Fixing TLS Exceptions and Example (#2173)

* Fixing HelloWorldExampleTCP certificates Signed-off-by: jparisu <javierparis@eprosima.com> * regenerate certificates Signed-off-by: jparisu <javierparis@eprosima.com> * Add try catch to probable fails in asio calls Signed-off-by: jparisu <javierparis@eprosima.com>
eProsima · Sep 17, 2021 · ec84c0b · ec84c0b
1 parent 835bf1e
commit ec84c0b
Show file tree

Hide file tree

Showing 17 changed files with 175 additions and 148 deletions.
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/CMakeLists.txt b/examples/C++/DDS/HelloWorldExampleTCP/CMakeLists.txt
@@ -51,9 +51,9 @@ file(GLOB DDS_TCP_HELLOWORLD_EXAMPLE_SOURCES_CPP "*.cpp")
 configure_file("HelloWorldSubscriber.xml" "HelloWorldSubscriber.xml" COPYONLY)
 configure_file("HelloWorldPublisher.xml" "HelloWorldPublisher.xml" COPYONLY)
 configure_file("dh2048.pem" "dh2048.pem" COPYONLY)
-configure_file("server.pem" "server.pem" COPYONLY)
-configure_file("ca.pem" "ca.pem" COPYONLY)
-
+configure_file("serverkey.pem" "serverkey.pem" COPYONLY)
+configure_file("servercert.pem" "servercert.pem" COPYONLY)
+configure_file("cacert.pem" "cacert.pem" COPYONLY)
 
 add_executable(DDSHelloWorldExampleTCP ${DDS_TCP_HELLOWORLD_EXAMPLE_SOURCES_CXX} ${DDS_TCP_HELLOWORLD_EXAMPLE_SOURCES_CPP})
 target_compile_definitions(DDSHelloWorldExampleTCP PRIVATE

diff --git a/examples/C++/DDS/HelloWorldExampleTCP/HelloWorldPublisher.cpp b/examples/C++/DDS/HelloWorldExampleTCP/HelloWorldPublisher.cpp
@@ -68,8 +68,8 @@ bool HelloWorldPublisher::init(
         using TLSOptions = TCPTransportDescriptor::TLSConfig::TLSOptions;
         descriptor->apply_security = true;
         descriptor->tls_config.password = "test";
-        descriptor->tls_config.cert_chain_file = "server.pem";
-        descriptor->tls_config.private_key_file = "server.pem";
+        descriptor->tls_config.cert_chain_file = "servercert.pem";
+        descriptor->tls_config.private_key_file = "serverkey.pem";
         descriptor->tls_config.tmp_dh_file = "dh2048.pem";
         descriptor->tls_config.add_option(TLSOptions::DEFAULT_WORKAROUNDS);
         descriptor->tls_config.add_option(TLSOptions::SINGLE_DH_USE);

diff --git a/examples/C++/DDS/HelloWorldExampleTCP/HelloWorldSubscriber.cpp b/examples/C++/DDS/HelloWorldExampleTCP/HelloWorldSubscriber.cpp
@@ -82,8 +82,7 @@ bool HelloWorldSubscriber::init(
         using TLSVerifyMode = TCPTransportDescriptor::TLSConfig::TLSVerifyMode;
         using TLSOptions = TCPTransportDescriptor::TLSConfig::TLSOptions;
         descriptor->apply_security = true;
-        descriptor->tls_config.password = "test";
-        descriptor->tls_config.verify_file = "ca.pem";
+        descriptor->tls_config.verify_file = "cacert.pem";
         descriptor->tls_config.verify_mode = TLSVerifyMode::VERIFY_PEER;
         descriptor->tls_config.add_option(TLSOptions::DEFAULT_WORKAROUNDS);
     }

diff --git a/...s/C++/DDS/HelloWorldExampleTCP/README.txt → ...es/C++/DDS/HelloWorldExampleTCP/README.md b/...s/C++/DDS/HelloWorldExampleTCP/README.txt → ...es/C++/DDS/HelloWorldExampleTCP/README.md
@@ -1,13 +1,21 @@
+# TCP HELLO WORLD
+
+## How to run it
+
 To launch this test open two different consoles:
 
 In the first one launch: ./DDSHelloWorldExampleTCP publisher (or DDSHelloWorldExampleTCP.exe publisher on windows).
 In the second one: ./DDSHelloWorldExampleTCP subscriber (or DDSHelloWorldExampleTCP.exe subscriber on windows).
 
-
 This example includes additional options to show the capabilities of the TCP Transport on Fast DDS,
 such as WAN and TLS. In this example the publisher will work as a TCP server and the subscriber as a
 TCP client.
 
+## Arguments
+
+First argument is `publisher` or `subscriber` and then the rest of arguments are read unordered
+
+```sh
 Usage: DDSHelloWorldExampleTCP <publisher|subscriber>
 
 General options:
@@ -26,19 +34,32 @@ Subscriber options:
   -a <address>, --address=<address> IP Address of the publisher (Default: 127.0.0.1).
   -p <num>,     --port=<num>        Physical Port where the publisher is
                                     listening for connections (Default: 5100).
+```
 
+## WAN Example
 
-WAN Example:
+```sh
+# Public WAN address and port of this host (port must be open in router)
+DDSHelloWorldExampleTCP publisher -a 80.88.150.120 -p 5500
 
-DDSHelloWorldExampleTCP publisher -a <PUBLIC_WAN_ADDR> -p <PORT>
-DDSHelloWorldExampleTCP subscriber -a <SERVER_ADDR> -p <PORT>
+# Public WAN address and port of the publisher
+DDSHelloWorldExampleTCP subscriber -a 80.88.150.120 -p 5500
+```
 
-    For example:
-        DDSHelloWorldExampleTCP publisher -a 80.88.150.120 -p 5500
-        DDSHelloWorldExampleTCP subscriber -a 80.88.150.120 -p 5500
+## TLS Example
 
+```sh
+# Generate CA certificate
+openssl ecparam -name prime256v1 -genkey | openssl ec -aes256 -out cakey.pem -passout pass:cakey # Generate CA private key
+openssl req -new -x509 -sha256 -key cakey.pem -out cacert.pem -days 3650 -config ca.cnf -passin pass:cakey # Generate CA certificate
 
-TLS Example:
+# Generate server certificate
+openssl ecparam -name prime256v1 -genkey | openssl ec -aes256 -out serverkey.pem -passout pass:test # Generate server private key
+openssl req -new -sha256 -key serverkey.pem -out server.csr -config server.cnf -passin pass:test # Generate server certificate request
+openssl x509 -req -in server.csr -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out servercert.pem -days 1000 -sha256 -passin pass:cakey # Generate signed server certiticate
+openssl dhparam -out dh2048.pem 2048 # Generate Diffie-Hellman parameters
 
+# Launch in localhost
 DDSHelloWorldExampleTCP publisher -t
 DDSHelloWorldExampleTCP subscriber -t
+```
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/ca.cnf b/examples/C++/DDS/HelloWorldExampleTCP/ca.cnf
@@ -0,0 +1,14 @@
+# Configuration file for CA request
+
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+countryName            = ES
+stateOrProvinceName    = MA
+localityName           = Madrid
+organizationName       = eProsima
+organizationalUnitName = eProsima
+commonName             = HelloWorldExampleTCP
+emailAddress           = ca@eprosima.com
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/ca.pem b/examples/C++/DDS/HelloWorldExampleTCP/ca.pem
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/cacert.pem b/examples/C++/DDS/HelloWorldExampleTCP/cacert.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHDCCAcMCFFq98e6WB07/LRzoPiRhKKhb/7MEMAoGCCqGSM49BAMCMIGQMQsw
+CQYDVQQGEwJFUzELMAkGA1UECAwCTUExDzANBgNVBAcMBk1hZHJpZDERMA8GA1UE
+CgwIZVByb3NpbWExETAPBgNVBAsMCGVQcm9zaW1hMR0wGwYDVQQDDBRIZWxsb1dv
+cmxkRXhhbXBsZVRDUDEeMBwGCSqGSIb3DQEJARYPY2FAZXByb3NpbWEuY29tMB4X
+DTIxMDkwMjA5MTc0NVoXDTMxMDgzMTA5MTc0NVowgZAxCzAJBgNVBAYTAkVTMQsw
+CQYDVQQIDAJNQTEPMA0GA1UEBwwGTWFkcmlkMREwDwYDVQQKDAhlUHJvc2ltYTER
+MA8GA1UECwwIZVByb3NpbWExHTAbBgNVBAMMFEhlbGxvV29ybGRFeGFtcGxlVENQ
+MR4wHAYJKoZIhvcNAQkBFg9jYUBlcHJvc2ltYS5jb20wWTATBgcqhkjOPQIBBggq
+hkjOPQMBBwNCAARFyDEGg6TqrVzusJNcKuUNjEGExpSJbI6FHdBUZNN341OTKaB0
+RB2+ecUlau/SQl8IWGyMLqY67SXXFuaxXFiaMAoGCCqGSM49BAMCA0cAMEQCIEEm
+nhtnxFYZZGME0n0TXMQ//l7YKAxNqwB+SEVtCFtUAiAutaLfgULUHXNVWGrwdSBv
+U2UfxqP9GlUn8j2d9wKINA==
+-----END CERTIFICATE-----
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/cacert.srl b/examples/C++/DDS/HelloWorldExampleTCP/cacert.srl
@@ -0,0 +1 @@
+68A89E556EDA2C2E2F39D8D3ABA444472A752A82
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/cakey.pem b/examples/C++/DDS/HelloWorldExampleTCP/cakey.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,4F7DF4A082727997AA40B6EFF455C2D8
+
+8+TN9DOTv43cAT0a1kItggowBeb5iR2wFnkDlus82Lw2FsQjeROreee/hehYgEKA
+9jY38PBjM9Qnf5TxfnDLfv3V1lUdWvvMDZoaawnFfq5tAR2pAhG0TMMgq/NCLN8n
+QRMg9M6o6nwUsWjXt+rDw8N529ygRCdiCGWefBjzgo0=
+-----END EC PRIVATE KEY-----
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/dh2048.pem b/examples/C++/DDS/HelloWorldExampleTCP/dh2048.pem
@@ -1,8 +1,8 @@
 -----BEGIN DH PARAMETERS-----
-MIIBCAKCAQEAyNnxZSYc6J89mDNnqOH8bnwBiAJxcaUS3PkIEcwW8D9o2BlNq6EO
-XKMIbdfwPFZi80GMpNu3YP2A2B42sAHmb7w7ZA92QDv3JjqzR0QuS/CkMv4CEjha
-QBFwBDDWnnHBSj4w/t54ii0SH34mWcjBItI2eMtnM9J6fnvNiWqJxdt4iA4mZjZD
-qZTjIRyjgKAevzkqAlBqQRoVUUgu+9Cf29wXjVl3bE+0VU5CdFeyT+Y9yunz88mq
-rGyx1uPt+zbIfxuNLH+coY67y1ht7iZEL5WLd3wGCycRT+lYy2AL/rxGBPxStFIT
-2bOkQao6sAfb4UdGEUlwHUXZrAV51oM30wIBAg==
+MIIBCAKCAQEAzKWNcIHi8oJ5656EvNkHVkYFnIO2ZT6ecvEo41Eve83zQVvwsSOC
+QdSS90K7kSVAvpN3S1HNuG1+CaW4CnLNXahPxtRF/vqeUx/mm5E1yvfMnTC2v5EQ
+2kLnji1P0hYtYpEqki+qOyt4NqkRp303/6nonvSudZGe95RkJcLoQZTKR6hcemS4
+sb2wY/HJ3SlZemk0S0N+UQxiHZVR+IqTuaEk2eOH+HjzQtkcei29xrDOQIHGIrM/
+ZdJ/vsa2TFtTilGj6Qa/o/nrQxz9JkV370UDmCZffrY7NNbIc6BUZ3zLtZsLcVDg
+ibDsASO89bSdi1K3C2GoWq/5Jb5+lwsZWwIBAg==
 -----END DH PARAMETERS-----
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/server.cnf b/examples/C++/DDS/HelloWorldExampleTCP/server.cnf
@@ -0,0 +1,14 @@
+# Configuration file for CA request
+
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+countryName            = ES
+stateOrProvinceName    = MA
+localityName           = Madrid
+organizationName       = eProsima
+organizationalUnitName = eProsima
+commonName             = HelloWorldExampleTCP
+emailAddress           = server@eprosima.com
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/server.csr b/examples/C++/DDS/HelloWorldExampleTCP/server.csr
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBUTCB9wIBADCBlDELMAkGA1UEBhMCRVMxCzAJBgNVBAgMAk1BMQ8wDQYDVQQH
+DAZNYWRyaWQxETAPBgNVBAoMCGVQcm9zaW1hMREwDwYDVQQLDAhlUHJvc2ltYTEd
+MBsGA1UEAwwUSGVsbG9Xb3JsZEV4YW1wbGVUQ1AxIjAgBgkqhkiG9w0BCQEWE3Nl
+cnZlckBlcHJvc2ltYS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDsPIt
+BSj/9N+DjujflOxl9AnDWyFEgHnRl2EkcypoFKGnZ19IhUv4c5Cj93VuerI5z7Lp
+/RiyzUmcCFzdT86coAAwCgYIKoZIzj0EAwIDSQAwRgIhAOQ6ceJsMp+xBsvHw08o
+FMTNXmKc9D/rSIqzQkc+FNQ4AiEAsooXFk29SwGbPtuttiN+jUIR1CsD4shhe611
++caIn8I=
+-----END CERTIFICATE REQUEST-----
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/server.pem b/examples/C++/DDS/HelloWorldExampleTCP/server.pem
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/servercert.pem b/examples/C++/DDS/HelloWorldExampleTCP/servercert.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIjCCAccCFGionlVu2iwuLznY06ukREcqdSqCMAoGCCqGSM49BAMCMIGQMQsw
+CQYDVQQGEwJFUzELMAkGA1UECAwCTUExDzANBgNVBAcMBk1hZHJpZDERMA8GA1UE
+CgwIZVByb3NpbWExETAPBgNVBAsMCGVQcm9zaW1hMR0wGwYDVQQDDBRIZWxsb1dv
+cmxkRXhhbXBsZVRDUDEeMBwGCSqGSIb3DQEJARYPY2FAZXByb3NpbWEuY29tMB4X
+DTIxMDkwMjA5MTc1NloXDTI0MDUyOTA5MTc1NlowgZQxCzAJBgNVBAYTAkVTMQsw
+CQYDVQQIDAJNQTEPMA0GA1UEBwwGTWFkcmlkMREwDwYDVQQKDAhlUHJvc2ltYTER
+MA8GA1UECwwIZVByb3NpbWExHTAbBgNVBAMMFEhlbGxvV29ybGRFeGFtcGxlVENQ
+MSIwIAYJKoZIhvcNAQkBFhNzZXJ2ZXJAZXByb3NpbWEuY29tMFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEw7DyLQUo//Tfg47o35TsZfQJw1shRIB50ZdhJHMqaBSh
+p2dfSIVL+HOQo/d1bnqyOc+y6f0Yss1JnAhc3U/OnDAKBggqhkjOPQQDAgNJADBG
+AiEAwDUUC7juRZ3u+GmfSN4dSFoMmIQOZ6NKsC8jl5cRSzkCIQD9XHHlpcPs9gal
+CfGdVJAAK6nhnos2PvDNx2ukMv6Tyg==
+-----END CERTIFICATE-----
diff --git a/examples/C++/DDS/HelloWorldExampleTCP/serverkey.pem b/examples/C++/DDS/HelloWorldExampleTCP/serverkey.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,2AEC6E52327BCB608545A7F1AD7AE4EC
+
+dk8uVghPw/DYIcckr52+Vid5jR2aEooV3ZCpL/kX7gbFu+g2E+Z8q8hvwNYxQOuC
+DY8jokqqqYT7oaWUQ+q5ZnUKg9aqhNObetVsG4Iel6F0lB3d7YZNynA5brKFm40v
+BFLLaXMo4sz5hWBwftJSZqYeXBZX7H7ZsX+HvgIvHm4=
+-----END EC PRIVATE KEY-----