------------------------------------------
+
+pids=()
+
+cleanup() {
+  echo ""
+  echo "Stopping all servers..."
+  for pid in "${pids[@]}"; do
+    kill "$pid" 2>/dev/null || true
+  done
+  wait 2>/dev/null
+  echo "All servers stopped."
+}
+
+trap cleanup EXIT INT TERM
+
+# ------------------------------------------------------------------
+# Launch LDS
+# ------------------------------------------------------------------
+
+# LDS trustlist: every RegisterServer client cert + the FindServers client cert.
+lds_trustlist=()
+for i in $(seq 1 "$N"); do
+  lds_trustlist+=("$CERTS_DIR/ServerRegisterClient${i}_cert.der")
+done
+lds_trustlist+=("$CERTS_DIR/ClientFindServers_cert.der")
+lds_trustlist+=(${EXTRA_TRUST[@]+"${EXTRA_TRUST[@]}"})
+
+echo "Starting LDS on port $LDS_PORT..."
+"$BUILD_DIR/ServerLDS" \
+  "$LDS_PORT" \
+  "urn:bobink.ServerLDS" \
+  "$CERTS_DIR/ServerLDS_cert.der" \
+  "$CERTS_DIR/ServerLDS_key.der" \
+  60 \
+  "${lds_trustlist[@]}" &
+pids+=($!)
+sleep 1
+
+# ------------------------------------------------------------------
+# Launch RegisterServers
+# ------------------------------------------------------------------
+
+for i in $(seq 1 "$N"); do
+  port=$((BASE_REGISTER_PORT + i - 1))
+
+  echo "Starting ServerRegister${i} on port $port..."
+  "$BUILD_DIR/ServerRegister" \
+    "$port" \
+    "urn:bobink.ServerRegister${i}" \
+    "$CERTS_DIR/ServerRegister${i}_cert.der" \
+    "$CERTS_DIR/ServerRegister${i}_key.der" \
+    "$CERTS_DIR/ServerRegisterClient${i}_cert.der" \
+    "$CERTS_DIR/ServerRegisterClient${i}_key.der" \
+    "opc.tcp://localhost:$LDS_PORT" \
+    10 \
+    SignAndEncrypt Aes128_Sha256_RsaOaep \
+    "$CERTS_DIR/ServerLDS_cert.der" \
+    "$CERTS_DIR/ClientFindServers_cert.der" \
+    ${EXTRA_TRUST[@]+"${EXTRA_TRUST[@]}"} &
+  pids+=($!)
+  sleep 0.5
+done
+
+# ------------------------------------------------------------------
+# Summary
+# ------------------------------------------------------------------
+
+echo ""
+echo "=== All servers running ==="
+echo "  LDS:              port $LDS_PORT"
+for i in $(seq 1 "$N"); do
+  port=$((BASE_REGISTER_PORT + i - 1))
+  echo "  ServerRegister${i}:  port $port"
+done
+
+# Build the client command hint with the correct trustlist.
+client_trust="certs/ServerLDS_cert.der"
+for i in $(seq 1 "$N"); do
+  client_trust="$client_trust certs/ServerRegister${i}_cert.der"
+done
+
+echo ""
+echo "Run the client with:"
+echo "  build/ClientFindServers \"opc.tcp://localhost:$LDS_PORT\" \\"
+echo "    \"urn:bobink.ClientFindServers\" \\"
+echo "    certs/ClientFindServers_cert.der certs/ClientFindServers_key.der \\"
+echo "    SignAndEncrypt Aes128_Sha256_RsaOaep \\"
+echo "    $client_trust"
+echo ""
+echo "Press Ctrl+C to stop all servers."
+
+wait