Download certs into demos/certificates with an option to disable downloading

CMakeLists.txt

@@ -33,6 +33,9 @@ option( BUILD_TESTS
 option( BUILD_CLONE_SUBMODULES
         "Set this to ON to automatically clone any required Git submodules. When OFF, submodules must be manually cloned."
         ON )
+option( DOWNLOAD_CERTS
+        "Set this to ON to automatically download certificates needed to run the demo. When OFF, certificates must be manually downloaded." 
+        ON )
 
 # Unity test framework does not export the correct symbols for DLLs.
 set( ALLOW_SHARED_LIBRARIES ON )

README.md

@@ -43,9 +43,12 @@ It is required to setup an AWS account and access the AWS IoT Console for runnin
 
 ### Configuring the mutual auth demos
 
-- You can pass the following configuration settings as command line options in order to run the mutual auth demos: `cmake .. -DAWS_IOT_ENDPOINT="aws-iot-endpoint" -DCLIENT_CERT_PATH="certificate-path" -DCLIENT_PRIVATE_KEY_PATH="private-key-path"`
+- You can pass the following configuration settings as command line options in order to run the mutual auth demos: 
+```bash
+cmake .. -DAWS_IOT_ENDPOINT="aws-iot-endpoint" -DROOT_CA_CERT_PATH="root-ca-path" -DCLIENT_CERT_PATH="certificate-path" -DCLIENT_PRIVATE_KEY_PATH="private-key-path" 
+```
 
-- In order to set these settings manually, edit `demo_config.h` in `demos/mqtt/mqtt_demo_mutual_auth/` and `demos/http/http_demo_mutual_auth/` to `#define` the following:
+- In order to set these configurations manually, edit `demo_config.h` in `demos/mqtt/mqtt_demo_mutual_auth/` and `demos/http/http_demo_mutual_auth/` to `#define` the following:
 
 	- Set `AWS_IOT_ENDPOINT` to your custom endpoint. This is found on the *Settings* page of the AWS IoT Console and has a format of `ABCDEFG1234567.iot.us-east-2.amazonaws.com`.
 

demos/CMakeLists.txt

@@ -35,11 +35,41 @@ function(check_aws_credentials demo_name)
     endif()
 endfunction()
 
+if(DOWNLOAD_CERTS)
+    # Download the Amazon Root CA certificate.
+    message( "Downloading the Amazon Root CA certificate..." )
+    file(MAKE_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}/certificates)
+    execute_process(
+        COMMAND curl --url https://www.amazontrust.com/repository/AmazonRootCA1.pem
+        -o ${CMAKE_CURRENT_LIST_DIR}/certificates/AmazonRootCA1.crt
+    )
+endif()
+
+# Copy the certificates and client keys to the build directory.
+file(COPY "${CMAKE_CURRENT_LIST_DIR}/certificates"
+     DESTINATION "${CMAKE_RUNTIME_OUTPUT_DIRECTORY}")
+if(BUILD_TESTS)
+    file(COPY "${CMAKE_CURRENT_LIST_DIR}/certificates"
+         DESTINATION "${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/tests")
+endif()
+
+# Set prefix to PWD if any path flags are relative
+if(DEFINED ENV{PWD})
+    if(NOT ROOT_CA_CERT_PATH MATCHES "/$")
+        set(ROOT_CA_CERT_PATH "$ENV{PWD}/${ROOT_CA_CERT_PATH}")
+    endif()
+    if(NOT CLIENT_CERT_PATH MATCHES "/$")
+        set(CLIENT_CERT_PATH "$ENV{PWD}/${CLIENT_CERT_PATH}")
+    endif()
+    if(NOT CLIENT_PRIVATE_KEY_PATH MATCHES "/$")
+        set(CLIENT_PRIVATE_KEY_PATH "$ENV{PWD}/${CLIENT_PRIVATE_KEY_PATH}")
+    endif()
+endif()
+
 # Include each subdirectory that has a CMakeLists.txt file in it
 file(GLOB demo_dirs "${DEMOS_DIR}/*/*")
 foreach(demo_dir IN LISTS demo_dirs)
     if(IS_DIRECTORY "${demo_dir}" AND EXISTS "${demo_dir}/CMakeLists.txt")
-        get_filename_component( DEMO_EXE_NAME ${demo_dir} NAME )
         add_subdirectory(${demo_dir})
     endif()
 endforeach()

demos/http/http_demo_basic_tls/CMakeLists.txt

@@ -27,20 +27,15 @@ target_include_directories(
         ${LOGGING_INCLUDE_DIRS}
 )
 
-# Download the Amazon Root CA certificate.
-message( "Downloading the Amazon Root CA certificate..." )
-file(MAKE_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}/certificates)
-execute_process(
-    COMMAND curl --url https://www.amazontrust.com/repository/AmazonRootCA1.pem 
-    -o ${CMAKE_CURRENT_LIST_DIR}/certificates/AmazonRootCA1.crt
-)
-
-# Copy the certificates and client key to the binary directory.
-add_custom_command(
-    TARGET
-        ${DEMO_NAME}
-    POST_BUILD
-        COMMAND ${CMAKE_COMMAND} -E copy_directory
-        "${CMAKE_CURRENT_LIST_DIR}/certificates"
-        "$<TARGET_FILE_DIR:${DEMO_NAME}>/certificates"
-)
+if(ROOT_CA_CERT_PATH)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            ROOT_CA_CERT_PATH="${ROOT_CA_CERT_PATH}"
+    )
+endif()
+if(SERVER_HOST)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            SERVER_HOST="${SERVER_HOST}"
+    )
+endif()

demos/http/http_demo_basic_tls/demo_config.h

@@ -54,21 +54,25 @@
  *
  * @note This demo uses httpbin.org: A simple HTTP Request & Response Service.
  */
-#define SERVER_HOST                       "httpbin.org"
+#ifndef SERVER_HOST
+    #define SERVER_HOST    "httpbin.org"
+#endif
 
 /**
  * @brief HTTP server port number.
  *
  * In general, port 443 is for TLS HTTP connections.
  */
-#define SERVER_PORT                       443
+#define SERVER_PORT    443
 
 /**
  * @brief Path of the file containing the server's root CA certificate for TLS authentication.
  *
  * @note This certificate should be PEM-encoded.
  */
-#define ROOT_CA_CERT_PATH                 "certificates/AmazonRootCA1.crt"
+#ifndef ROOT_CA_CERT_PATH
+    #define ROOT_CA_CERT_PATH    "certificates/AmazonRootCA1.crt"
+#endif
 
 /**
  * @brief Paths for different HTTP methods for specified host.

demos/http/http_demo_mutual_auth/CMakeLists.txt

@@ -33,20 +33,9 @@ target_include_directories(
         ${LOGGING_INCLUDE_DIRS}
 )
 
-# Download the Amazon Root CA certificate
-message( "Downloading the Amazon Root CA certificate..." )
-file(MAKE_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}/certificates)
-execute_process(
-    COMMAND curl --url https://www.amazontrust.com/repository/AmazonRootCA1.pem 
-    -o ${CMAKE_CURRENT_LIST_DIR}/certificates/AmazonRootCA1.crt
-)
-
-# Copy the certificates and client key to the binary directory.
-add_custom_command(
-    TARGET
-        ${DEMO_NAME}
-    POST_BUILD
-        COMMAND ${CMAKE_COMMAND} -E copy_directory
-        "${CMAKE_CURRENT_LIST_DIR}/certificates"
-        "$<TARGET_FILE_DIR:${DEMO_NAME}>/certificates"
-)
+if(ROOT_CA_CERT_PATH)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            ROOT_CA_CERT_PATH="${ROOT_CA_CERT_PATH}"
+    )
+endif()

demos/http/http_demo_mutual_auth/demo_config.h

@@ -66,7 +66,7 @@
  * @note Port 443 requires use of the ALPN TLS extension with the ALPN protocol
  * name being x-amzn-http-ca. When using port 8443, ALPN is not required.
  */
-#define AWS_IOT_PORT                   443
+#define AWS_IOT_PORT    443
 
 /**
  * @brief Path of the file containing Amazon's root CA certificate for TLS
@@ -78,7 +78,9 @@
  *
  * @note This certificate should be PEM-encoded.
  */
-#define ROOT_CA_CERT_PATH              "certificates/AmazonRootCA1.crt"
+#ifndef ROOT_CA_CERT_PATH
+    #define ROOT_CA_CERT_PATH    "certificates/AmazonRootCA1.crt"
+#endif
 
 /**
  * @brief ALPN protocol name to be sent as part of the ClientHello message.

demos/http/http_demo_plaintext/CMakeLists.txt

@@ -26,3 +26,10 @@ target_include_directories(
     PUBLIC
         ${LOGGING_INCLUDE_DIRS}
 )
+
+if(SERVER_HOST)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            SERVER_HOST="${SERVER_HOST}"
+    )
+endif()

demos/http/http_demo_plaintext/demo_config.h

@@ -52,7 +52,9 @@
  *
  * @note This demo uses httpbin.org: A simple HTTP Request & Response Service.
  */
-#define SERVER_HOST                       "httpbin.org"
+#ifndef SERVER_HOST
+    #define SERVER_HOST    "httpbin.org"
+#endif
 
 /**
  * @brief HTTP server port number.

demos/mqtt/mqtt_demo_basic_tls/CMakeLists.txt

@@ -29,20 +29,21 @@ target_include_directories(
         ${LOGGING_INCLUDE_DIRS}
 )
 
-# Download the Mosquitto Root CA certificate.
-message( "Downloading the Mosquitto Root CA certificate..." )
-file(MAKE_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}/certificates)
-execute_process(
-    COMMAND curl --url https://test.mosquitto.org/ssl/mosquitto.org.crt
-    -o ${CMAKE_CURRENT_LIST_DIR}/certificates/mosquitto.org.crt
-)
-
-# Copy the server certificate file to the binary directory.
-add_custom_command(
-    TARGET
-        ${DEMO_NAME}
-    POST_BUILD
-        COMMAND ${CMAKE_COMMAND} -E copy_if_different
-        "${CMAKE_CURRENT_LIST_DIR}/certificates/mosquitto.org.crt"
-        "$<TARGET_FILE_DIR:${DEMO_NAME}>/certificates/mosquitto.org.crt"
-)
+if(ROOT_CA_CERT_PATH)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            ROOT_CA_CERT_PATH="${ROOT_CA_CERT_PATH}"
+    )
+endif()
+if(BROKER_ENDPOINT)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            BROKER_ENDPOINT="${BROKER_ENDPOINT}"
+    )
+endif()
+if(CLIENT_IDENTIFIER)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            CLIENT_IDENTIFIER="${CLIENT_IDENTIFIER}"
+    )
+endif()

demos/mqtt/mqtt_demo_basic_tls/demo_config.h

@@ -91,6 +91,8 @@
  *
  * No two clients may use the same client identifier simultaneously.
  */
-#define CLIENT_IDENTIFIER           "testclient"
+#ifndef CLIENT_IDENTIFIER
+    #define CLIENT_IDENTIFIER    "testclient"
+#endif
 
 #endif /* ifndef DEMO_CONFIG_H */

demos/mqtt/mqtt_demo_lightweight/CMakeLists.txt

@@ -23,3 +23,16 @@ target_include_directories(
         ${CMAKE_CURRENT_LIST_DIR}
         ${LOGGING_INCLUDE_DIRS}
 )
+
+if(BROKER_ENDPOINT)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            BROKER_ENDPOINT="${BROKER_ENDPOINT}"
+    )
+endif()
+if(CLIENT_IDENTIFIER)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            CLIENT_IDENTIFIER="${CLIENT_IDENTIFIER}"
+    )
+endif()

demos/mqtt/mqtt_demo_lightweight/demo_config.h

@@ -74,6 +74,8 @@
  *
  * No two clients may use the same client identifier simultaneously.
  */
-#define CLIENT_IDENTIFIER         "testclient"
+#ifndef CLIENT_IDENTIFIER
+    #define CLIENT_IDENTIFIER    "testclient"
+#endif
 
 #endif /* ifndef DEMO_CONFIG_H */

demos/mqtt/mqtt_demo_mutual_auth/CMakeLists.txt

@@ -35,20 +35,21 @@ target_include_directories(
         ${LOGGING_INCLUDE_DIRS}
 )
 
-# Download the Amazon Root CA certificate.
-message( "Downloading the Amazon Root CA certificate..." )
-file(MAKE_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}/certificates)
-execute_process(
-    COMMAND curl --url https://www.amazontrust.com/repository/AmazonRootCA1.pem
-    -o ${CMAKE_CURRENT_LIST_DIR}/certificates/AmazonRootCA1.crt
-)
-
-# Copy the certificates and client key to the binary directory.
-add_custom_command(
-    TARGET
-        ${DEMO_NAME}
-    POST_BUILD
-        COMMAND ${CMAKE_COMMAND} -E copy_directory
-        "${CMAKE_CURRENT_LIST_DIR}/certificates"
-        "$<TARGET_FILE_DIR:${DEMO_NAME}>/certificates"
-)
+if(ROOT_CA_CERT_PATH)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            ROOT_CA_CERT_PATH="${ROOT_CA_CERT_PATH}"
+    )
+endif()
+if(BROKER_ENDPOINT)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            BROKER_ENDPOINT="${BROKER_ENDPOINT}"
+    )
+endif()
+if(CLIENT_IDENTIFIER)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            CLIENT_IDENTIFIER="${CLIENT_IDENTIFIER}"
+    )
+endif()

demos/mqtt/mqtt_demo_mutual_auth/demo_config.h

@@ -67,7 +67,7 @@
  * @note Port 443 requires use of the ALPN TLS extension with the ALPN protocol
  * name. When using port 8883, ALPN is not required.
  */
-#define AWS_MQTT_PORT        ( 8883 )
+#define AWS_MQTT_PORT    ( 8883 )
 
 /**
  * @brief Path of the file containing the server's root CA certificate.
@@ -84,7 +84,9 @@
  * @note This path is relative from the demo binary created. Update
  * ROOT_CA_CERT_PATH to the absolute path if this demo is executed from elsewhere.
  */
-#define ROOT_CA_CERT_PATH    "certificates/AmazonRootCA1.crt"
+#ifndef ROOT_CA_CERT_PATH
+    #define ROOT_CA_CERT_PATH    "certificates/AmazonRootCA1.crt"
+#endif
 
 /**
  * @brief Path of the file containing the client certificate.

demos/mqtt/mqtt_demo_plaintext/CMakeLists.txt

@@ -29,3 +29,15 @@ target_include_directories(
         ${LOGGING_INCLUDE_DIRS}
 )
 
+if(BROKER_ENDPOINT)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            BROKER_ENDPOINT="${BROKER_ENDPOINT}"
+    )
+endif()
+if(CLIENT_IDENTIFIER)
+    target_compile_definitions(
+        ${DEMO_NAME} PRIVATE
+            CLIENT_IDENTIFIER="${CLIENT_IDENTIFIER}"
+    )
+endif()

demos/mqtt/mqtt_demo_plaintext/demo_config.h

@@ -62,13 +62,15 @@
  *
  * In general, port 1883 is for unsecured MQTT connections.
  */
-#define BROKER_PORT          ( 1883 )
+#define BROKER_PORT    ( 1883 )
 
 /**
  * @brief MQTT client identifier.
  *
  * No two clients may use the same client identifier simultaneously.
  */
-#define CLIENT_IDENTIFIER    "testclient"
+#ifndef CLIENT_IDENTIFIER
+    #define CLIENT_IDENTIFIER    "testclient"
+#endif
 
 #endif /* ifndef DEMO_CONFIG_H */

libraries/standard/mqtt/integration-test/CMakeLists.txt

@@ -58,14 +58,6 @@ create_test(${stest_name}
             "${test_include_directories}"
         )
 
-# Download the Mosquitto Root CA certificate.
-message( "Downloading the Mosquitto Root CA certificate..." )
-file(MAKE_DIRECTORY ${CMAKE_CURRENT_LIST_DIR}/certificates)
-execute_process(
-    COMMAND curl --url https://test.mosquitto.org/ssl/mosquitto.org.crt
-    -o ${CMAKE_CURRENT_LIST_DIR}/certificates/mosquitto.org.crt
-)
-
 # Copy the certificates and client key to the binary directory.
 add_custom_command(
     TARGET