Add script to generate the tls certificates

Iandiehard · Oct 22, 2023 · f90cf48 · f90cf48
1 parent d67bc35
commit f90cf48
Show file tree

Hide file tree

Showing 7 changed files with 88 additions and 31 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -33,6 +33,7 @@ RUN apt-get update &&\
         graphviz \
         net-tools \
         iproute2 \
+        libssl-dev \
         locales-all &&\
     apt-get clean
 
@@ -63,6 +64,10 @@ RUN wget "https://github.com/COVESA/dlt-daemon/archive/refs/tags/v${DLT_MAJOR_VE
     cmake --build build --config Release && \
     cmake --install build --config Release
 
+RUN wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz -O - | tar -xz
+WORKDIR /openssl-1.1.1w
+RUN ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl && make && make install
+
 # Add Dlt environment variable to bashrc for google test
  RUN echo 'export DLT_INITIAL_LOG_LEVEL="::6"' >> ~/.bashrc && \
      echo 'export DLT_LOCAL_PRINT_MODE=FORCE_ON' >> ~/.bashrc
diff --git a/.github/install_cmake.sh b/.github/install_cmake.sh
@@ -2,9 +2,12 @@
 CMAKE_MAJOR_VERSION="3"
 CMAKE_MINOR_VERSION="25"
 CMAKE_PATCH_VERSION="3"
-wget "https://github.com/Kitware/CMake/archive/refs/tags/v${OPENSSL_CMAKE_MAJOR_VERSION}.${OPENSSL_CMAKE_MINOR_VERSION}.${OPENSSL_CMAKE_PATCH_VERSION}.tar.gz"
-tar -zxvf cmake-${OPENSSL_CMAKE_MAJOR_VERSION}.${OPENSSL_CMAKE_MINOR_VERSION}.${OPENSSL_CMAKE_PATCH_VERSION}.tar.gz
-cd cmake-${OPENSSL_CMAKE_MAJOR_VERSION}.${OPENSSL_CMAKE_MINOR_VERSION}.${OPENSSL_CMAKE_PATCH_VERSION}
+wget "https://github.com/Kitware/CMake/archive/refs/tags/v${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION}.${CMAKE_PATCH_VERSION}.tar.gz"
+tar -zxvf v${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION}.${CMAKE_PATCH_VERSION}.tar.gz
+rm -rf v${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION}.${CMAKE_PATCH_VERSION}.tar.gz
+cd CMake-${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION}.${CMAKE_PATCH_VERSION}
 ./bootstrap
 make
-sudo make install
+make install
+cd ..
+rm -rf CMake-${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION}.${CMAKE_PATCH_VERSION}
diff --git a/.github/install_openssl.sh b/.github/install_openssl.sh
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -7,7 +7,7 @@
 #
 # Entry Project CMake
 #
-cmake_minimum_required(VERSION 3.25)
+cmake_minimum_required(VERSION 3.22)
 project(diag-client)
 
 # Cmake options

diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
@@ -10,20 +10,10 @@ FetchContent_Declare(
         URL https://github.com/google/googletest/archive/refs/tags/release-1.12.1.zip
 )
 
-# Download and compile openssl
-set(OPENSSL_CONFIGURE_OPTIONS no-shared no-tests)
-set(OPENSSL_TARGET_VERSION 1.1.1w)
-set(OPENSSL_CONFIGURE_VERBOSE ON)
-FetchContent_Declare(
-        openssl-cmake
-        URL https://github.com/jimmy-park/openssl-cmake/archive/3.1.3.tar.gz
-)
-
 # For Windows: Prevent overriding the parent project's compiler/linker settings
 set(gtest_force_shared_crt ON CACHE BOOL "" FORCE)
 FetchContent_MakeAvailable(googletest)
-# This line must be preceded before find_package(OpenSSL)
-FetchContent_MakeAvailable(openssl-cmake)
+
 enable_testing()
 
 file(GLOB DOIP_HANDLER "${CMAKE_CURRENT_SOURCE_DIR}/doip_handler/*.cpp")
@@ -48,8 +38,6 @@ target_link_libraries(${PROJECT_NAME}
         utility-support
         GTest::gtest_main
         GTest::gmock_main
-        OpenSSL::SSL
-        OpenSSL::Crypto
         )
 
 include(GoogleTest)

diff --git a/test/test_case/tls_test.cpp b/test/test_case/tls_test.cpp
@@ -12,7 +12,8 @@
 #include "socket/tcp/tls_server.h"
 
 /**
- * @brief         Fixture to test all kind of TLS connection with supported cipher list
+ * @brief       Fixture to test the TLS connection between client and server with supported cipher list
+ * 
  */
 class TLSFixture : public ::testing::Test {
  protected:

diff --git a/tools/generate_tls_certificates.sh b/tools/generate_tls_certificates.sh
@@ -0,0 +1,72 @@
+#! /bin/bash
+
+# References:- 1. https://devopscube.com/create-self-signed-certificates-openssl/,
+#              2. https://mariadb.com/docs/server/security/data-in-transit-encryption/create-self-signed-certificates-keys-openssl/
+# Modification is done as per this project
+
+DOMAIN=DiagClientLib
+
+mkdir openssl && cd openssl
+
+# Create root CA & Private key
+openssl req -x509 \
+            -sha256 -days 356 \
+            -nodes \
+            -newkey rsa:2048 \
+            -subj "/CN=${DOMAIN}/C=DE/L=San Fransisco" \
+            -keyout rootCA.key -out rootCA.crt
+
+# Create the Server Private Key
+openssl genrsa -out ${DOMAIN}.key 2048
+
+# Create Certificate Signing Request Configuration
+cat > csr.conf <<EOF
+[ req ]
+default_bits = 2048
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+
+[ dn ]
+C = DE
+ST = BW
+L = BERLIN
+O = DiagClientLib
+OU = DiagClientLib
+CN = ${DOMAIN}
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = ${DOMAIN}
+DNS.2 = www.${DOMAIN}.com
+IP.1 = 172.16.25.127
+IP.2 = 172.16.25.128
+
+EOF
+
+# Generate Certificate Signing Request (CSR) Using Server Private Key
+openssl req -new -key ${DOMAIN}.key -out ${DOMAIN}.csr -config csr.conf
+
+# Create a external config file for the certificate
+cat > cert.conf <<EOF
+
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = ${DOMAIN}
+
+EOF
+
+# Generate SSL certificate With self signed CA
+openssl x509 -req \
+    -in ${DOMAIN}.csr \
+    -CA rootCA.crt -CAkey rootCA.key \
+    -CAcreateserial -out ${DOMAIN}.crt \
+    -days 365 \
+    -sha256 -extfile cert.conf