mirror of
https://github.com/Telecominfraproject/wlan-cloud-ucentralgw.git
synced 2026-03-20 03:41:02 +00:00
Compare commits
9 Commits
fix_deadlo
...
v4.0.0
| Author | SHA1 | Date | |
|---|---|---|---|
|
91fe27e973 | ||
|
|
f8d714d04b | ||
|
|
a5d1eebe6d | ||
|
|
ee14f064c8 | ||
|
|
dbf52c1f23 | ||
|
|
9dc6a6bf97 | ||
|
|
1c0556f8bf | ||
|
|
d298139525 | ||
|
|
a37c961f5b |
2
.github/workflows/ci.yml
vendored
2
.github/workflows/ci.yml
vendored
@@ -21,7 +21,7 @@ defaults:
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
|
||||
DOCKER_REGISTRY_USERNAME: ucentral
|
||||
|
||||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@@ -11,7 +11,7 @@ defaults:
|
||||
|
||||
jobs:
|
||||
helm-package:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
HELM_REPO_URL: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
|
||||
HELM_REPO_USERNAME: ucentral
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
cmake_minimum_required(VERSION 3.13)
|
||||
project(owgw VERSION 3.2.1)
|
||||
project(owgw VERSION 4.0.0)
|
||||
|
||||
set(CMAKE_CXX_STANDARD 20)
|
||||
set(CMAKE_CXX_STANDARD_REQUIRED True)
|
||||
|
||||
@@ -9,7 +9,7 @@ fullnameOverride: ""
|
||||
images:
|
||||
owgw:
|
||||
repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owgw
|
||||
tag: master
|
||||
tag: v4.0.0
|
||||
pullPolicy: Always
|
||||
# regcred:
|
||||
# registry: tip-tip-wlan-cloud-ucentral.jfrog.io
|
||||
|
||||
@@ -561,14 +561,14 @@ namespace OpenWifi {
|
||||
void AP_WS_Connection::OnSocketShutdown(
|
||||
[[maybe_unused]] const Poco::AutoPtr<Poco::Net::ShutdownNotification> &pNf) {
|
||||
poco_trace(Logger_, fmt::format("SOCKET-SHUTDOWN({}): Closing.", CId_));
|
||||
std::lock_guard G(ConnectionMutex_);
|
||||
// std::lock_guard G(ConnectionMutex_);
|
||||
return EndConnection();
|
||||
}
|
||||
|
||||
void AP_WS_Connection::OnSocketError(
|
||||
[[maybe_unused]] const Poco::AutoPtr<Poco::Net::ErrorNotification> &pNf) {
|
||||
poco_trace(Logger_, fmt::format("SOCKET-ERROR({}): Closing.", CId_));
|
||||
std::lock_guard G(ConnectionMutex_);
|
||||
// std::lock_guard G(ConnectionMutex_);
|
||||
return EndConnection();
|
||||
}
|
||||
|
||||
@@ -652,10 +652,9 @@ namespace OpenWifi {
|
||||
|
||||
case Poco::Net::WebSocket::FRAME_OP_TEXT: {
|
||||
poco_trace(Logger_,
|
||||
fmt::format("FRAME({}): Frame received (length={}, flags={}). Msg={}",
|
||||
CId_, IncomingSize, flags, IncomingFrame.begin()));
|
||||
fmt::format("FRAME({}): Frame received (length={}, flags={}). Msg={}",
|
||||
CId_, IncomingSize, flags, IncomingFrame.begin()));
|
||||
|
||||
|
||||
Poco::JSON::Parser parser;
|
||||
auto ParsedMessage = parser.parse(IncomingFrame.begin());
|
||||
auto IncomingJSON = ParsedMessage.extract<Poco::JSON::Object::Ptr>();
|
||||
|
||||
@@ -57,9 +57,8 @@ namespace OpenWifi {
|
||||
if (request.find("Upgrade") != request.end() &&
|
||||
Poco::icompare(request["Upgrade"], "websocket") == 0) {
|
||||
Utils::SetThreadName("ws:conn-init");
|
||||
//session_id_++;
|
||||
auto new_session_id = session_id_.fetch_add(1, std::memory_order_seq_cst) + 1;
|
||||
return new AP_WS_RequestHandler(Logger_, new_session_id);
|
||||
session_id_++;
|
||||
return new AP_WS_RequestHandler(Logger_, session_id_);
|
||||
} else {
|
||||
return nullptr;
|
||||
}
|
||||
@@ -72,14 +71,18 @@ namespace OpenWifi {
|
||||
bool AP_WS_Server::ValidateCertificate(const std::string &ConnectionId,
|
||||
const Poco::Crypto::X509Certificate &Certificate) {
|
||||
if (IsCertOk()) {
|
||||
if (!Certificate.issuedBy(*IssuerCert_)) {
|
||||
poco_warning(
|
||||
Logger(),
|
||||
fmt::format("CERTIFICATE({}): issuer mismatch. Local='{}' Incoming='{}'",
|
||||
ConnectionId, IssuerCert_->issuerName(), Certificate.issuerName()));
|
||||
return false;
|
||||
// validate certificate agains trusted chain
|
||||
for (const auto &cert : ClientCasCerts_) {
|
||||
if (Certificate.issuedBy(cert)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
poco_warning(
|
||||
Logger(),
|
||||
fmt::format(
|
||||
"CERTIFICATE({}): issuer mismatch. Certificate not issued by any trusted CA",
|
||||
ConnectionId)
|
||||
);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
@@ -134,6 +137,13 @@ namespace OpenWifi {
|
||||
Context->addChainCertificate(Issuing);
|
||||
Context->addCertificateAuthority(Issuing);
|
||||
|
||||
// add certificates from clientcas to trust chain
|
||||
ClientCasCerts_ = Poco::Net::X509Certificate::readPEM(Svr.ClientCas());
|
||||
for (const auto &cert : ClientCasCerts_) {
|
||||
Context->addChainCertificate(cert);
|
||||
Context->addCertificateAuthority(cert);
|
||||
}
|
||||
|
||||
Poco::Crypto::RSAKey Key("", Svr.KeyFile(), Svr.KeyFilePassword());
|
||||
Context->usePrivateKey(Key);
|
||||
|
||||
@@ -515,27 +525,10 @@ namespace OpenWifi {
|
||||
Connection = SessionHint->second;
|
||||
Sessions_[sessionHash].erase(SessionHint);
|
||||
}
|
||||
std::atomic_bool duplicate_session = false;
|
||||
{
|
||||
auto deviceHash = MACHash::Hash(SerialNumber);
|
||||
std::lock_guard DeviceLock(SerialNumbersMutex_[deviceHash]);
|
||||
auto DeviceHint = SerialNumbers_[deviceHash].find(SerialNumber);
|
||||
if (DeviceHint == SerialNumbers_[deviceHash].end()) {
|
||||
// No duplicate connection go ahead and add new connection
|
||||
SerialNumbers_[deviceHash][SerialNumber] = Connection;
|
||||
}
|
||||
else {
|
||||
// Mark a duplicate session
|
||||
duplicate_session = true;
|
||||
poco_information(Logger(), fmt::format("[session ID: {}] Found a duplicate connection for device serial: {}", session_id, Utils::IntToSerialNumber(SerialNumber)));
|
||||
}
|
||||
}
|
||||
if (duplicate_session.load()){
|
||||
// This is only called if we have a duplicate session
|
||||
// We remove the new incoming session that we just added a few lines above, forcing the destructor for this new session while not impacting the pointers to the old session.
|
||||
std::lock_guard SessionLock(SessionMutex_[sessionHash]);
|
||||
Sessions_[sessionHash].erase(session_id);
|
||||
}
|
||||
|
||||
auto deviceHash = MACHash::Hash(SerialNumber);
|
||||
std::lock_guard DeviceLock(SerialNumbersMutex_[deviceHash]);
|
||||
SerialNumbers_[deviceHash][SerialNumber] = Connection;
|
||||
}
|
||||
|
||||
bool AP_WS_Server::EndSession(uint64_t session_id, uint64_t SerialNumber) {
|
||||
|
||||
@@ -223,6 +223,7 @@ namespace OpenWifi {
|
||||
mutable std::array<std::mutex,MACHashMax> SerialNumbersMutex_;
|
||||
|
||||
std::unique_ptr<Poco::Crypto::X509Certificate> IssuerCert_;
|
||||
std::vector<Poco::Crypto::X509Certificate> ClientCasCerts_;
|
||||
std::list<std::unique_ptr<Poco::Net::HTTPServer>> WebServers_;
|
||||
Poco::ThreadPool DeviceConnectionPool_{"ws:dev-pool", 4, 256};
|
||||
Poco::Net::SocketReactor Reactor_;
|
||||
|
||||
@@ -68,6 +68,16 @@ namespace OpenWifi {
|
||||
Context->addCertificateAuthority(Issuing);
|
||||
}
|
||||
|
||||
if (!client_cas_.empty()) {
|
||||
// add certificates specified in clientcas
|
||||
std::vector<Poco::Crypto::X509Certificate> Certs =
|
||||
Poco::Net::X509Certificate::readPEM(client_cas_);
|
||||
for (const auto &cert : Certs) {
|
||||
Context->addChainCertificate(cert);
|
||||
Context->addCertificateAuthority(cert);
|
||||
}
|
||||
}
|
||||
|
||||
Poco::Crypto::RSAKey Key("", key_file_, key_file_password_);
|
||||
Context->usePrivateKey(Key);
|
||||
|
||||
|
||||
@@ -45,6 +45,7 @@ namespace OpenWifi {
|
||||
[[nodiscard]] inline auto KeyFile() const { return key_file_; };
|
||||
[[nodiscard]] inline auto CertFile() const { return cert_file_; };
|
||||
[[nodiscard]] inline auto RootCA() const { return root_ca_; };
|
||||
[[nodiscard]] inline auto ClientCas() const { return client_cas_; };
|
||||
[[nodiscard]] inline auto KeyFilePassword() const { return key_file_password_; };
|
||||
[[nodiscard]] inline auto IssuerCertFile() const { return issuer_cert_file_; };
|
||||
[[nodiscard]] inline auto Name() const { return name_; };
|
||||
|
||||
Reference in New Issue
Block a user