qtgrpc_chat_server: Compile certificates into the application

The previous approach was error-prone, as using TARGET_FILE_DIR hard-coded the path to the build directory and ignored install locations entirely. Fix this by using a more reliable approach: embedding the certificate strings directly into the application. Pick-to: 6.9 6.9.0 6.8 6.8.3 Change-Id: Ifb883891fd55bb023e7f9828f9c422ea3e5d1c3e Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
2025-03-13 11:36:50 +01:00 · 2025-03-13 11:36:50 +01:00 · c0496671be
parent 662dac4244
commit c0496671be
4 changed files with 39 additions and 64 deletions
--- a/examples/grpc/chat/server/CMakeLists.txt
+++ b/examples/grpc/chat/server/CMakeLists.txt
@ -77,33 +77,8 @@ add_executable(qtgrpc_chat_server
 target_include_directories(qtgrpc_chat_server PRIVATE ${proto_out})
 target_link_libraries(qtgrpc_chat_server PRIVATE gRPC::grpc++ gRPC::grpc++_reflection)
 target_compile_definitions(qtgrpc_chat_server
    PRIVATE SERVER_DIR="$<TARGET_FILE_DIR:qtgrpc_chat_server>"
 )
 install(TARGETS qtgrpc_chat_server
    RUNTIME DESTINATION "${INSTALL_EXAMPLEDIR}"
    BUNDLE DESTINATION "${INSTALL_EXAMPLEDIR}"
    LIBRARY DESTINATION "${INSTALL_EXAMPLEDIR}"
 )
 # copy the required certificates
 add_custom_command(
    TARGET qtgrpc_chat_server PRE_BUILD
    COMMAND ${CMAKE_COMMAND} -E copy
    ${CMAKE_CURRENT_LIST_DIR}/credentials/localhost.crt ${CMAKE_CURRENT_BINARY_DIR}/credentials/localhost.crt
    COMMENT "Copying certificates to build directory"
 )
 add_custom_command(
    TARGET qtgrpc_chat_server PRE_BUILD
    COMMAND ${CMAKE_COMMAND} -E copy
    ${CMAKE_CURRENT_LIST_DIR}/credentials/localhost.key ${CMAKE_CURRENT_BINARY_DIR}/credentials/localhost.key
    COMMENT "Copying certificates to build directory"
 )
 install(FILES
    ${CMAKE_CURRENT_LIST_DIR}/credentials/localhost.crt
    ${CMAKE_CURRENT_LIST_DIR}/credentials/localhost.key
    DESTINATION "${INSTALL_EXAMPLEDIR}/credentials"
 )
--- a/examples/grpc/chat/server/credentials/certificates.h
+++ b/examples/grpc/chat/server/credentials/certificates.h
@ -1,3 +1,11 @@
 // Copyright (C) 2025 The Qt Company Ltd.
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause
 #pragma once
 #include <string>
 inline static const std::string LocalhostKey = R"(
 -----BEGIN PRIVATE KEY-----
 MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDESiUqTSCcFfW+
 b56UX922NrvOoJdlbDPT9KVHvtaFREu+TBiAwQBrZkgpFo45sAwfzdc77R1zMk40
@ -26,3 +34,31 @@ J6W8kIdr9Y20VgKRF7BQk5ixj0GKflisMHXI4t0UnheEBHWemlTu1UyCSEvBhUZO
 NymTN9W6Eoe5Af1d13lTLmlsY2DfvyCokR3u2alg9zp67ScwFEHeVQQktFd0jWCQ
 c8jTsJ0LJjacI0O0aUAZFQ==
 -----END PRIVATE KEY-----
 )";
 inline static const std::string LocalhostCert = R"(
 -----BEGIN CERTIFICATE-----
 MIID+jCCAuKgAwIBAgIUeE21DpxD/pqYPrbpPguKo9mpQKswDQYJKoZIhvcNAQEL
 BQAwgZMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl
 cmxpbjEcMBoGA1UECgwTVGhlIFF0IENvbXBhbnkgR21iSDEMMAoGA1UECwwDUiZE
 MRIwEAYDVQQDDAlsb2NhbGhvc3QxIjAgBgkqhkiG9w0BCQEWE2Rlbm5pcy5vYmVy
 c3RAcXQuaW8wIBcNMjUwMjA0MDgzMjQxWhgPMjEyNTAxMTEwODMyNDFaMIGTMQsw
 CQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xHDAa
 BgNVBAoME1RoZSBRdCBDb21wYW55IEdtYkgxDDAKBgNVBAsMA1ImRDESMBAGA1UE
 AwwJbG9jYWxob3N0MSIwIAYJKoZIhvcNAQkBFhNkZW5uaXMub2JlcnN0QHF0Lmlv
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEolKk0gnBX1vm+elF/d
 tja7zqCXZWwz0/SlR77WhURLvkwYgMEAa2ZIKRaOObAMH83XO+0dczJOND/kT6z1
 TblC5+3r9K/GnRi/1tJGKHKRDaIJqXl6d+lmkEm5ToLIjTMqhctxHfuaqletoe0u
 kTY8m1xDG7UaSdIQvttXA8JqT5WDAl79Y+OnXXRxnYIEzOqSICNgzW4KP3i4aRW9
 FbyGd/FdgqT+Oy9L+l1RTGfMK47p9DUsMTxcmagvvVtLG6QOzLI81SJrhZrQIDPQ
 6HorDaM67DnhdNPZFQmkU7ZJWfMU4hQ7XXve7xIj4C4gHaIGJSuIiCbAY+bQFCyV
 FwIDAQABo0IwQDAdBgNVHQ4EFgQUBDid1p2ymzsG5zqsUyV5WTWr1GkwHwYDVR0j
 BBgwFoAUvR9rQ7nZNbRppsFuFDZJfPhzXAswDQYJKoZIhvcNAQELBQADggEBAHoc
 LgNJs84s+Y+MFHUtHT8Wx1HBPM0rdG9yMoEl/AF71sVFBDUmRp2P8bE43ehuGDnt
 eRc4o3OLCGTH5QUw1PfY+0HNN9b7xh3NqyhbcDmaFsni8/lzYfycN4kqoOK54Lzm
 R1lZZuJn+dArtsx/6QQ+xzxXU0txi7noNhqDHWVDlvYE1mDskhWnd1BkzENYCmA2
 8SjDhfpddooqJkC61yzyiR9TlMbNz/k+s8hui1c5Wr7aYziivq9FA7H0owFMaNEP
 9XjL3EI/W97zRG6VSQcnba1BFQNqeOcZx6v5O+OzdlrRm+7lAMBQGVOB9hRJxct/
 TutBTMH1+BYCuOCoJfo=
 -----END CERTIFICATE-----
 )";
--- a/examples/grpc/chat/server/credentials/localhost.crt
+++ b/examples/grpc/chat/server/credentials/localhost.crt
@ -1,24 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIID+jCCAuKgAwIBAgIUeE21DpxD/pqYPrbpPguKo9mpQKswDQYJKoZIhvcNAQEL
 BQAwgZMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl
 cmxpbjEcMBoGA1UECgwTVGhlIFF0IENvbXBhbnkgR21iSDEMMAoGA1UECwwDUiZE
 MRIwEAYDVQQDDAlsb2NhbGhvc3QxIjAgBgkqhkiG9w0BCQEWE2Rlbm5pcy5vYmVy
 c3RAcXQuaW8wIBcNMjUwMjA0MDgzMjQxWhgPMjEyNTAxMTEwODMyNDFaMIGTMQsw
 CQYDVQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xHDAa
 BgNVBAoME1RoZSBRdCBDb21wYW55IEdtYkgxDDAKBgNVBAsMA1ImRDESMBAGA1UE
 AwwJbG9jYWxob3N0MSIwIAYJKoZIhvcNAQkBFhNkZW5uaXMub2JlcnN0QHF0Lmlv
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEolKk0gnBX1vm+elF/d
 tja7zqCXZWwz0/SlR77WhURLvkwYgMEAa2ZIKRaOObAMH83XO+0dczJOND/kT6z1
 TblC5+3r9K/GnRi/1tJGKHKRDaIJqXl6d+lmkEm5ToLIjTMqhctxHfuaqletoe0u
 kTY8m1xDG7UaSdIQvttXA8JqT5WDAl79Y+OnXXRxnYIEzOqSICNgzW4KP3i4aRW9
 FbyGd/FdgqT+Oy9L+l1RTGfMK47p9DUsMTxcmagvvVtLG6QOzLI81SJrhZrQIDPQ
 6HorDaM67DnhdNPZFQmkU7ZJWfMU4hQ7XXve7xIj4C4gHaIGJSuIiCbAY+bQFCyV
 FwIDAQABo0IwQDAdBgNVHQ4EFgQUBDid1p2ymzsG5zqsUyV5WTWr1GkwHwYDVR0j
 BBgwFoAUvR9rQ7nZNbRppsFuFDZJfPhzXAswDQYJKoZIhvcNAQELBQADggEBAHoc
 LgNJs84s+Y+MFHUtHT8Wx1HBPM0rdG9yMoEl/AF71sVFBDUmRp2P8bE43ehuGDnt
 eRc4o3OLCGTH5QUw1PfY+0HNN9b7xh3NqyhbcDmaFsni8/lzYfycN4kqoOK54Lzm
 R1lZZuJn+dArtsx/6QQ+xzxXU0txi7noNhqDHWVDlvYE1mDskhWnd1BkzENYCmA2
 8SjDhfpddooqJkC61yzyiR9TlMbNz/k+s8hui1c5Wr7aYziivq9FA7H0owFMaNEP
 9XjL3EI/W97zRG6VSQcnba1BFQNqeOcZx6v5O+OzdlrRm+7lAMBQGVOB9hRJxct/
 TutBTMH1+BYCuOCoJfo=
 -----END CERTIFICATE-----
--- a/examples/grpc/chat/server/main.cpp
+++ b/examples/grpc/chat/server/main.cpp
@ -5,6 +5,7 @@
 #include "chatmessages.pb.h"
 #include "qtgrpcchat.grpc.pb.h"
 #include "credentials/certificates.h"
 #include <grpc++/grpc++.h>
 #include <grpc++/security/server_credentials.h>
@ -17,7 +18,6 @@
 #include <memory>
 #include <mutex>
 #include <queue>
 #include <sstream>
 #include <string>
 #include <vector>
@ -38,18 +38,6 @@ std::istream &operator>>(std::istream &is, chat::Credentials &u)
    return is;
 }
 std::string readFromFile(const std::string &path)
 {
    std::ifstream file(path);
    if (!file.is_open()) {
        std::cerr << "Failed to open " << path << '\n';
        std::terminate();
    }
    std::stringstream ss;
    ss << file.rdbuf();
    return ss.str();
 }
 } // namespace
 class QtGrpcChatService;
@ -374,8 +362,8 @@ int main(int /* argc */, char * /* argv */[])
 //! [server-ssl]
        grpc::SslServerCredentialsOptions sslOpts;
        sslOpts.pem_key_cert_pairs.emplace_back(grpc::SslServerCredentialsOptions::PemKeyCertPair{
-            readFromFile(SERVER_DIR "/credentials/localhost.key"),
+            LocalhostKey,
-            readFromFile(SERVER_DIR "/credentials/localhost.crt"),
+            LocalhostCert,
        });
        builder.AddListeningPort(QtGrpcChatService::httpsAddress(), grpc::SslServerCredentials(sslOpts));
        builder.AddListeningPort(QtGrpcChatService::httpAddress(), grpc::InsecureServerCredentials());