diff options
Diffstat (limited to 'tools')
| -rwxr-xr-x | tools/generate_certificate.sh | 56 | ||||
| -rwxr-xr-x | tools/launch.sh | 148 |
2 files changed, 204 insertions, 0 deletions
diff --git a/tools/generate_certificate.sh b/tools/generate_certificate.sh new file mode 100755 index 0000000..08bfd28 --- /dev/null +++ b/tools/generate_certificate.sh @@ -0,0 +1,56 @@ +#!/bin/bash +# generate_certificate.sh — Create a self-signed X.509 certificate for +# open62541 OPC UA applications. Outputs DER-encoded certificate and +# private-key files suitable for the demo programs in this project. + +set -euo pipefail + +if [ $# -lt 2 ] || [ $# -gt 3 ]; then + echo "Usage: generate_certificate.sh <certs_dir> <name> [uri]" >&2 + exit 1 +fi + +certs_dir="$1" +name="$2" +cn="${name}@localhost" +uri="${3:-urn:bobink.${name}}" + +mkdir -p "$certs_dir" + +cnf="$certs_dir/${name}.cnf" +cat >"$cnf" <<EOF +[req] +distinguished_name = req_dn +x509_extensions = v3_ext +prompt = no + +[req_dn] +C = FR +O = Bobink +CN = ${cn} + +[v3_ext] +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment, nonRepudiation, dataEncipherment +extendedKeyUsage = serverAuth, clientAuth +subjectAltName = DNS:localhost, URI:${uri} +EOF + +openssl req -x509 -newkey rsa:2048 -nodes -sha256 \ + -days 365 \ + -config "$cnf" \ + -keyout "$certs_dir/${name}_key.pem" \ + -out "$certs_dir/${name}_cert.pem" \ + 2>/dev/null + +openssl x509 -in "$certs_dir/${name}_cert.pem" -outform der \ + -out "$certs_dir/${name}_cert.der" +openssl rsa -in "$certs_dir/${name}_key.pem" -outform der \ + -out "$certs_dir/${name}_key.der" 2>/dev/null + +rm -f "$certs_dir/${name}_cert.pem" "$certs_dir/${name}_key.pem" "$cnf" + +echo "Generated certificate '$name' (CN=$cn, URI=$uri):" +echo " $certs_dir/${name}_cert.der" +echo " $certs_dir/${name}_key.der" +echo " $certs_dir/${name}_key.der" diff --git a/tools/launch.sh b/tools/launch.sh new file mode 100755 index 0000000..7691baf --- /dev/null +++ b/tools/launch.sh @@ -0,0 +1,148 @@ +#!/bin/bash +# launch.sh — Generate certificates and launch N RegisterServers + 1 LDS. +# +# Usage: tools/launch.sh [N] [extra_cert1.der ...] +# N Number of RegisterServer instances to launch (default: 1). +# extra certs Additional certificates to add to the LDS and every +# RegisterServer trustlist (e.g. external client certs). + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" +PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" +BUILD_DIR="$PROJECT_DIR/build" +CERTS_DIR="$PROJECT_DIR/certs" +GEN_CERT="$SCRIPT_DIR/generate_certificate.sh" + +N="${1:-1}" + +if ! [[ "$N" =~ ^[1-9][0-9]*$ ]]; then + echo "Usage: $0 [N] [extra_cert1.der ...]" >&2 + echo " N = number of RegisterServers (default 1)" >&2 + exit 1 +fi + +shift || true +EXTRA_TRUST=("$@") + +LDS_PORT=4840 +BASE_REGISTER_PORT=4841 + +# ------------------------------------------------------------------ +# Certificate generation (only creates missing ones) +# ------------------------------------------------------------------ + +generate_if_missing() { + local name="$1" + local uri="${2:-}" + if [ ! -f "$CERTS_DIR/${name}_cert.der" ] || + [ ! -f "$CERTS_DIR/${name}_key.der" ]; then + "$GEN_CERT" "$CERTS_DIR" "$name" ${uri:+"$uri"} + fi +} + +generate_if_missing "ServerLDS" +generate_if_missing "ClientFindServers" + +for i in $(seq 1 "$N"); do + generate_if_missing "ServerRegister${i}" + # The client cert must carry the server's ApplicationUri so the LDS + # can verify the certificate against the ApplicationDescription. + generate_if_missing "ServerRegisterClient${i}" "urn:bobink.ServerRegister${i}" +done + +# ------------------------------------------------------------------ +# Cleanup on exit +# ------------------------------------------------------------------ + +pids=() + +cleanup() { + echo "" + echo "Stopping all servers..." + for pid in "${pids[@]}"; do + kill "$pid" 2>/dev/null || true + done + wait 2>/dev/null + echo "All servers stopped." +} + +trap cleanup EXIT INT TERM + +# ------------------------------------------------------------------ +# Launch LDS +# ------------------------------------------------------------------ + +# LDS trustlist: every RegisterServer client cert + the FindServers client cert. +lds_trustlist=() +for i in $(seq 1 "$N"); do + lds_trustlist+=("$CERTS_DIR/ServerRegisterClient${i}_cert.der") +done +lds_trustlist+=("$CERTS_DIR/ClientFindServers_cert.der") +lds_trustlist+=(${EXTRA_TRUST[@]+"${EXTRA_TRUST[@]}"}) + +echo "Starting LDS on port $LDS_PORT..." +"$BUILD_DIR/ServerLDS" \ + "$LDS_PORT" \ + "urn:bobink.ServerLDS" \ + "$CERTS_DIR/ServerLDS_cert.der" \ + "$CERTS_DIR/ServerLDS_key.der" \ + 60 \ + "${lds_trustlist[@]}" & +pids+=($!) +sleep 1 + +# ------------------------------------------------------------------ +# Launch RegisterServers +# ------------------------------------------------------------------ + +for i in $(seq 1 "$N"); do + port=$((BASE_REGISTER_PORT + i - 1)) + + echo "Starting ServerRegister${i} on port $port..." + "$BUILD_DIR/ServerRegister" \ + "$port" \ + "urn:bobink.ServerRegister${i}" \ + "$CERTS_DIR/ServerRegister${i}_cert.der" \ + "$CERTS_DIR/ServerRegister${i}_key.der" \ + "$CERTS_DIR/ServerRegisterClient${i}_cert.der" \ + "$CERTS_DIR/ServerRegisterClient${i}_key.der" \ + "opc.tcp://localhost:$LDS_PORT" \ + 10 \ + SignAndEncrypt Aes128_Sha256_RsaOaep \ + "$CERTS_DIR/ServerLDS_cert.der" \ + "$CERTS_DIR/ClientFindServers_cert.der" \ + ${EXTRA_TRUST[@]+"${EXTRA_TRUST[@]}"} & + pids+=($!) + sleep 0.5 +done + +# ------------------------------------------------------------------ +# Summary +# ------------------------------------------------------------------ + +echo "" +echo "=== All servers running ===" +echo " LDS: port $LDS_PORT" +for i in $(seq 1 "$N"); do + port=$((BASE_REGISTER_PORT + i - 1)) + echo " ServerRegister${i}: port $port" +done + +# Build the client command hint with the correct trustlist. +client_trust="certs/ServerLDS_cert.der" +for i in $(seq 1 "$N"); do + client_trust="$client_trust certs/ServerRegister${i}_cert.der" +done + +echo "" +echo "Run the client with:" +echo " build/ClientFindServers \"opc.tcp://localhost:$LDS_PORT\" \\" +echo " \"urn:bobink.ClientFindServers\" \\" +echo " certs/ClientFindServers_cert.der certs/ClientFindServers_key.der \\" +echo " SignAndEncrypt Aes128_Sha256_RsaOaep \\" +echo " $client_trust" +echo "" +echo "Press Ctrl+C to stop all servers." + +wait |
