Chg: update image tag in helm values to v2.11.0

Updating 2.11

CMakeLists.txt

@@ -37,7 +37,7 @@ if(GIT_FOUND AND EXISTS "${PROJECT_SOURCE_DIR}/.git")
     string(REGEX REPLACE "\n$" "" GIT_HASH "${GIT_HASH}")
 endif()
 
-add_definitions(-DAWS_CUSTOM_MEMORY_MANAGEMENT)
+add_definitions(-DAWS_CUSTOM_MEMORY_MANAGEMENT -DBOOST_NO_CXX98_FUNCTION_BASE=1)
 
 find_package(OpenSSL    REQUIRED)
 find_package(ZLIB       REQUIRED)
@@ -209,7 +209,7 @@ add_executable(owprov
         src/ProvWebSocketClient.cpp src/ProvWebSocketClient.h
         src/Tasks/VenueRebooter.h src/Tasks/VenueUpgrade.h
         src/sdks/SDK_fms.cpp src/sdks/SDK_fms.h
-        src/RESTAPI/RESTAPI_overrides_handler.cpp src/RESTAPI/RESTAPI_overrides_handler.h)
+        src/RESTAPI/RESTAPI_overrides_handler.cpp src/RESTAPI/RESTAPI_overrides_handler.h src/OpenRoamin_GlobalReach.cpp src/OpenRoamin_GlobalReach.h src/storage/storage_glblraccounts.cpp src/storage/storage_glblraccounts.h src/storage/storage_glblrcerts.cpp src/storage/storage_glblrcerts.h src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.h src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.h src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.cpp src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.h src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.cpp src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.h src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.h src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.h src/storage/storage_orion_accounts.cpp src/storage/storage_orion_accounts.h)
 
 target_link_libraries(owprov PUBLIC
         ${Poco_LIBRARIES}

build

@@ -1 +1 @@
-4
+32

config-samples/OpenRo.am Test.mobileconfig

@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>AutoJoin</key>
+			<true/>
+			<key>CaptiveBypass</key>
+			<false/>
+			<key>DisableAssociationMACRandomization</key>
+			<false/>
+			<key>DisplayedOperatorName</key>
+			<string>OpenRo.am</string>
+			<key>DomainName</key>
+			<string>openro.am</string>
+			<key>EAPClientConfiguration</key>
+			<dict>
+				<key>AcceptEAPTypes</key>
+				<array>
+					<integer>21</integer>
+				</array>
+				<key>OuterIdentity</key>
+				<string>anonymous@openro.am</string>
+				<key>TLSMaximumVersion</key>
+				<string>1.2</string>
+				<key>TLSMinimumVersion</key>
+				<string>1.2</string>
+				<key>TTLSInnerAuthentication</key>
+				<string>MSCHAPv2</string>
+				<key>UserName</key>
+				<string>420a5371-47d4-4d1d-b234-d17be4e54bb3@openro.am</string>
+				<key>UserPassword</key>
+				<string>XaHBCFhgGxi-mCK9XXdQ8</string>
+			</dict>
+			<key>EncryptionType</key>
+			<string>WPA2</string>
+			<key>HIDDEN_NETWORK</key>
+			<false/>
+			<key>IsHotspot</key>
+			<true/>
+			<key>NAIRealmNames</key>
+			<array>
+				<string>openro.am</string>
+			</array>
+			<key>PayloadDescription</key>
+			<string>Configures Wi-Fi settings</string>
+			<key>PayloadDisplayName</key>
+			<string>Wi-Fi</string>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.wifi.managed.12788EED-2E0C-4370-9411-4EEFC8D9ABB0</string>
+			<key>PayloadType</key>
+			<string>com.apple.wifi.managed</string>
+			<key>PayloadUUID</key>
+			<string>12788EED-2E0C-4370-9411-4EEFC8D9ABB0</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+			<key>ProxyType</key>
+			<string>None</string>
+			<key>RoamingConsortiumOIs</key>
+			<array>
+				<string>5A03BA0000</string>
+			</array>
+			<key>ServiceProviderRoamingEnabled</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDisplayName</key>
+	<string>OpenRo.am Test</string>
+	<key>PayloadIdentifier</key>
+	<string>openroam.44A21054-2F3F-437F-822A-C2F6766A2A23</string>
+	<key>PayloadOrganization</key>
+	<string>OpenRo.am</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>1D460B0F-9311-4FD2-A75D-BADA866BC31C</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>

helm/values.yaml

@@ -9,7 +9,7 @@ fullnameOverride: ""
 images:
   owprov:
     repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owprov
-    tag: v2.11.0-RC1
+    tag: v2.11.0
     pullPolicy: Always
 #    regcred:
 #      registry: tip-tip-wlan-cloud-ucentral.jfrog.io

openapi/openroaming_globalreach.yaml

@@ -0,0 +1,372 @@
+openapi: 3.0.1
+info:
+  title: OpenWiFi OpenRoaming Provisioning Model for Global Reach
+  description: Definitions and APIs to Open Roaming WiFi.
+  version: 2.5.0
+  license:
+    name: BSD3
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
+
+servers:
+  - url: 'https://localhost:16005/api/v1'
+
+security:
+  - bearerAuth: []
+  - ApiKeyAuth: []
+
+components:
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: X-API-KEY
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+
+  responses:
+    NotFound:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/NotFound'
+    Unauthorized:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Unauthorized'
+    Success:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Success'
+    BadRequest:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/BadRequest'
+
+  schemas:
+    GLBLRAccountInfo:
+      type: object
+      properties:
+        allOf:
+          $ref: 'https://github.com/Telecominfraproject/wlan-cloud-owprov/blob/main/openpapi/owprov.yaml#/components/schemas/ObjectInfo'
+        privateKey:
+          type: string
+        country:
+          type: string
+        province:
+          type: string
+        city:
+          type: string
+        organization:
+          type: string
+        commonName:
+          type: string
+        CSR:
+          type: string
+        CSRPrivateKey:
+          type: string
+        CSRPublicKey:
+          type: string
+        GlobalReachAcctId:
+          type: string
+
+    GLBLRCertificateInfo:
+      type: object
+      properties:
+        id:
+          type: string
+          format: uuid
+        name:
+          type: string
+        accountId:
+          type: string
+          format: uuid
+        csr:
+          type: string
+        certificate:
+          type: string
+        certificateChain:
+          type: string
+        certificateId:
+          type: string
+        expiresAt:
+          type: integer
+          format: int64
+        created:
+          type: integer
+          format: int64
+
+paths:
+  /openroaming/globalreach/accounts:
+    get:
+      tags:
+        - OpenRoaming-Global Reach
+      operationId: getOpenRoamingGlobalReachAccountList
+      summary: Retrieve account list.
+      parameters:
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of accounts
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+
+      responses:
+        200:
+          description: The list of accounts
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GLBLRAccountInfo'
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/globalreach/account/{name}:
+    get:
+      tags:
+        - OpenRoaming-Global Reach
+      operationId: getOpenRoamingGlobalReachAccount
+      summary: Retrieve account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - OpenRoaming-Global Reach
+      operationId: deleteOpenRoamingGlobalReachAccount
+      summary: Delete account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - OpenRoaming-Global Reach
+      operationId: createOpenRoamingGlobalReachAccount
+      summary: Create account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GLBLRAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - OpenRoaming-Global Reach
+      operationId: modifyOpenRoamingGlobalReachAccount
+      summary: Modify account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GLBLRAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/globalreach/certificates/{account}:
+    get:
+      tags:
+        - OpenRoaming-Global Reach Certificate
+      operationId: getOpenRoamingGlobalReachCertificateList
+      summary: Retrieve certificate list.
+      parameters:
+        - in: path
+          description: The account name
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of certificates
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+
+      responses:
+        200:
+          description: The list of certificates
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GLBLRCertificateInfo'
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/globalreach/certificate/{account}/{id}:
+    get:
+      tags:
+        - OpenRoaming-Global Reach Certificate
+      operationId: getOpenRoamingGlobalReachCertificate
+      summary: Retrieve certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: The certificate id in provisioning - not the certificate_id from GlobalReach
+          name: id
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRCertificateInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - OpenRoaming-Global Reach Certificate
+      operationId: deleteOpenRoamingGlobalReachCertificate
+      summary: Delete certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: The certificate id in provisioning - not the certificate_id from GlobalReach
+          name: id
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - OpenRoaming-Global Reach Certificate
+      operationId: createOpenRoamingGlobalReachCertificate
+      summary: Create certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: Must be set to "0"
+          name: id
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GLBLRCertificateInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRCertificateInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+

openapi/openroaming_orion.yaml

@@ -0,0 +1,195 @@
+openapi: 3.0.1
+info:
+  title: OpenWiFi OpenRoaming Provisioning Model for Google Orion
+  description: Definitions and APIs to Open Roaming WiFi.
+  version: 2.5.0
+  license:
+    name: BSD3
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
+
+servers:
+  - url: 'https://localhost:16005/api/v1'
+
+security:
+  - bearerAuth: []
+  - ApiKeyAuth: []
+
+components:
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: X-API-KEY
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+
+  responses:
+    NotFound:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/NotFound'
+    Unauthorized:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Unauthorized'
+    Success:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Success'
+    BadRequest:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/BadRequest'
+
+  schemas:
+    GooglOrionAccountInfo:
+      type: object
+      properties:
+        allOf:
+          $ref: 'https://github.com/Telecominfraproject/wlan-cloud-owprov/blob/main/openpapi/owprov.yaml#/components/schemas/ObjectInfo'
+        privateKey:
+          type: string
+        certificate:
+          type: string
+        cacerts:
+          type: array
+          items:
+            type: string
+
+paths:
+  /openroaming/orion/accounts:
+    get:
+      tags:
+        - OpenRoaming-Google Orion
+      operationId: getOpenRoamingGlobalReachAccountList
+      summary: Retrieve account list.
+      parameters:
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of accounts
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+
+      responses:
+        200:
+          description: The list of accounts
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GooglOrionAccountInfo'
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/orion/account/{id}:
+    get:
+      tags:
+        - OpenRoaming-Google Orion
+      operationId: getOpenRoamingGlobalReachAccount
+      summary: Retrieve account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/GooglOrionAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - OpenRoaming-Google Orion
+      operationId: deleteOpenRoamingGlobalReachAccount
+      summary: Delete account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - OpenRoaming-Google Orion
+      operationId: createOpenRoamingGlobalReachAccount
+      summary: Create account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GooglOrionAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GooglOrionAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - OpenRoaming-Google Orion
+      operationId: modifyOpenRoamingGlobalReachAccount
+      summary: Modify account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GooglOrionAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GooglOrionAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+

openapi/ow_or_ameriband.yaml

@@ -1,268 +0,0 @@
-openapi: 3.0.1
-info:
-  title: OpenWiFi Open roaming Ameriband Provisioning Model
-  description: Registration of an OpenRoaming profile with Ameriband for TIP OpenWifi.
-  version: 1.0.0
-  license:
-    name: BSD3
-    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
-
-servers:
-  - url: 'https://tip.regiatration.ameriband.com:8001/api/v1'
-
-security:
-  - bearerAuth: []
-
-components:
-  securitySchemes:
-    bearerAuth:
-      type: http
-      scheme: bearer
-
-  responses:
-    NotFound:
-      description: The specified resource was not found.
-      content:
-        application/json:
-          schema:
-            properties:
-              ErrorCode:
-                type: integer
-              ErrorDetails:
-                type: string
-              ErrorDescription:
-                type: string
-
-    Unauthorized:
-      description: The requested does not have sufficient rights to perform the operation.
-      content:
-        application/json:
-          schema:
-            properties:
-              ErrorCode:
-                type: integer
-                enum:
-                  - 0     # Success
-                  - 8     # INVALID_TOKEN
-                  - 9     # EXPIRED_TOKEN
-              ErrorDetails:
-                type: string
-              ErrorDescription:
-                type: string
-
-    Success:
-      description: The requested operation was performed.
-      content:
-        application/json:
-          schema:
-            properties:
-              Operation:
-                type: string
-              Details:
-                type: string
-              Code:
-                type: integer
-
-    BadRequest:
-      description: The requested operation failed.
-      content:
-        application/json:
-          schema:
-            properties:
-              ErrorCode:
-                type: integer
-              ErrorDetails:
-                type: string
-              ErrorDescription:
-                type: integer
-
-  schemas:
-    RegistrationRequest:
-      type: object
-      properties:
-        orgRequestId:
-          type: string
-          format: uuid
-          minLength: 36
-          maxLength: 36
-          example:
-            Client will generate a UUID that must be returned in the response.
-        orgAcceptedTermsAndConditions:
-          type: boolean
-          default: false
-        orgLegalName:
-          type: string
-          minLength: 1
-        orgWebSite:
-          type: string
-          format: url
-          minLength: 1
-        orgContact:
-          type: string
-          minLength: 1
-          example:
-            John Smith
-        orgEmail:
-          type: string
-          format: email
-          minLength: 1
-        orgPhone:
-          type: string
-          example:
-            (607)555-1234 or +1(223)555-1222
-        orgLocation:
-          type: string
-          example:
-            Boston, NH - LA, CA
-        orgCertificate:
-          type: string
-          minLength: 1
-          example:
-            This must be the entire PEM file content of the certificate, encoded using base64
-
-    RegistrationResponse:
-      type: object
-      properties:
-        orgRequestId:
-          type: string
-          format: uuid
-          minLength: 36
-          maxLength: 36
-          example:
-            This should be the same orgRequestId passed during registration.
-        orgNASID:
-          type: string
-          minLength: 10
-          description:
-            This is the NASID generated by Ameriband. It will be used by the operator as NASID when contacting Ameriband.
-        ameribandCertificate:
-          type: string
-          minLength: 1
-          example:
-            This must be the entire PEM file content of the certificate, encoded using base64
-
-    RegistrationInformationRequest:
-      type: object
-      properties:
-        link:
-          description: This should be the link where a potential registrant can read the terms and conditions of registering with Ameriband.
-          type: string
-          format: url
-          minLength: 1
-          example:
-            https://ameriband.com/romain-registration.html
-
-paths:
-  /termsAndConditions:
-    get:
-      summary: The registrant must be given a chance to view the terms and conditions of the relationship they are entering into
-      operationId: getTermsAndConditions
-      responses:
-        200:
-          description: Sucessfully retrieved Terms and Conditions
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RegistrationInformationRequest'
-        404:
-          $ref: '#/components/responses/Unauthorized'
-
-  /registration:
-    get:
-      tags:
-        - Registration
-      operationId: getRegistrationInformation
-      summary: This should return the information from a registration based on the NASID
-      parameters:
-        - in: query
-          name: orgNASID
-          schema:
-            type: string
-          required: true
-          example:
-            This is the orgNASID returned during registration.
-      responses:
-        200:
-          $ref: '#/components/schemas/RegistrationResponse'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-        404:
-          $ref: '#/components/responses/NotFound'
-
-    post:
-      summary: Called when the registrant ahs read the T&Cs and iw willing to submit their information to enter in a partnership
-      tags:
-        - Registration
-      operationId: createRegistration
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/RegistrationRequest'
-      responses:
-        200:
-          description: Succesfully registered
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RegistrationResponse'
-        400:
-          description: Registration failed due to  missing or incomplete information
-          $ref: '#/components/responses/BadRequest'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-
-    put:
-      summary: Called when the registrant needs to update its information with Ameriband. The does not generate a new NASID.
-      tags:
-        - Registration
-      operationId: updateRegistration
-      parameters:
-        - in: query
-          name: orgNASID
-          schema:
-            type: string
-          required: true
-          example:
-            This is the orgNASID returned during registration.
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/RegistrationRequest'
-      responses:
-        200:
-          description: Succesfully found the information based on the orgNASID
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RegistrationResponse'
-        400:
-          $ref: '#/components/responses/BadRequest'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-        404:
-          $ref: '#/components/responses/NotFound'
-
-    delete:
-      tags:
-        - Registration
-      summary: When a registrant wants to terminate a relationship with Ameriband. Ameriband should also delete all information from the registrant
-      operationId: deleteRegistration
-      parameters:
-        - in: query
-          name: orgNASID
-          schema:
-            type: string
-          required: true
-          example:
-            This is the orgNASID returned during registration.
-      responses:
-        204:
-          $ref: '#/components/responses/Success'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-        404:
-          $ref: '#/components/responses/NotFound'

src/AutoDiscovery.cpp

@@ -31,7 +31,49 @@ namespace OpenWifi {
 		poco_information(Logger(), "Stopped...");
 	};
 
-	void AutoDiscovery::run() {
+    void AutoDiscovery::ProcessPing(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                                    std::string &Compat, std::string &Conn, std::string &locale) {
+        if (P->has(uCentralProtocol::CONNECTIONIP))
+            Conn = P->get(uCentralProtocol::CONNECTIONIP).toString();
+        if (P->has(uCentralProtocol::FIRMWARE))
+            FW = P->get(uCentralProtocol::FIRMWARE).toString();
+        if (P->has(uCentralProtocol::SERIALNUMBER))
+            SN = P->get(uCentralProtocol::SERIALNUMBER).toString();
+        if (P->has(uCentralProtocol::COMPATIBLE))
+            Compat = P->get(uCentralProtocol::COMPATIBLE).toString();
+        if (P->has("locale")) {
+            locale = P->get("locale").toString();
+        }
+    }
+
+    void AutoDiscovery::ProcessConnect(const Poco::JSON::Object::Ptr &P, std::string &FW, std::string &SN,
+                                       std::string &Compat, std::string &Conn, std::string &locale) {
+        if (P->has(uCentralProtocol::CONNECTIONIP))
+            Conn = P->get(uCentralProtocol::CONNECTIONIP).toString();
+        if (P->has(uCentralProtocol::FIRMWARE))
+            FW = P->get(uCentralProtocol::FIRMWARE).toString();
+        if (P->has(uCentralProtocol::SERIALNUMBER))
+            SN = P->get(uCentralProtocol::SERIALNUMBER).toString();
+        if (P->has("locale")) {
+            locale = P->get("locale").toString();
+        }
+        if(P->has(uCentralProtocol::CAPABILITIES)) {
+            auto CapObj = P->getObject(uCentralProtocol::CAPABILITIES);
+            if (CapObj->has(uCentralProtocol::COMPATIBLE))
+                Compat = CapObj->get(uCentralProtocol::COMPATIBLE).toString();
+        }
+    }
+
+    void AutoDiscovery::ProcessDisconnect(const Poco::JSON::Object::Ptr &P, [[maybe_unused]] std::string &FW,
+                                            std::string &SN,
+                                          [[maybe_unused]] std::string &Compat,
+                                          [[maybe_unused]] std::string &Conn,
+                                          [[maybe_unused]] std::string &locale) {
+        if (P->has(uCentralProtocol::SERIALNUMBER))
+            SN = P->get(uCentralProtocol::SERIALNUMBER).toString();
+    }
+
+    void AutoDiscovery::run() {
 		Poco::AutoPtr<Poco::Notification> Note(Queue_.waitDequeueNotification());
 		Utils::SetThreadName("auto-discovery");
 		while (Note && Running_) {
@@ -40,43 +82,31 @@ namespace OpenWifi {
 				try {
 					Poco::JSON::Parser Parser;
 					auto Object = Parser.parse(Msg->Payload()).extract<Poco::JSON::Object::Ptr>();
+                    bool    Connected=true;
 
 					if (Object->has(uCentralProtocol::PAYLOAD)) {
-						auto PayloadObj = Object->getObject(uCentralProtocol::PAYLOAD);
-						std::string ConnectedIP, SerialNumber, DeviceType;
-						if (PayloadObj->has(uCentralProtocol::CONNECTIONIP))
-							ConnectedIP =
-								PayloadObj->get(uCentralProtocol::CONNECTIONIP).toString();
-						if (PayloadObj->has(uCentralProtocol::CAPABILITIES)) {
-							auto CapObj = PayloadObj->getObject(uCentralProtocol::CAPABILITIES);
-							if (CapObj->has(uCentralProtocol::COMPATIBLE)) {
-								DeviceType = CapObj->get(uCentralProtocol::COMPATIBLE).toString();
-								SerialNumber = PayloadObj->get(uCentralProtocol::SERIAL).toString();
-							}
-						} else if (PayloadObj->has(uCentralProtocol::PING)) {
-							auto PingMessage = PayloadObj->getObject(uCentralProtocol::PING);
-							if (PingMessage->has(uCentralProtocol::FIRMWARE) &&
-								PingMessage->has(uCentralProtocol::SERIALNUMBER) &&
-								PingMessage->has(uCentralProtocol::COMPATIBLE)) {
-								if (PingMessage->has(uCentralProtocol::CONNECTIONIP))
-									ConnectedIP =
-										PingMessage->get(uCentralProtocol::CONNECTIONIP).toString();
-								SerialNumber =
-									PingMessage->get(uCentralProtocol::SERIALNUMBER).toString();
-								DeviceType =
-									PingMessage->get(uCentralProtocol::COMPATIBLE).toString();
-							}
-						}
-						std::string Locale;
-						if (PayloadObj->has("locale"))
-							Locale = PayloadObj->get("locale").toString();
+                        auto PayloadObj = Object->getObject(uCentralProtocol::PAYLOAD);
+                        std::string ConnectedIP, SerialNumber, Compatible, Firmware, Locale ;
+                        if (PayloadObj->has(uCentralProtocol::PING)) {
+                            auto PingObj = PayloadObj->getObject("ping");
+                            ProcessPing(PingObj, Firmware, SerialNumber, Compatible, ConnectedIP, Locale);
+                        } else if(PayloadObj->has("capabilities")) {
+                            ProcessConnect(PayloadObj, Firmware, SerialNumber, Compatible, ConnectedIP, Locale);
+                        } else if(PayloadObj->has("disconnection")) {
+                            //  we ignore disconnection in provisioning
+                            Connected=false;
+                            ProcessConnect(PayloadObj, Firmware, SerialNumber, Compatible, ConnectedIP, Locale);
+                        } else {
+                            poco_debug(Logger(),fmt::format("Unknown message on 'connection' topic: {}",Msg->Payload()));
+                        }
 
-						if (!SerialNumber.empty()) {
-							StorageService()->InventoryDB().CreateFromConnection(
-								SerialNumber, ConnectedIP, DeviceType, Locale);
-						}
-					}
+                        if (!SerialNumber.empty() && Connected) {
+                            StorageService()->InventoryDB().CreateFromConnection(
+                                    SerialNumber, ConnectedIP, Compatible, Locale);
+                        }
+                    }
 				} catch (const Poco::Exception &E) {
+                    std::cout << "EX:" << Msg->Payload() << std::endl;
 					Logger().log(E);
 				} catch (...) {
 				}

src/AutoDiscovery.h

@@ -9,6 +9,7 @@
 
 #include "Poco/Notification.h"
 #include "Poco/NotificationQueue.h"
+#include "Poco/JSON/Object.h"
 
 namespace OpenWifi {
 
@@ -46,7 +47,14 @@ namespace OpenWifi {
 		Poco::Thread Worker_;
 		std::atomic_bool Running_ = false;
 
-		AutoDiscovery() noexcept
+        void ProcessPing(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                                        std::string &Compat, std::string &Conn, std::string &locale) ;
+        void ProcessConnect(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                         std::string &Compat, std::string &Conn, std::string &locale) ;
+        void ProcessDisconnect(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                            std::string &Compat, std::string &Conn, std::string &locale) ;
+
+        AutoDiscovery() noexcept
 			: SubSystemServer("AutoDiscovery", "AUTO-DISCOVERY", "discovery") {}
 	};
 

src/Daemon.cpp

@@ -23,6 +23,7 @@
 #include "UI_Prov_WebSocketNotifications.h"
 #include "framework/ConfigurationValidator.h"
 #include "framework/UI_WebSocketClientServer.h"
+#include "OpenRoamin_GlobalReach.h"
 
 namespace OpenWifi {
 	class Daemon *Daemon::instance_ = nullptr;
@@ -35,7 +36,9 @@ namespace OpenWifi {
 												ConfigurationValidator(), SerialNumberCache(),
 												AutoDiscovery(), JobController(),
 												UI_WebSocketClientServer(), FindCountryFromIP(),
-												Signup(), FileDownloader()});
+												Signup(), FileDownloader(),
+                                                OpenRoaming_GlobalReach()
+            });
 		}
 		return instance_;
 	}

src/FileDownloader.cpp

@@ -24,9 +24,8 @@ namespace OpenWifi {
 
 	void FileDownloader::onTimer([[maybe_unused]] Poco::Timer &timer) {
 		const static std::vector<std::pair<std::string, std::string>> Files{
-			{"https://raw.githubusercontent.com/blogic/ucentral-schema/main/ucentral.schema.json",
-			 "ucentral.schema.json"},
-			{"https://ucentral.io/ucentral.schema.pretty.json", "ucentral.schema.pretty.json"}};
+        {   "https://raw.githubusercontent.com/Telecominfraproject/wlan-ucentral-schema/main/ucentral.schema.json",
+			 "ucentral.schema.json"} };
 
 		Utils::SetThreadName("file-dmnldr");
 

src/Kafka_ProvUpdater.h

@@ -39,9 +39,7 @@ namespace OpenWifi {
 		Poco::JSON::Object Payload;
 		obj.to_json(Payload);
 		Payload.set("ObjectType", OT);
-		std::ostringstream OS;
-		Payload.stringify(OS);
-		KafkaManager()->PostMessage(KafkaTopics::PROVISIONING_CHANGE, Ops[op], std::make_shared<std::string>(OS.str()));
+		KafkaManager()->PostMessage(KafkaTopics::PROVISIONING_CHANGE, Ops[op], Payload);
 
 		return true;
 	}

src/OpenRoamin_GlobalReach.cpp

@@ -0,0 +1,196 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "OpenRoamin_GlobalReach.h"
+#include <Poco/JWT/Token.h>
+#include <Poco/JWT/Signer.h>
+#include <Poco/Net/HTTPSClientSession.h>
+#include <Poco/URI.h>
+#include <Poco/TemporaryFile.h>
+#include <Poco/JSON/Object.h>
+#include <Poco/JSON/Parser.h>
+#include <framework/RESTAPI_Handler.h>
+#include <framework/MicroServiceFuncs.h>
+#include <StorageService.h>
+
+namespace OpenWifi {
+
+    int OpenRoaming_GlobalReach::Start() {
+        poco_information(Logger(), "Starting...");
+        InitCache();
+        return 0;
+    }
+
+    void OpenRoaming_GlobalReach::Stop() {
+        poco_information(Logger(), "Stopping...");
+        poco_information(Logger(), "Stopped...");
+    }
+
+    void OpenRoaming_GlobalReach::InitCache() {
+
+        auto F=[&](const ProvObjects::GLBLRAccountInfo &Info) {
+            poco_information(Logger(),fmt::format("Adding {} to cache.",Info.info.name));
+            if(!Info.privateKey.empty() && !Info.GlobalReachAcctId.empty() ) {
+                MakeToken(Info.GlobalReachAcctId, Info.privateKey);
+            }
+            return true;
+        };
+
+        StorageService()->GLBLRAccountInfoDB().Iterate(F);
+    }
+
+    bool OpenRoaming_GlobalReach::CreateRADSECCertificate(
+            const std::string &GlobalReachAccountId,
+            const std::string &Name,
+            const std::string &CSR,
+            ProvObjects::GLBLRCertificateInfo &NewCertificate) {
+
+        try {
+            std::cout << __LINE__ << ":" << GlobalReachAccountId << std::endl;
+            auto BearerToken = MakeToken(GlobalReachAccountId);
+            Poco::URI URI{"https://config.openro.am/v1/radsec/issue"};
+            std::string Path(URI.getPathAndQuery());
+            Poco::Net::HTTPRequest Request(Poco::Net::HTTPRequest::HTTP_POST, Path,
+                                           Poco::Net::HTTPMessage::HTTP_1_1);
+            Request.add("Authorization", "Bearer " + BearerToken);
+
+            Poco::Net::HTTPSClientSession Session(URI.getHost(), URI.getPort());
+            Session.setTimeout(Poco::Timespan(10000, 10000));
+            Poco::JSON::Object CertRequestBody;
+            CertRequestBody.set("name", Name);
+            CertRequestBody.set("csr", CSR);
+
+            std::ostringstream os;
+            CertRequestBody.stringify(os);
+            Request.setContentType("application/json");
+            Request.setContentLength((long) os.str().size());
+
+            auto &Body = Session.sendRequest(Request);
+            Body << os.str();
+
+            Poco::Net::HTTPResponse Response;
+            std::istream &is = Session.receiveResponse(Response);
+            if (Response.getStatus() == Poco::Net::HTTPResponse::HTTP_OK) {
+                Poco::JSON::Parser P;
+                auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+                RESTAPIHandler::AssignIfPresent(Result,"certificate",NewCertificate.certificate);
+                RESTAPIHandler::AssignIfPresent(Result,"certificate_chain",NewCertificate.certificateChain);
+                RESTAPIHandler::AssignIfPresent(Result,"certificate_id",NewCertificate.certificateId);
+                RESTAPIHandler::AssignIfPresent(Result,"expires_at",NewCertificate.expiresAt);
+                return true;
+            }
+            Poco::JSON::Parser P;
+            std::ostringstream oos;
+            auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+            Result->stringify(oos);
+        } catch( const Poco::Exception &E) {
+            poco_error(Logger(),fmt::format("Could not create a new RADSEC certificate: {},{}",E.name(),E.displayText()));
+        }
+        return false;
+    }
+
+    bool OpenRoaming_GlobalReach::GetRADSECCertificate(
+        const std::string &GlobalReachAccountId,
+        std::string &CertificateId,
+        ProvObjects::GLBLRCertificateInfo &NewCertificate) {
+
+        try {
+            Poco::URI URI{fmt::format("https://config.openro.am/v1/radsec/cert/{}", CertificateId)};
+
+            std::string Path(URI.getPathAndQuery());
+
+            Poco::Net::HTTPRequest Request(Poco::Net::HTTPRequest::HTTP_GET, Path,
+                                           Poco::Net::HTTPMessage::HTTP_1_1);
+
+            auto BearerToken = MakeToken(GlobalReachAccountId);
+            Request.add("Authorization", "Bearer " + BearerToken);
+
+            Poco::Net::HTTPSClientSession Session(URI.getHost(), URI.getPort());
+            Session.setTimeout(Poco::Timespan(10000, 10000));
+
+            Session.sendRequest(Request);
+
+            Poco::Net::HTTPResponse Response;
+            std::istream &is = Session.receiveResponse(Response);
+            if (Response.getStatus() == Poco::Net::HTTPResponse::HTTP_OK) {
+                Poco::JSON::Parser P;
+                auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+                RESTAPIHandler::AssignIfPresent(Result,"certificate",NewCertificate.certificate);
+                RESTAPIHandler::AssignIfPresent(Result,"certificate_chain",NewCertificate.certificateChain);
+                RESTAPIHandler::AssignIfPresent(Result,"certificate_id",NewCertificate.certificateId);
+                RESTAPIHandler::AssignIfPresent(Result,"expires_at",NewCertificate.expiresAt);
+                return true;
+            }
+        } catch( const Poco::Exception &E) {
+            poco_error(Logger(),fmt::format("Could not retrieve the certificate from GlobalReach: {},{}",E.name(),E.displayText()));
+        }
+        return false;
+    }
+
+    std::string OpenRoaming_GlobalReach::MakeToken(const std::string &GlobalReachAccountId, const std::string &PrivateKey) {
+        try {
+            Poco::JWT::Token token;
+            token.setType("JWT");
+            token.setAlgorithm("ES256");
+            token.setIssuedAt(std::time(nullptr));
+
+            token.payload().set("iss", GlobalReachAccountId);
+            token.payload().set("iat", (unsigned long) std::time(nullptr));
+
+            Poco::SharedPtr<Poco::Crypto::ECKey> Key;
+            auto KeyHash = Utils::ComputeHash(PrivateKey);
+            auto KeyHint = PrivateKeys_.find(GlobalReachAccountId);
+            if (KeyHint != PrivateKeys_.end() && PrivateKey.empty() ) {
+                Key = KeyHint->second.second;
+            } else {
+                if (PrivateKey.empty()) {
+                    return "";
+                }
+                Poco::TemporaryFile F;
+                std::ofstream ofs(F.path().c_str(), std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+                ofs << PrivateKey;
+                ofs.close();
+                auto NewKey = Poco::SharedPtr<Poco::Crypto::ECKey>(
+                        new Poco::Crypto::ECKey("", F.path(), ""));
+                Key = NewKey;
+                PrivateKeys_[GlobalReachAccountId] = std::make_pair(KeyHash, NewKey);
+            }
+
+            Poco::JWT::Signer Signer;
+            Signer.setECKey(Key);
+            Signer.addAllAlgorithms();
+            return Signer.sign(token, Poco::JWT::Signer::ALGO_ES256);
+        } catch (const Poco::Exception &E) {
+            poco_error(Logger(),fmt::format("Cannot create a Global Reach token: {},{}",E.name(),E.displayText()));
+        }
+        return "";
+    }
+
+    bool OpenRoaming_GlobalReach::VerifyAccount(const std::string &GlobalReachAccountId, const std::string &PrivateKey, std::string &Name) {
+        auto BearerToken = MakeToken(GlobalReachAccountId, PrivateKey);
+
+        Poco::URI   URI{"https://config.openro.am/v1/config"};
+        std::string Path(URI.getPathAndQuery());
+        Poco::Net::HTTPRequest Request(Poco::Net::HTTPRequest::HTTP_GET, Path,
+                                       Poco::Net::HTTPMessage::HTTP_1_1);
+        Request.add("Authorization", "Bearer " + BearerToken);
+
+        Poco::Net::HTTPSClientSession Session(URI.getHost(), URI.getPort());
+        Session.setTimeout(Poco::Timespan(10000, 10000));
+        Session.sendRequest(Request);
+        Poco::Net::HTTPResponse Response;
+        std::istream &is = Session.receiveResponse(Response);
+        if(Response.getStatus()==Poco::Net::HTTPResponse::HTTP_OK) {
+            Poco::JSON::Parser P;
+            auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+            if(Result->has("name")) {
+                Name = Result->get("name").toString();
+            }
+            return true;
+        }
+        return false;
+    }
+
+
+} // OpenWifi

src/OpenRoamin_GlobalReach.h

@@ -0,0 +1,43 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+
+#include "framework/SubSystemServer.h"
+#include "Poco/JSON/Object.h"
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+
+namespace OpenWifi {
+
+    class OpenRoaming_GlobalReach : public SubSystemServer {
+    public:
+        static auto instance() {
+            static auto instance_ = new OpenRoaming_GlobalReach;
+            return instance_;
+        }
+
+        int Start() override;
+        void Stop() override;
+        bool CreateRADSECCertificate(const std::string &AccountName,
+                                     const std::string &Name,
+                                     const std::string &CSR,
+                                     ProvObjects::GLBLRCertificateInfo &NewCertificate);
+        bool GetRADSECCertificate(const std::string &AccountName, std::string & CertificateId, ProvObjects::GLBLRCertificateInfo &NewCertificate);
+        bool VerifyAccount(const std::string &GlobalReachAccountId, const std::string &PrivateKey, std::string &Name);
+        void InitCache();
+
+    private:
+        std::string MakeToken(const std::string &GlobalReachAccountId, const std::string &PrivateKey="");
+
+        std::map<std::string,std::pair<std::string,Poco::SharedPtr<Poco::Crypto::ECKey>>>   PrivateKeys_;
+
+        OpenRoaming_GlobalReach() noexcept
+                : SubSystemServer("OpenRoaming_GlobalReach", "GLBL-REACH", "globalreach") {
+        }
+    };
+
+    inline auto OpenRoaming_GlobalReach() { return OpenRoaming_GlobalReach::instance(); }
+
+} // OpenWifi
+

src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.cpp

@@ -0,0 +1,125 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_acct_handler.h"
+#include "OpenRoamin_GlobalReach.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_acct_handler::DoGet() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        ProvObjects::GLBLRAccountInfo   Record;
+        if(DB_.GetRecord("id",Account,Record)) {
+            return ReturnObject(Record);
+        }
+        return NotFound();
+    }
+
+    void RESTAPI_openroaming_gr_acct_handler::DoDelete() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        ProvObjects::GLBLRAccountInfo   Record;
+        if(!DB_.GetRecord("id",Account,Record)) {
+            return NotFound();
+        }
+
+        StorageService()->GLBLRCertsDB().DeleteRecords(fmt::format(" accountId='{}' ", Account));
+        DB_.DeleteRecord("id", Account);
+
+        return OK();
+    }
+
+    void RESTAPI_openroaming_gr_acct_handler::DoPost() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        ProvObjects::GLBLRAccountInfo    NewObject;
+        if( !NewObject.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(NewObject.privateKey.empty() || NewObject.GlobalReachAcctId.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(!NewObject.privateKey.empty() && !Utils::VerifyECKey(NewObject.privateKey)) {
+            return BadRequest(RESTAPI::Errors::NotAValidECKey);
+        }
+
+        std::string GlobalReachName;
+        if(!OpenRoaming_GlobalReach()->VerifyAccount(NewObject.GlobalReachAcctId,NewObject.privateKey,GlobalReachName)) {
+            return BadRequest(RESTAPI::Errors::InvalidGlobalReachAccount);
+        }
+
+        if( NewObject.commonName.empty() || NewObject.organization.empty() ||
+            NewObject.city.empty() || NewObject.province.empty() || NewObject.country.empty() ) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        Utils::CSRCreationParameters    P;
+        P.Country = NewObject.country;
+        P.CommonName = NewObject.commonName;
+        P.Province = NewObject.province;
+        P.City = NewObject.city;
+        P.Organization = NewObject.organization;
+        Utils::CSRCreationResults       R;
+        if(!Utils::CreateX509CSR(P,R)) {
+            return BadRequest(RESTAPI::Errors::CannotCreateCSR);
+        }
+
+        NewObject.CSR = R.CSR;
+        NewObject.CSRPublicKey = R.PublicKey;
+        NewObject.CSRPrivateKey = R.PrivateKey;
+
+        ProvObjects::CreateObjectInfo(RawObject,UserInfo_.userinfo,NewObject.info);
+
+        if(DB_.CreateRecord(NewObject)) {
+            ProvObjects::GLBLRAccountInfo StoredObject;
+            DB_.GetRecord("id",NewObject.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_openroaming_gr_acct_handler::DoPut() {
+        auto Account = GetBinding("account","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        ProvObjects::GLBLRAccountInfo    Modify;
+        if(!Modify.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        ProvObjects::GLBLRAccountInfo    Existing;
+        if(!DB_.GetRecord("id",Account,Existing)) {
+            return NotFound();
+        }
+
+        if(!ProvObjects::UpdateObjectInfo(RawObject,UserInfo_.userinfo,Existing.info)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(DB_.UpdateRecord("id",Existing.info.id,Existing)) {
+            ProvObjects::GLBLRAccountInfo StoredObject;
+            DB_.GetRecord("id",Existing.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotUpdated);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.h

@@ -0,0 +1,31 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/account/{id}"}; };
+
+    private:
+        GLBLRAccountInfoDB &DB_ = StorageService()->GLBLRAccountInfoDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final;
+        void DoDelete() final;
+    };
+} // namespace OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.cpp

@@ -0,0 +1,82 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_cert_handler.h"
+#include <OpenRoamin_GlobalReach.h>
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_cert_handler::DoGet() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+
+        if(Account.empty() || Id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(!StorageService()->GLBLRAccountInfoDB().Exists("id",Account)) {
+            return NotFound();
+        }
+
+        std::vector<ProvObjects::GLBLRCertificateInfo>  Certificates;
+        DB_.GetRecords(0,1,Certificates,fmt::format(" accountId='{}' and id='{}' ", Account, Id));
+        if(Certificates.empty()) {
+            return NotFound();
+        }
+        return ReturnObject(Certificates[0]);
+    }
+
+    void RESTAPI_openroaming_gr_cert_handler::DoDelete() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+        if(Account.empty() || Id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(!StorageService()->GLBLRAccountInfoDB().Exists("id",Account)) {
+            return NotFound();
+        }
+
+        DB_.DeleteRecords(fmt::format(" accountId='{}' and id='{}' ", Account, Id));
+        return OK();
+    }
+
+    void RESTAPI_openroaming_gr_cert_handler::DoPost() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+
+        if(Account.empty() || Id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        ProvObjects::GLBLRCertificateInfo   NewObject;
+        if( !NewObject.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(NewObject.name.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        ProvObjects::GLBLRAccountInfo   AccountInfo;
+        if(!StorageService()->GLBLRAccountInfoDB().GetRecord("id",Account, AccountInfo)) {
+            return BadRequest(RESTAPI::Errors::InvalidGlobalReachAccount);
+        }
+
+        if(OpenRoaming_GlobalReach()->CreateRADSECCertificate(AccountInfo.GlobalReachAcctId,NewObject.name,AccountInfo.CSR, NewObject)) {
+            NewObject.id = MicroServiceCreateUUID();
+            NewObject.accountId = Account;
+            NewObject.created = Utils::Now();
+            NewObject.csr = AccountInfo.CSR;
+            DB_.CreateRecord(NewObject);
+            ProvObjects::GLBLRCertificateInfo   CreatedObject;
+            DB_.GetRecord("id",NewObject.id,CreatedObject);
+            return ReturnObject(CreatedObject);
+        }
+
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.h

@@ -0,0 +1,30 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_cert_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_cert_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                            RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                            bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/certificate/{account}/{id}"}; };
+
+    private:
+        GLBLRCertsDB &DB_ = StorageService()->GLBLRCertsDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final {};
+        void DoDelete() final;
+    };
+} // namespace OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.cpp

@@ -0,0 +1,20 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_list_acct_handler.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_list_acct_handler::DoGet() {
+
+        if(GetBoolParameter("countOnly")) {
+            return ReturnCountOnly(DB_.Count());
+        }
+
+        std::vector<ProvObjects::GLBLRAccountInfo>  Accounts;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Accounts);
+        return ReturnObject(Accounts);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.h

@@ -0,0 +1,29 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_list_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_list_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/accounts"}; };
+
+    private:
+        GLBLRAccountInfoDB &DB_ = StorageService()->GLBLRAccountInfoDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final{};
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.cpp

@@ -0,0 +1,27 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_list_certificates.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_list_certificates::DoGet() {
+
+        auto Account = GetBinding("account","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        auto Where = fmt::format(" accountId='{}'", Account);
+
+        if(GetBoolParameter("countOnly")) {
+            return ReturnCountOnly(DB_.Count(Where));
+        }
+
+        std::vector<ProvObjects::GLBLRCertificateInfo>  Certificates;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Certificates, Where);
+        return ReturnObject(Certificates);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.h

@@ -0,0 +1,29 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_list_certificates : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_list_certificates(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/certificates/{account}"}; };
+
+    private:
+        GLBLRCertsDB &DB_ = StorageService()->GLBLRCertsDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final{};
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi
+

src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.cpp

@@ -0,0 +1,100 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#include "RESTAPI_openroaming_orion_acct_handler.h"
+#include "OpenRoamin_GlobalReach.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_orion_acct_handler::DoGet() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        ProvObjects::GooglOrionAccountInfo   Record;
+        if(DB_.GetRecord("id",Account,Record)) {
+            return ReturnObject(Record);
+        }
+        return NotFound();
+    }
+
+    void RESTAPI_openroaming_orion_acct_handler::DoDelete() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        ProvObjects::GooglOrionAccountInfo   Record;
+        if(!DB_.GetRecord("id",Account,Record)) {
+            return NotFound();
+        }
+        DB_.DeleteRecord("id", Account);
+        return OK();
+    }
+
+    void RESTAPI_openroaming_orion_acct_handler::DoPost() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        ProvObjects::GooglOrionAccountInfo    NewObject;
+        if( !NewObject.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if( NewObject.privateKey.empty()    ||
+            NewObject.certificate.empty()   ||
+            NewObject.cacerts.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if( !Utils::VerifyECKey(NewObject.privateKey)           ||
+            !Utils::ValidX509Certificate(NewObject.certificate) ||
+            !Utils::ValidX509Certificate(NewObject.cacerts)) {
+            return BadRequest(RESTAPI::Errors::NotAValidECKey);
+        }
+
+        ProvObjects::CreateObjectInfo(RawObject,UserInfo_.userinfo,NewObject.info);
+
+        if(DB_.CreateRecord(NewObject)) {
+            ProvObjects::GooglOrionAccountInfo StoredObject;
+            DB_.GetRecord("id",NewObject.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_openroaming_orion_acct_handler::DoPut() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        ProvObjects::GLBLRAccountInfo    Modify;
+        if(!Modify.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        ProvObjects::GooglOrionAccountInfo    Existing;
+        if(!DB_.GetRecord("id",Account,Existing)) {
+            return NotFound();
+        }
+
+        if(!ProvObjects::UpdateObjectInfo(RawObject,UserInfo_.userinfo,Existing.info)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(DB_.UpdateRecord("id",Existing.info.id,Existing)) {
+            ProvObjects::GooglOrionAccountInfo StoredObject;
+            DB_.GetRecord("id",Existing.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotUpdated);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.h

@@ -0,0 +1,31 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_orion_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_orion_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                    RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                    bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/orion/account/{id}"}; };
+
+    private:
+        OrionAccountsDB &DB_ = StorageService()->OrionAccountsDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final;
+        void DoDelete() final;
+    };
+} // namespace OpenWifi

src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.cpp

@@ -0,0 +1,21 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#include "RESTAPI_openroaming_orion_list_acct_handler.h"
+
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_orion_list_acct_handler::DoGet() {
+
+        if(GetBoolParameter("countOnly")) {
+            return ReturnCountOnly(DB_.Count());
+        }
+
+        std::vector<ProvObjects::GooglOrionAccountInfo>  Accounts;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Accounts);
+        return ReturnObject(Accounts);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.h

@@ -0,0 +1,29 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_orion_list_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_orion_list_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/orion/accounts"}; };
+
+    private:
+        OrionAccountsDB &DB_ = StorageService()->OrionAccountsDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final{};
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi
+

src/RESTAPI/RESTAPI_routers.cpp

@@ -35,6 +35,12 @@
 #include "RESTAPI/RESTAPI_variables_list_handler.h"
 #include "RESTAPI/RESTAPI_venue_handler.h"
 #include "RESTAPI/RESTAPI_venue_list_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_acct_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_cert_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_list_certificates.h"
+#include "RESTAPI/RESTAPI_openroaming_orion_acct_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.h"
 
 #include "framework/RESTAPI_SystemCommand.h"
 #include "framework/RESTAPI_WebSocketServer.h"
@@ -60,7 +66,10 @@ namespace OpenWifi {
 			RESTAPI_operators_list_handler, RESTAPI_service_class_handler,
 			RESTAPI_service_class_list_handler, RESTAPI_op_contact_handler,
 			RESTAPI_op_contact_list_handler, RESTAPI_op_location_handler,
-			RESTAPI_op_location_list_handler, RESTAPI_asset_server, RESTAPI_overrides_handler>(
+			RESTAPI_op_location_list_handler, RESTAPI_asset_server, RESTAPI_overrides_handler,
+            RESTAPI_openroaming_gr_acct_handler, RESTAPI_openroaming_gr_list_acct_handler,
+            RESTAPI_openroaming_gr_cert_handler, RESTAPI_openroaming_gr_list_certificates,
+            RESTAPI_openroaming_orion_acct_handler, RESTAPI_openroaming_orion_list_acct_handler>(
 			Path, Bindings, L, S, TransactionId);
 	}
 
@@ -82,7 +91,10 @@ namespace OpenWifi {
 			RESTAPI_operators_list_handler, RESTAPI_service_class_handler,
 			RESTAPI_service_class_list_handler, RESTAPI_op_contact_handler,
 			RESTAPI_op_contact_list_handler, RESTAPI_op_location_handler,
-			RESTAPI_op_location_list_handler, RESTAPI_overrides_handler>(Path, Bindings, L, S,
+			RESTAPI_op_location_list_handler, RESTAPI_overrides_handler,
+            RESTAPI_openroaming_gr_acct_handler, RESTAPI_openroaming_gr_list_acct_handler,
+            RESTAPI_openroaming_gr_cert_handler, RESTAPI_openroaming_gr_list_certificates,
+            RESTAPI_openroaming_orion_acct_handler, RESTAPI_openroaming_orion_list_acct_handler>(Path, Bindings, L, S,
 																		 TransactionId);
 	}
 } // namespace OpenWifi

src/RESTObjects/RESTAPI_ProvObjects.cpp

@@ -1194,4 +1194,89 @@ namespace OpenWifi::ProvObjects {
 		return false;
 	}
 
+    void GLBLRAccountInfo::to_json(Poco::JSON::Object &Obj) const {
+        info.to_json(Obj);
+        field_to_json(Obj, "privateKey", privateKey);
+        field_to_json(Obj, "country", country);
+        field_to_json(Obj, "province", province);
+        field_to_json(Obj, "city", city);
+        field_to_json(Obj, "organization", organization);
+        field_to_json(Obj, "commonName", commonName);
+        field_to_json(Obj, "CSR", CSR);
+        field_to_json(Obj, "CSRPrivateKey", CSRPrivateKey);
+        field_to_json(Obj, "CSRPublicKey", CSRPublicKey);
+        field_to_json(Obj, "GlobalReachAcctId", GlobalReachAcctId);
+    }
+
+    bool GLBLRAccountInfo::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            info.from_json(Obj);
+            field_from_json(Obj, "privateKey", privateKey);
+            field_from_json(Obj, "country", country);
+            field_from_json(Obj, "province", province);
+            field_from_json(Obj, "city", city);
+            field_from_json(Obj, "organization", organization);
+            field_from_json(Obj, "commonName", commonName);
+            field_from_json(Obj, "CSR", CSR);
+            field_from_json(Obj, "CSRPrivateKey", CSRPrivateKey);
+            field_from_json(Obj, "CSRPublicKey", CSRPublicKey);
+            field_from_json(Obj, "GlobalReachAcctId", GlobalReachAcctId);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void GLBLRCertificateInfo::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "id", id);
+        field_to_json(Obj, "name", name);
+        field_to_json(Obj, "accountId", accountId);
+        field_to_json(Obj, "csr", csr);
+        field_to_json(Obj, "certificate", certificate);
+        field_to_json(Obj, "certificateChain", certificateChain);
+        field_to_json(Obj, "certificateId", certificateId);
+        field_to_json(Obj, "expiresAt", expiresAt);
+        field_to_json(Obj, "created", created);
+    }
+
+    bool GLBLRCertificateInfo::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "id", id);
+            field_from_json(Obj, "name", name);
+            field_from_json(Obj, "accountId", accountId);
+            field_from_json(Obj, "csr", csr);
+            field_from_json(Obj, "certificate", certificate);
+            field_from_json(Obj, "certificateChain", certificateChain);
+            field_from_json(Obj, "certificateId", certificateId);
+            field_from_json(Obj, "expiresAt", expiresAt);
+            field_from_json(Obj, "created", created);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void GooglOrionAccountInfo::to_json(Poco::JSON::Object &Obj) const {
+        info.to_json(Obj);
+        field_to_json(Obj, "privateKey", privateKey);
+        field_to_json(Obj, "certificate", certificate);
+        field_to_json(Obj, "cacerts", cacerts);
+    }
+
+    bool GooglOrionAccountInfo::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            info.from_json(Obj);
+            field_from_json(Obj, "privateKey", privateKey);
+            field_from_json(Obj, "certificate", certificate);
+            field_from_json(Obj, "cacerts", cacerts);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+
 } // namespace OpenWifi::ProvObjects

src/RESTObjects/RESTAPI_ProvObjects.h

@@ -746,4 +746,41 @@ namespace OpenWifi::ProvObjects {
 	bool CreateObjectInfo(const Poco::JSON::Object::Ptr &O, const SecurityObjects::UserInfo &U,
 						  ObjectInfo &I);
 	bool CreateObjectInfo(const SecurityObjects::UserInfo &U, ObjectInfo &I);
+
+    struct GLBLRAccountInfo {
+        ObjectInfo      info;
+        std::string     privateKey;
+        std::string     country, province, city, organization, commonName;
+        std::string     CSR, CSRPrivateKey, CSRPublicKey;
+        std::string     GlobalReachAcctId;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct GLBLRCertificateInfo {
+        std::string     id;
+        std::string     name;
+        std::string     accountId;
+        std::string     csr;
+        std::string     certificate;
+        std::string     certificateChain;
+        std::string     certificateId;
+        std::uint64_t   expiresAt=0;
+        std::uint64_t   created=0;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
+    struct GooglOrionAccountInfo {
+        ObjectInfo                  info;
+        std::string                 privateKey;
+        std::string                 certificate;
+        std::vector<std::string>    cacerts;
+
+        void to_json(Poco::JSON::Object &Obj) const;
+        bool from_json(const Poco::JSON::Object::Ptr &Obj);
+    };
+
 }; // namespace OpenWifi::ProvObjects

src/StorageService.cpp

@@ -39,6 +39,9 @@ namespace OpenWifi {
 		OpLocationDB_ = std::make_unique<OpenWifi::OpLocationDB>(dbType_, *Pool_, Logger());
 		OpContactDB_ = std::make_unique<OpenWifi::OpContactDB>(dbType_, *Pool_, Logger());
 		OverridesDB_ = std::make_unique<OpenWifi::OverridesDB>(dbType_, *Pool_, Logger());
+        GLBLRAccountInfoDB_ = std::make_unique<OpenWifi::GLBLRAccountInfoDB>(dbType_, *Pool_, Logger());
+        GLBLRCertsDB_ = std::make_unique<OpenWifi::GLBLRCertsDB>(dbType_, *Pool_, Logger());
+        OrionAccountsDB_ = std::make_unique<OpenWifi::OrionAccountsDB>(dbType_, *Pool_, Logger());
 
 		EntityDB_->Create();
 		PolicyDB_->Create();
@@ -59,6 +62,9 @@ namespace OpenWifi {
 		OpLocationDB_->Create();
 		OpContactDB_->Create();
 		OverridesDB_->Create();
+        GLBLRAccountInfoDB_->Create();
+        GLBLRCertsDB_->Create();
+        OrionAccountsDB_->Create();
 
 		ExistFunc_[EntityDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
 			return EntityDB_->Exists(F, V);
@@ -117,8 +123,19 @@ namespace OpenWifi {
 		ExistFunc_[OverridesDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
 			return OverridesDB_->Exists(F, V);
 		};
+        ExistFunc_[GLBLRAccountInfoDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return GLBLRAccountInfoDB_->Exists(F, V);
+        };
+        ExistFunc_[GLBLRCertsDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return GLBLRCertsDB_->Exists(F, V);
+        };
+        ExistFunc_[GLBLRCertsDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return OrionAccountsDB_->Exists(F, V);
+        };
 
-		ExpandFunc_[EntityDB_->Prefix()] = [=](const char *F, std::string &V, std::string &Name,
+
+
+        ExpandFunc_[EntityDB_->Prefix()] = [=](const char *F, std::string &V, std::string &Name,
 											   std::string &Description) -> bool {
 			return EntityDB_->GetNameAndDescription(F, V, Name, Description);
 		};
@@ -206,9 +223,24 @@ namespace OpenWifi {
 			[=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
 				[[maybe_unused]] std::string &Name,
 				[[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[GLBLRAccountInfoDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[OverridesDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[GLBLRCertsDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[OrionAccountsDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
 
-		InventoryDB_->InitializeSerialCache();
-
+        InventoryDB_->InitializeSerialCache();
 		ConsistencyCheck();
 		InitializeSystemDBs();
 

src/StorageService.h

@@ -28,6 +28,9 @@
 #include "storage/storage_tags.h"
 #include "storage/storage_variables.h"
 #include "storage/storage_venue.h"
+#include "storage/storage_glblraccounts.h"
+#include "storage/storage_glblrcerts.h"
+#include "storage/storage_orion_accounts.h"
 
 #include "Poco/URI.h"
 #include "framework/ow_constants.h"
@@ -47,25 +50,28 @@ namespace OpenWifi {
 		typedef std::list<ProvObjects::ExpandedUseEntry> ExpandedInUseList;
 		typedef std::map<std::string, ProvObjects::ExpandedUseEntryList> ExpandedListMap;
 
-		OpenWifi::EntityDB &EntityDB() { return *EntityDB_; };
-		OpenWifi::PolicyDB &PolicyDB() { return *PolicyDB_; };
-		OpenWifi::VenueDB &VenueDB() { return *VenueDB_; };
-		OpenWifi::LocationDB &LocationDB() { return *LocationDB_; };
-		OpenWifi::ContactDB &ContactDB() { return *ContactDB_; };
-		OpenWifi::InventoryDB &InventoryDB() { return *InventoryDB_; };
-		OpenWifi::ManagementRoleDB &RolesDB() { return *RolesDB_; };
-		OpenWifi::ConfigurationDB &ConfigurationDB() { return *ConfigurationDB_; };
-		OpenWifi::TagsDictionaryDB &TagsDictionaryDB() { return *TagsDictionaryDB_; };
-		OpenWifi::TagsObjectDB &TagsObjectDB() { return *TagsObjectDB_; };
-		OpenWifi::MapDB &MapDB() { return *MapDB_; };
-		OpenWifi::SignupDB &SignupDB() { return *SignupDB_; };
-		OpenWifi::VariablesDB &VariablesDB() { return *VariablesDB_; };
-		OpenWifi::OperatorDB &OperatorDB() { return *OperatorDB_; };
-		OpenWifi::ServiceClassDB &ServiceClassDB() { return *ServiceClassDB_; };
-		OpenWifi::SubscriberDeviceDB &SubscriberDeviceDB() { return *SubscriberDeviceDB_; };
-		OpenWifi::OpLocationDB &OpLocationDB() { return *OpLocationDB_; };
-		OpenWifi::OpContactDB &OpContactDB() { return *OpContactDB_; };
-		OpenWifi::OverridesDB &OverridesDB() { return *OverridesDB_; };
+		inline OpenWifi::EntityDB &EntityDB() { return *EntityDB_; };
+        inline OpenWifi::PolicyDB &PolicyDB() { return *PolicyDB_; };
+        inline OpenWifi::VenueDB &VenueDB() { return *VenueDB_; };
+        inline OpenWifi::LocationDB &LocationDB() { return *LocationDB_; };
+        inline OpenWifi::ContactDB &ContactDB() { return *ContactDB_; };
+        inline OpenWifi::InventoryDB &InventoryDB() { return *InventoryDB_; };
+        inline OpenWifi::ManagementRoleDB &RolesDB() { return *RolesDB_; };
+        inline OpenWifi::ConfigurationDB &ConfigurationDB() { return *ConfigurationDB_; };
+        inline OpenWifi::TagsDictionaryDB &TagsDictionaryDB() { return *TagsDictionaryDB_; };
+        inline OpenWifi::TagsObjectDB &TagsObjectDB() { return *TagsObjectDB_; };
+        inline OpenWifi::MapDB &MapDB() { return *MapDB_; };
+        inline OpenWifi::SignupDB &SignupDB() { return *SignupDB_; };
+        inline OpenWifi::VariablesDB &VariablesDB() { return *VariablesDB_; };
+        inline OpenWifi::OperatorDB &OperatorDB() { return *OperatorDB_; };
+        inline OpenWifi::ServiceClassDB &ServiceClassDB() { return *ServiceClassDB_; };
+        inline OpenWifi::SubscriberDeviceDB &SubscriberDeviceDB() { return *SubscriberDeviceDB_; };
+        inline OpenWifi::OpLocationDB &OpLocationDB() { return *OpLocationDB_; };
+        inline OpenWifi::OpContactDB &OpContactDB() { return *OpContactDB_; };
+        inline OpenWifi::OverridesDB &OverridesDB() { return *OverridesDB_; };
+        inline OpenWifi::GLBLRAccountInfoDB &GLBLRAccountInfoDB() { return *GLBLRAccountInfoDB_; }
+        inline OpenWifi::GLBLRCertsDB &GLBLRCertsDB() { return *GLBLRCertsDB_; }
+        inline OpenWifi::OrionAccountsDB &OrionAccountsDB() { return *OrionAccountsDB_; }
 
 		bool Validate(const Poco::URI::QueryParameters &P, RESTAPI::Errors::msg &Error);
 		bool Validate(const Types::StringVec &P, std::string &Error);
@@ -125,6 +131,9 @@ namespace OpenWifi {
 		std::unique_ptr<OpenWifi::OpLocationDB> OpLocationDB_;
 		std::unique_ptr<OpenWifi::OpContactDB> OpContactDB_;
 		std::unique_ptr<OpenWifi::OverridesDB> OverridesDB_;
+        std::unique_ptr<OpenWifi::GLBLRAccountInfoDB> GLBLRAccountInfoDB_;
+        std::unique_ptr<OpenWifi::GLBLRCertsDB> GLBLRCertsDB_;
+        std::unique_ptr<OpenWifi::OrionAccountsDB> OrionAccountsDB_;
 		std::string DefaultOperator_;
 
 		typedef std::function<bool(const char *FieldName, std::string &Value)> exist_func;

src/framework/ConfigurationValidator.cpp

@@ -34,6 +34,10 @@ static std::string DefaultUCentralSchema = R"foo(
     "$schema": "http://json-schema.org/draft-07/schema#",
     "type": "object",
     "properties": {
+        "strict": {
+            "type": "boolean",
+            "default": false
+        },
         "uuid": {
             "type": "integer"
         },
@@ -114,6 +118,20 @@ static std::string DefaultUCentralSchema = R"foo(
                 "random-password": {
                     "type": "boolean",
                     "default": false
+                },
+                "beacon-advertisement": {
+                    "type": "object",
+                    "properties": {
+                        "device-name": {
+                            "type": "boolean"
+                        },
+                        "device-serial": {
+                            "type": "boolean"
+                        },
+                        "network-id": {
+                            "type": "integer"
+                        }
+                    }
                 }
             }
         },
@@ -222,6 +240,52 @@ static std::string DefaultUCentralSchema = R"foo(
                 }
             }
         },
+        "interface.ssid.encryption": {
+            "type": "object",
+            "properties": {
+                "proto": {
+                    "type": "string",
+                    "enum": [
+                        "none",
+                        "owe",
+                        "owe-transition",
+                        "psk",
+                        "psk2",
+                        "psk-mixed",
+                        "psk2-radius",
+                        "wpa",
+                        "wpa2",
+                        "wpa-mixed",
+                        "sae",
+                        "sae-mixed",
+                        "wpa3",
+                        "wpa3-192",
+                        "wpa3-mixed"
+                    ],
+                    "examples": [
+                        "psk2"
+                    ]
+                },
+                "key": {
+                    "type": "string",
+                    "maxLength": 63,
+                    "minLength": 8
+                },
+                "ieee80211w": {
+                    "type": "string",
+                    "enum": [
+                        "disabled",
+                        "optional",
+                        "required"
+                    ],
+                    "default": "disabled"
+                },
+                "key-caching": {
+                    "type": "boolean",
+                    "default": true
+                }
+            }
+        },
         "definitions": {
             "type": "object",
             "properties": {
@@ -716,7 +780,8 @@ static std::string DefaultUCentralSchema = R"foo(
                     "type": "string",
                     "enum": [
                         "dynamic",
-                        "static"
+                        "static",
+                        "none"
                     ],
                     "examples": [
                         "static"
@@ -1006,52 +1071,6 @@ static std::string DefaultUCentralSchema = R"foo(
                 }
             ]
         },
-        "interface.ssid.encryption": {
-            "type": "object",
-            "properties": {
-                "proto": {
-                    "type": "string",
-                    "enum": [
-                        "none",
-                        "owe",
-                        "owe-transition",
-                        "psk",
-                        "psk2",
-                        "psk-mixed",
-                        "psk2-radius",
-                        "wpa",
-                        "wpa2",
-                        "wpa-mixed",
-                        "sae",
-                        "sae-mixed",
-                        "wpa3",
-                        "wpa3-192",
-                        "wpa3-mixed"
-                    ],
-                    "examples": [
-                        "psk2"
-                    ]
-                },
-                "key": {
-                    "type": "string",
-                    "maxLength": 63,
-                    "minLength": 8
-                },
-                "ieee80211w": {
-                    "type": "string",
-                    "enum": [
-                        "disabled",
-                        "optional",
-                        "required"
-                    ],
-                    "default": "disabled"
-                },
-                "key-caching": {
-                    "type": "boolean",
-                    "default": true
-                }
-            }
-        },
         "interface.ssid.multi-psk": {
             "type": "object",
             "properties": {
@@ -2020,6 +2039,11 @@ static std::string DefaultUCentralSchema = R"foo(
                     "decription": "This option allows embedding custom vendor specific IEs inside the beacons of a BSS in AP mode.",
                     "type": "string"
                 },
+                "tip-information-element": {
+                    "decription": "The device will broadcast the TIP vendor IE inside its beacons if this option is enabled.",
+                    "type": "boolean",
+                    "default": true
+                },
                 "fils-discovery-interval": {
                     "type": "integer",
                     "default": 20,
@@ -2443,6 +2467,24 @@ static std::string DefaultUCentralSchema = R"foo(
                     "type": "boolean",
                     "default": false
                 },
+                "mode": {
+                    "type": "string",
+                    "enum": [
+                        "radius",
+                        "user"
+                    ]
+                },
+                "port-filter": {
+                    "type": "array",
+                    "items": {
+                        "type": "string",
+                        "examples": [
+                            {
+                                "LAN1": null
+                            }
+                        ]
+                    }
+                },
                 "server-certificate": {
                     "type": "string"
                 },
@@ -2454,6 +2496,77 @@ static std::string DefaultUCentralSchema = R"foo(
                     "items": {
                         "$ref": "#/$defs/interface.ssid.radius.local-user"
                     }
+                },
+                "radius": {
+                    "type": "object",
+                    "properties": {
+                        "nas-identifier": {
+                            "type": "string"
+                        },
+                        "auth-server-addr": {
+                            "type": "string",
+                            "format": "uc-host",
+                            "examples": [
+                                "192.168.1.10"
+                            ]
+                        },
+                        "auth-server-port": {
+                            "type": "integer",
+                            "maximum": 65535,
+                            "minimum": 1024,
+                            "examples": [
+                                1812
+                            ]
+                        },
+                        "auth-server-secret": {
+                            "type": "string",
+                            "examples": [
+                                "secret"
+                            ]
+                        },
+                        "acct-server-addr": {
+                            "type": "string",
+                            "format": "uc-host",
+                            "examples": [
+                                "192.168.1.10"
+                            ]
+                        },
+                        "acct-server-port": {
+                            "type": "integer",
+                            "maximum": 65535,
+                            "minimum": 1024,
+                            "examples": [
+                                1813
+                            ]
+                        },
+                        "acct-server-secret": {
+                            "type": "string",
+                            "examples": [
+                                "secret"
+                            ]
+                        },
+                        "coa-server-addr": {
+                            "type": "string",
+                            "format": "uc-host",
+                            "examples": [
+                                "192.168.1.10"
+                            ]
+                        },
+                        "coa-server-port": {
+                            "type": "integer",
+                            "maximum": 65535,
+                            "minimum": 1024,
+                            "examples": [
+                                1814
+                            ]
+                        },
+                        "coa-server-secret": {
+                            "type": "string",
+                            "examples": [
+                                "secret"
+                            ]
+                        }
+                    }
                 }
             }
         },
@@ -2777,6 +2890,12 @@ static std::string DefaultUCentralSchema = R"foo(
                         }
                     }
                 },
+                "services": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
                 "classifier": {
                     "type": "array",
                     "items": {
@@ -3019,6 +3138,24 @@ static std::string DefaultUCentralSchema = R"foo(
                             "relay-server": {
                                 "type": "string",
                                 "format": "uc-ip"
+                            },
+                            "circuit-id-format": {
+                                "type": "string",
+                                "enum": [
+                                    "vlan-id",
+                                    "ap-mac",
+                                    "ssid"
+                                ],
+                                "default": "vlan-id"
+                            },
+                            "remote-id-format": {
+                                "type": "string",
+                                "enum": [
+                                    "vlan-id",
+                                    "ap-mac",
+                                    "ssid"
+                                ],
+                                "default": "ap-mac"
                             }
                         }
                     }

src/framework/EventBusManager.cpp

@@ -14,18 +14,18 @@ namespace OpenWifi {
 	void EventBusManager::run() {
 		Running_ = true;
 		Utils::SetThreadName("fmwk:EventMgr");
-		auto Msg = std::make_shared<std::string>(MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_JOIN));
+		auto Msg = (MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_JOIN));
 		KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroServicePrivateEndPoint(), Msg,
 									false);
 		while (Running_) {
 			Poco::Thread::trySleep((unsigned long)MicroServiceDaemonBusTimer());
 			if (!Running_)
 				break;
-			Msg = std::make_shared<std::string>(MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE));
+			Msg = (MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE));
 			KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroServicePrivateEndPoint(),
 										Msg, false);
 		}
-		Msg = std::make_shared<std::string>(MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_LEAVE));
+		Msg = (MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_LEAVE));
 		KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroServicePrivateEndPoint(), Msg,
 									false);
 	};

src/framework/KafkaManager.cpp

@@ -6,6 +6,7 @@
 
 #include "fmt/format.h"
 #include "framework/MicroServiceFuncs.h"
+#include "cppkafka/utils/consumer_dispatcher.h"
 
 namespace OpenWifi {
 
@@ -99,9 +100,12 @@ namespace OpenWifi {
 			try {
 				auto Msg = dynamic_cast<KafkaMessage *>(Note.get());
 				if (Msg != nullptr) {
-					Producer.produce(cppkafka::MessageBuilder(Msg->Topic())
-										 .key(Msg->Key())
-										 .payload(Msg->Payload()));
+					auto NewMessage = cppkafka::MessageBuilder(Msg->Topic());
+					NewMessage.key(Msg->Key());
+					NewMessage.partition(0);
+					NewMessage.payload(Msg->Payload());
+					Producer.produce(NewMessage);
+					Producer.flush();
 				}
 			} catch (const cppkafka::HandleException &E) {
 				poco_warning(Logger_,
@@ -156,43 +160,49 @@ namespace OpenWifi {
 			}
 		});
 
-		bool AutoCommit = MicroServiceConfigGetBool("openwifi.kafka.auto.commit", false);
-		auto BatchSize = MicroServiceConfigGetInt("openwifi.kafka.consumer.batchsize", 20);
+		// bool AutoCommit = MicroServiceConfigGetBool("openwifi.kafka.auto.commit", false);
+		// auto BatchSize = MicroServiceConfigGetInt("openwifi.kafka.consumer.batchsize", 100);
 
 		Types::StringVec Topics;
-		KafkaManager()->Topics(Topics);
+		std::for_each(Topics_.begin(),Topics_.end(),
+					  [&](const std::string & T) { Topics.emplace_back(T); });
 		Consumer.subscribe(Topics);
 
 		Running_ = true;
-		while (Running_) {
-			try {
-				std::vector<cppkafka::Message> MsgVec =
-					Consumer.poll_batch(BatchSize, std::chrono::milliseconds(100));
-				for (auto const &Msg : MsgVec) {
-					if (!Msg)
-						continue;
-					if (Msg.get_error()) {
-						if (!Msg.is_eof()) {
-							poco_error(Logger_,
-									   fmt::format("Error: {}", Msg.get_error().to_string()));
+		std::vector<cppkafka::Message> MsgVec;
+
+		Dispatcher_ = std::make_unique<cppkafka::ConsumerDispatcher>(Consumer);
+
+		Dispatcher_->run(
+			// Callback executed whenever a new message is consumed
+			[&](cppkafka::Message msg) {
+				// Print the key (if any)
+				std::lock_guard G(ConsumerMutex_);
+				auto It = Notifiers_.find(msg.get_topic());
+				if (It != Notifiers_.end()) {
+					const auto &FL = It->second;
+					for (const auto &[CallbackFunc, _] : FL) {
+						try {
+							CallbackFunc(msg.get_key(), msg.get_payload());
+						} catch(const Poco::Exception &E) {
+
+						} catch(...) {
+
 						}
-						if (!AutoCommit)
-							Consumer.async_commit(Msg);
-						continue;
 					}
-					KafkaManager()->Dispatch(Msg.get_topic().c_str(), Msg.get_key(), std::make_shared<std::string>(Msg.get_payload()));
-					if (!AutoCommit)
-						Consumer.async_commit(Msg);
 				}
-			} catch (const cppkafka::HandleException &E) {
-				poco_warning(Logger_,
-							 fmt::format("Caught a Kafka exception (consumer): {}", E.what()));
-			} catch (const Poco::Exception &E) {
-				Logger_.log(E);
-			} catch (...) {
-				poco_error(Logger_, "std::exception");
+				Consumer.commit(msg);
+			},
+			// Whenever there's an error (other than the EOF soft error)
+			[&Logger_](cppkafka::Error error) {
+				poco_warning(Logger_,fmt::format("Error: {}", error.to_string()));
+			},
+			// Whenever EOF is reached on a partition, print this
+			[&Logger_](cppkafka::ConsumerDispatcher::EndOfFile, const cppkafka::TopicPartition& topic_partition) {
+				poco_debug(Logger_,fmt::format("Partition {} EOF", topic_partition.get_partition()));
 			}
-		}
+		);
+
 		Consumer.unsubscribe();
 		poco_information(Logger_, "Stopped...");
 	}
@@ -213,14 +223,13 @@ namespace OpenWifi {
 	}
 
 	void KafkaProducer::Produce(const char *Topic, const std::string &Key,
-								std::shared_ptr<std::string> Payload) {
+								const std::string &Payload) {
 		std::lock_guard G(Mutex_);
 		Queue_.enqueueNotification(new KafkaMessage(Topic, Key, Payload));
 	}
 
 	void KafkaConsumer::Start() {
 		if (!Running_) {
-			Running_ = true;
 			Worker_.start(*this);
 		}
 	}
@@ -228,29 +237,16 @@ namespace OpenWifi {
 	void KafkaConsumer::Stop() {
 		if (Running_) {
 			Running_ = false;
-			Worker_.wakeUp();
+			if(Dispatcher_) {
+				Dispatcher_->stop();
+			}
 			Worker_.join();
 		}
 	}
 
-	void KafkaDispatcher::Start() {
-		if (!Running_) {
-			Running_ = true;
-			Worker_.start(*this);
-		}
-	}
-
-	void KafkaDispatcher::Stop() {
-		if (Running_) {
-			Running_ = false;
-			Queue_.wakeUpAll();
-			Worker_.join();
-		}
-	}
-
-	auto KafkaDispatcher::RegisterTopicWatcher(const std::string &Topic,
+	std::uint64_t KafkaConsumer::RegisterTopicWatcher(const std::string &Topic,
 											   Types::TopicNotifyFunction &F) {
-		std::lock_guard G(Mutex_);
+		std::lock_guard G(ConsumerMutex_);
 		auto It = Notifiers_.find(Topic);
 		if (It == Notifiers_.end()) {
 			Types::TopicNotifyFunctionList L;
@@ -259,11 +255,12 @@ namespace OpenWifi {
 		} else {
 			It->second.emplace(It->second.end(), std::make_pair(F, FunctionId_));
 		}
+		Topics_.insert(Topic);
 		return FunctionId_++;
 	}
 
-	void KafkaDispatcher::UnregisterTopicWatcher(const std::string &Topic, int Id) {
-		std::lock_guard G(Mutex_);
+	void KafkaConsumer::UnregisterTopicWatcher(const std::string &Topic, int Id) {
+		std::lock_guard G(ConsumerMutex_);
 		auto It = Notifiers_.find(Topic);
 		if (It != Notifiers_.end()) {
 			Types::TopicNotifyFunctionList &L = It->second;
@@ -275,56 +272,17 @@ namespace OpenWifi {
 		}
 	}
 
-	void KafkaDispatcher::Dispatch(const char *Topic, const std::string &Key,
-								   const std::shared_ptr<std::string> Payload) {
-		std::lock_guard G(Mutex_);
-		auto It = Notifiers_.find(Topic);
-		if (It != Notifiers_.end()) {
-			Queue_.enqueueNotification(new KafkaMessage(Topic, Key, Payload));
-		}
-	}
-
-	void KafkaDispatcher::run() {
-		Poco::Logger &Logger_ =
-			Poco::Logger::create("KAFKA-DISPATCHER", KafkaManager()->Logger().getChannel());
-		poco_information(Logger_, "Starting...");
-		Poco::AutoPtr<Poco::Notification> Note(Queue_.waitDequeueNotification());
-		Utils::SetThreadName("kafka:dispatch");
-		while (Note && Running_) {
-			auto Msg = dynamic_cast<KafkaMessage *>(Note.get());
-			if (Msg != nullptr) {
-				auto It = Notifiers_.find(Msg->Topic());
-				if (It != Notifiers_.end()) {
-					const auto &FL = It->second;
-					for (const auto &[CallbackFunc, _] : FL) {
-						CallbackFunc(Msg->Key(), Msg->Payload());
-					}
-				}
-			}
-			Note = Queue_.waitDequeueNotification();
-		}
-		poco_information(Logger_, "Stopped...");
-	}
-
-	void KafkaDispatcher::Topics(std::vector<std::string> &T) {
-		T.clear();
-		for (const auto &[TopicName, _] : Notifiers_)
-			T.push_back(TopicName);
-	}
-
 	int KafkaManager::Start() {
 		if (!KafkaEnabled_)
 			return 0;
 		ConsumerThr_.Start();
 		ProducerThr_.Start();
-		Dispatcher_.Start();
 		return 0;
 	}
 
 	void KafkaManager::Stop() {
 		if (KafkaEnabled_) {
 			poco_information(Logger(), "Stopping...");
-			Dispatcher_.Stop();
 			ProducerThr_.Stop();
 			ConsumerThr_.Stop();
 			poco_information(Logger(), "Stopped...");
@@ -333,39 +291,28 @@ namespace OpenWifi {
 	}
 
 	void KafkaManager::PostMessage(const char *topic, const std::string &key,
-								   const std::shared_ptr<std::string> PayLoad, bool WrapMessage) {
+								   const std::string & PayLoad, bool WrapMessage) {
 		if (KafkaEnabled_) {
 			ProducerThr_.Produce(topic, key, WrapMessage ? WrapSystemId(PayLoad) : PayLoad);
 		}
 	}
 
-	void KafkaManager::Dispatch(const char *Topic, const std::string &Key,
-								const std::shared_ptr<std::string> Payload) {
-		Dispatcher_.Dispatch(Topic, Key, Payload);
-	}
-
-	[[nodiscard]] const std::shared_ptr<std::string> KafkaManager::WrapSystemId(const std::shared_ptr<std::string> PayLoad) {
-		*PayLoad = SystemInfoWrapper_ + *PayLoad + "}";
-		return PayLoad;
-	}
-
-	uint64_t KafkaManager::RegisterTopicWatcher(const std::string &Topic,
-												Types::TopicNotifyFunction &F) {
+	void KafkaManager::PostMessage(const char *topic, const std::string &key,
+					 const Poco::JSON::Object &Object, bool WrapMessage) {
 		if (KafkaEnabled_) {
-			return Dispatcher_.RegisterTopicWatcher(Topic, F);
-		} else {
-			return 0;
+			std::ostringstream ObjectStr;
+			Object.stringify(ObjectStr);
+			ProducerThr_.Produce(topic, key, WrapMessage ? WrapSystemId(ObjectStr.str()) : ObjectStr.str());
 		}
 	}
 
-	void KafkaManager::UnregisterTopicWatcher(const std::string &Topic, uint64_t Id) {
-		if (KafkaEnabled_) {
-			Dispatcher_.UnregisterTopicWatcher(Topic, Id);
-		}
+	[[nodiscard]] std::string KafkaManager::WrapSystemId(const std::string & PayLoad) {
+		return fmt::format(	R"lit({{ "system" : {{ "id" : {},
+									"host" : "{}" }},
+									"payload" : {} }})lit", MicroServiceID(),
+						   				MicroServicePrivateEndPoint(), PayLoad ) ;
 	}
 
-	void KafkaManager::Topics(std::vector<std::string> &T) { Dispatcher_.Topics(T); }
-
 	void KafkaManager::PartitionAssignment(const cppkafka::TopicPartitionList &partitions) {
 		poco_information(
 			Logger(), fmt::format("Partition assigned: {}...", partitions.front().get_partition()));

src/framework/KafkaManager.h

@@ -6,7 +6,7 @@
 
 #include "Poco/Notification.h"
 #include "Poco/NotificationQueue.h"
-
+#include "Poco/JSON/Object.h"
 #include "framework/KafkaTopics.h"
 #include "framework/OpenWifiTypes.h"
 #include "framework/SubSystemServer.h"
@@ -18,17 +18,17 @@ namespace OpenWifi {
 
 	class KafkaMessage : public Poco::Notification {
 	  public:
-		KafkaMessage(const char * Topic, const std::string &Key, std::shared_ptr<std::string> Payload)
+		KafkaMessage(const char * Topic, const std::string &Key, const std::string &Payload)
 			: Topic_(Topic), Key_(Key), Payload_(Payload) {}
 
 		inline const char * Topic() { return Topic_; }
 		inline const std::string &Key() { return Key_; }
-		inline const std::string &Payload() { return *Payload_; }
+		inline const std::string &Payload() { return Payload_; }
 
 	  private:
 		const char *Topic_;
 		std::string Key_;
-		std::shared_ptr<std::string> Payload_;
+		std::string Payload_;
 	};
 
 	class KafkaProducer : public Poco::Runnable {
@@ -36,10 +36,10 @@ namespace OpenWifi {
 		void run() override;
 		void Start();
 		void Stop();
-		void Produce(const char *Topic, const std::string &Key, std::shared_ptr<std::string> Payload);
+		void Produce(const char *Topic, const std::string &Key, const std::string & Payload);
 
 	  private:
-		std::recursive_mutex Mutex_;
+		std::mutex Mutex_;
 		Poco::Thread Worker_;
 		mutable std::atomic_bool Running_ = false;
 		Poco::NotificationQueue Queue_;
@@ -47,33 +47,22 @@ namespace OpenWifi {
 
 	class KafkaConsumer : public Poco::Runnable {
 	  public:
-		void run() override;
 		void Start();
 		void Stop();
 
 	  private:
-		std::recursive_mutex Mutex_;
-		Poco::Thread Worker_;
+		std::mutex 				ConsumerMutex_;
+		Types::NotifyTable 		Notifiers_;
+		Poco::Thread 			Worker_;
 		mutable std::atomic_bool Running_ = false;
-	};
+		uint64_t 				FunctionId_ = 1;
+		std::unique_ptr<cppkafka::ConsumerDispatcher> 	Dispatcher_;
+		std::set<std::string>	Topics_;
 
-	class KafkaDispatcher : public Poco::Runnable {
-	  public:
-		void Start();
-		void Stop();
-		auto RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F);
+		void run() override;
+		friend class KafkaManager;
+		std::uint64_t RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F);
 		void UnregisterTopicWatcher(const std::string &Topic, int Id);
-		void Dispatch(const char *Topic, const std::string &Key, const std::shared_ptr<std::string> Payload);
-		void run() override;
-		void Topics(std::vector<std::string> &T);
-
-	  private:
-		std::recursive_mutex Mutex_;
-		Types::NotifyTable Notifiers_;
-		Poco::Thread Worker_;
-		mutable std::atomic_bool Running_ = false;
-		uint64_t FunctionId_ = 1;
-		Poco::NotificationQueue Queue_;
 	};
 
 	class KafkaManager : public SubSystemServer {
@@ -92,20 +81,24 @@ namespace OpenWifi {
 		void Stop() override;
 
 		void PostMessage(const char *topic, const std::string &key,
-						 std::shared_ptr<std::string> PayLoad, bool WrapMessage = true);
-		void Dispatch(const char *Topic, const std::string &Key, std::shared_ptr<std::string> Payload);
-		[[nodiscard]] const std::shared_ptr<std::string> WrapSystemId(std::shared_ptr<std::string> PayLoad);
+						 const std::string &PayLoad, bool WrapMessage = true);
+		void PostMessage(const char *topic, const std::string &key,
+						 const Poco::JSON::Object &Object, bool WrapMessage = true);
+
+		[[nodiscard]] std::string WrapSystemId(const std::string & PayLoad);
 		[[nodiscard]] inline bool Enabled() const { return KafkaEnabled_; }
-		uint64_t RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F);
-		void UnregisterTopicWatcher(const std::string &Topic, uint64_t Id);
-		void Topics(std::vector<std::string> &T);
+		inline std::uint64_t RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F) {
+			return ConsumerThr_.RegisterTopicWatcher(Topic,F);
+		}
+		inline void UnregisterTopicWatcher(const std::string &Topic, uint64_t Id) {
+			return ConsumerThr_.UnregisterTopicWatcher(Topic,Id);
+		}
 
 	  private:
 		bool KafkaEnabled_ = false;
 		std::string SystemInfoWrapper_;
 		KafkaProducer ProducerThr_;
 		KafkaConsumer ConsumerThr_;
-		KafkaDispatcher Dispatcher_;
 
 		void PartitionAssignment(const cppkafka::TopicPartitionList &partitions);
 		void PartitionRevocation(const cppkafka::TopicPartitionList &partitions);

src/framework/RESTAPI_Handler.h

@@ -574,7 +574,37 @@ namespace OpenWifi {
 			Poco::JSON::Stringifier::stringify(Object, Answer);
 		}
 
-		inline void ReturnRawJSON(const std::string &json_doc) {
+        inline void ReturnObject(const std::vector<std::string> &Strings) {
+            Poco::JSON::Array   Arr;
+            for(const auto &String:Strings) {
+                Arr.add(String);
+            }
+            std::ostringstream os;
+            Arr.stringify(os);
+            return ReturnRawJSON(os.str());
+        }
+
+        template<class T> void ReturnObject(const std::vector<T> &Objects) {
+            Poco::JSON::Array   Arr;
+            for(const auto &Object:Objects) {
+                Poco::JSON::Object O;
+                Object.to_json(O);
+                Arr.add(O);
+            }
+            std::ostringstream os;
+            Arr.stringify(os);
+            return ReturnRawJSON(os.str());
+        }
+
+        template<class T> void ReturnObject(const T &Object) {
+            Poco::JSON::Object  O;
+            Object.to_json(O);
+            std::ostringstream os;
+            O.stringify(os);
+            return ReturnRawJSON(os.str());
+        }
+
+        inline void ReturnRawJSON(const std::string &json_doc) {
 			PrepareResponse();
 			if (Request != nullptr) {
 				//   can we compress ???

src/framework/SubSystemServer.cpp

@@ -37,6 +37,7 @@ namespace OpenWifi {
 		P.cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
 		P.dhUse2048Bits = true;
 		P.caLocation = cas_;
+        // P.securityLevel =
 
 		auto Context = Poco::AutoPtr<Poco::Net::Context>(
 			new Poco::Net::Context(Poco::Net::Context::TLS_SERVER_USE, P));
@@ -53,7 +54,6 @@ namespace OpenWifi {
 
 			Context->useCertificate(Cert);
 			Context->addChainCertificate(Root);
-
 			Context->addCertificateAuthority(Root);
 
 			if (level_ == Poco::Net::Context::VERIFY_STRICT) {
@@ -76,18 +76,18 @@ namespace OpenWifi {
 				L.fatal(fmt::format("Wrong Certificate({}) for Key({})", cert_file_, key_file_));
 			}
 
-			SSL_CTX_set_verify(SSLCtx, SSL_VERIFY_PEER, nullptr);
+            SSL_CTX_set_verify(SSLCtx, level_==Poco::Net::Context::VERIFY_NONE ? SSL_VERIFY_NONE : SSL_VERIFY_PEER, nullptr);
 
 			if (level_ == Poco::Net::Context::VERIFY_STRICT) {
 				SSL_CTX_set_client_CA_list(SSLCtx, SSL_load_client_CA_file(client_cas_.c_str()));
+                SSL_CTX_enable_ct(SSLCtx, SSL_CT_VALIDATION_STRICT);
 			}
-			SSL_CTX_enable_ct(SSLCtx, SSL_CT_VALIDATION_STRICT);
 			SSL_CTX_dane_enable(SSLCtx);
 
 			Context->enableSessionCache();
 			Context->setSessionCacheSize(0);
 			Context->setSessionTimeout(60);
-			Context->enableExtendedCertificateVerification(true);
+			Context->enableExtendedCertificateVerification( level_!= Poco::Net::Context::VERIFY_NONE );
 			Context->disableStatelessSessionResumption();
 		}
 

src/framework/ow_constants.h

@@ -40,6 +40,7 @@ namespace OpenWifi {
 	};
 }
 
+#define DBGLINE     std::cout << __LINE__ << ":" << __FILE__ << ", " << __func__ << std::endl;
 namespace OpenWifi::RESTAPI::Errors {
 	struct msg {
 		uint64_t err_num;
@@ -405,7 +406,18 @@ namespace OpenWifi::RESTAPI::Errors {
             1172, "The venue name already exists."
     };
 
-    static const struct msg DefFirmwareNameExists { 1172, "Firmware name already exists." };
+    static const struct msg InvalidGlobalReachAccount {
+            1173, "Invalid Global Reach account information."
+    };
+    static const struct msg CannotCreateCSR {
+            1174, "Cannot create a CSR certificate."
+    };
+
+    static const struct msg DefFirmwareNameExists { 1175, "Firmware name already exists." };
+
+    static const struct msg NotAValidECKey { 1176, "Not a valid Signing Key." };
+
+	static const struct msg NotAValidRadiusPoolType { 1177, "Not a valid RADIUS pool type." };
 
     static const struct msg SimulationDoesNotExist {
         7000, "Simulation Instance ID does not exist."

src/framework/utils.cpp

@@ -3,10 +3,17 @@
 //
 
 #include "Poco/Path.h"
-
+#include "Poco/TemporaryFile.h"
+#include "Poco/Crypto/ECKey.h"
 #include "framework/AppServiceRegistry.h"
 #include "framework/utils.h"
 
+#include <iostream>
+#include <cstdlib>
+#include <ctime>
+#include <string>
+#include <algorithm>
+
 namespace OpenWifi::Utils {
 
 	bool NormalizeMac(std::string &Mac) {
@@ -608,4 +615,251 @@ namespace OpenWifi::Utils {
 		return DT.timestamp().epochTime();
 	}
 
+    static std::string FileToString(const std::string &Filename) {
+        std::ifstream   ifs(Filename.c_str(),std::ios_base::in|std::ios_base::binary);
+        std::ostringstream os;
+        Poco::StreamCopier::copyStream(ifs,os);
+        return os.str();
+    }
+
+    bool CreateX509CSR(const CSRCreationParameters & Parameters, CSRCreationResults & Results) {
+        int             ret = 0;
+        RSA             *r = nullptr;
+        BIGNUM          *bne = nullptr;
+
+        int             nVersion = 0;
+        unsigned long   e = RSA_F4;
+
+        X509_REQ        *x509_req = nullptr;
+        X509_NAME       *x509_name = nullptr;
+        EVP_PKEY        *pKey = nullptr;
+//        RSA             *tem = nullptr;
+//        BIO             *bio_err = nullptr;
+
+        const char      *szCountry = Parameters.Country.c_str();
+        const char      *szProvince = Parameters.Province.c_str();
+        const char      *szCity = Parameters.City.c_str();
+        const char      *szOrganization = Parameters.Organization.c_str();
+        const char      *szCommon = Parameters.CommonName.c_str();
+
+        Poco::TemporaryFile     CsrPath, PubKey, PrivateKey;
+        std::string             Result;
+        std::ifstream           ifs;
+        std::ostringstream      ss;
+        BIO                     *bp_public = nullptr,
+                *bp_private = nullptr,
+                *bp_csr = nullptr;
+
+        // 1. generate rsa key
+        bne = BN_new();
+        ret = BN_set_word(bne,e);
+        if(ret != 1){
+            goto free_all;
+        }
+
+        r = RSA_new();
+        ret = RSA_generate_key_ex(r, Parameters.bits, bne, nullptr);
+        if(ret != 1){
+            goto free_all;
+        }
+
+        bp_public = BIO_new_file(PubKey.path().c_str(), "w+");
+        ret = PEM_write_bio_RSAPublicKey(bp_public, r);
+        if(ret != 1) {
+            goto free_all;
+        }
+
+        bp_private = BIO_new_file(PrivateKey.path().c_str(), "w+");
+        ret = PEM_write_bio_RSAPrivateKey(bp_private, r, NULL, NULL, 0, NULL, NULL);
+        if(ret != 1) {
+            goto free_all;
+        }
+
+// 2. set version of x509 req
+        x509_req = X509_REQ_new();
+        ret = X509_REQ_set_version(x509_req, nVersion);
+        if (ret != 1){
+            goto free_all;
+        }
+
+// 3. set subject of x509 req
+        x509_name = X509_REQ_get_subject_name(x509_req);
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"C", MBSTRING_ASC, (const unsigned char*)szCountry, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"ST", MBSTRING_ASC, (const unsigned char*)szProvince, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"L", MBSTRING_ASC, (const unsigned char*)szCity, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"O", MBSTRING_ASC, (const unsigned char*)szOrganization, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"CN", MBSTRING_ASC, (const unsigned char*)szCommon, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+// 4. set public key of x509 req
+        pKey = EVP_PKEY_new();
+        EVP_PKEY_assign_RSA(pKey, r);
+        r = nullptr;   // will be free rsa when EVP_PKEY_free(pKey)
+
+        ret = X509_REQ_set_pubkey(x509_req, pKey);
+        if (ret != 1){
+            goto free_all;
+        }
+
+// 5. set sign key of x509 req
+        ret = X509_REQ_sign(x509_req, pKey, EVP_sha1());    // return x509_req->signature->length
+        if (ret <= 0){
+            goto free_all;
+        }
+
+        bp_csr = BIO_new_file(CsrPath.path().c_str(),"w");
+        ret = PEM_write_bio_X509_REQ(bp_csr, x509_req);
+
+// 6. free
+        free_all:
+        X509_REQ_free(x509_req);
+        BIO_free_all(bp_csr);
+        BIO_free_all(bp_public);
+        BIO_free_all(bp_private);
+
+        EVP_PKEY_free(pKey);
+        BN_free(bne);
+        if(ret==1) {
+            Results.CSR = FileToString(CsrPath.path());
+            Results.PrivateKey = FileToString(PrivateKey.path());
+            Results.PublicKey = FileToString(PubKey.path());
+        }
+
+        return ret;
+    }
+
+    bool VerifyECKey(const std::string &key) {
+        try {
+            Poco::TemporaryFile F;
+
+            std::ofstream of(F.path().c_str(), std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+            of << key;
+            of.close();
+
+            auto Key = Poco::SharedPtr<Poco::Crypto::ECKey>(
+                    new Poco::Crypto::ECKey("", F.path(),""));
+
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool VerifyRSAKey([[
+    maybe_unused]] const std::string &key) {
+        try {
+            Poco::TemporaryFile F;
+
+            std::ofstream of(F.path().c_str(), std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+            of << key;
+            of.close();
+
+            auto Key = Poco::SharedPtr<Poco::Crypto::RSAKey>(
+                    new Poco::Crypto::RSAKey("", F.path(),""));
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool ValidX509Certificate([[
+                              maybe_unused]] const std::string &Cert) {
+        try {
+            Poco::TemporaryFile F;
+            std::ofstream of(F.path().c_str(), std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+            of << Cert;
+            of.close();
+
+            auto Key = Poco::SharedPtr<Poco::Crypto::X509Certificate>(
+                    new Poco::Crypto::X509Certificate(F.path()));
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool ValidX509Certificate([[
+                              maybe_unused]] const std::vector<std::string> &Certs) {
+        auto F = [](const std::string &C) -> bool { return ValidX509Certificate(C); };
+        return std::all_of(Certs.begin(),Certs.end(), F);
+    }
+
+    std::string generateStrongPassword(int minLength, int maxLength, int numDigits, int minLowercase, int minSpecial, int minUppercase) {
+        // Define character sets for each category
+        const std::string lowercaseChars = "abcdefghijklmnopqrstuvwxyz";
+        const std::string uppercaseChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+        const std::string digitChars = "0123456789";
+        const std::string specialChars = "!@#$%^&*()_+[]{}|;:,.<>?";
+
+        // Check if parameters are valid
+        if (minLength < 1 || minLength > maxLength || minLowercase + minUppercase + numDigits + minSpecial > maxLength) {
+            return "Invalid parameters";
+        }
+
+        // Initialize random seed
+        std::random_device rd;
+        std::mt19937 g(rd());
+
+        // Initialize the password string
+        std::string password;
+
+        // Generate the required number of each character type
+        for (int i = 0; i < minLowercase; ++i) {
+            password += lowercaseChars[g() % lowercaseChars.length()];
+        }
+        for (int i = 0; i < minUppercase; ++i) {
+            password += uppercaseChars[g() % uppercaseChars.length()];
+        }
+        for (int i = 0; i < numDigits; ++i) {
+            password += digitChars[g() % digitChars.length()];
+        }
+        for (int i = 0; i < minSpecial; ++i) {
+            password += specialChars[g() % specialChars.length()];
+        }
+
+        // Calculate how many more characters are needed
+        int remainingLength = maxLength - (int)password.length();
+
+        // Generate random characters to fill the remaining length
+        for (int i = 0; i < remainingLength; ++i) {
+            int category = g() % 4; // Randomly select a category
+            if (category == 0) {
+                password += lowercaseChars[g() % lowercaseChars.length()];
+            } else if (category == 1) {
+                password += uppercaseChars[g() % uppercaseChars.length()];
+            } else if (category == 2) {
+                password += digitChars[g() % digitChars.length()];
+            } else {
+                password += specialChars[g() % specialChars.length()];
+            }
+        }
+
+        // Shuffle the password to randomize the character order
+        std::shuffle(password.begin(), password.end(),g);
+
+        return password;
+    }
+
 } // namespace OpenWifi::Utils

src/framework/utils.h

@@ -247,4 +247,21 @@ namespace OpenWifi::Utils {
 		return count;
 	}
 
+    struct CSRCreationParameters {
+        std::string Country, Province, City,
+                    Organization, CommonName;
+        int         bits=2048;
+    };
+
+    struct CSRCreationResults {
+        std::string     CSR, PublicKey, PrivateKey;
+    };
+
+    bool CreateX509CSR(const CSRCreationParameters & Parameters, CSRCreationResults & Results);
+    std::string generateStrongPassword(int minLength, int maxLength, int numDigits, int minLowercase, int minSpecial, int minUppercase);
+    bool VerifyECKey(const std::string &key);
+    bool VerifyRSAKey(const std::string &key);
+    bool ValidX509Certificate(const std::string &Cert);
+    bool ValidX509Certificate(const std::vector<std::string> &Certs);
+
 } // namespace OpenWifi::Utils

src/storage/storage_glblraccounts.cpp

@@ -0,0 +1,97 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "storage_glblraccounts.h"
+#include <framework/orm.h>
+#include "framework/OpenWifiTypes.h"
+#include "framework/RESTAPI_utils.h"
+
+#include "RESTObjects/RESTAPI_SecurityObjects.h"
+
+namespace OpenWifi {
+
+    static ORM::FieldVec GLBLRAccountInfoDB_Fields{
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"description", ORM::FieldType::FT_TEXT},
+            ORM::Field{"notes", ORM::FieldType::FT_TEXT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"modified", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"privateKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"country", ORM::FieldType::FT_TEXT},
+            ORM::Field{"province", ORM::FieldType::FT_TEXT},
+            ORM::Field{"city", ORM::FieldType::FT_TEXT},
+            ORM::Field{"organization", ORM::FieldType::FT_TEXT},
+            ORM::Field{"commonName", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSR", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSRPrivateKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSRPublicKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"GlobalReachAcctId", ORM::FieldType::FT_TEXT}
+    };
+
+    static ORM::IndexVec GLBLRAccountInfoDB_Indexes{
+            {std::string("glblr_name_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    GLBLRAccountInfoDB::GLBLRAccountInfoDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "glblr_accts", GLBLRAccountInfoDB_Fields, GLBLRAccountInfoDB_Indexes, P, L, "glr") {}
+
+    bool GLBLRAccountInfoDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{};
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::GLBLRAccountsDBRecordType, OpenWifi::ProvObjects::GLBLRAccountInfo>::Convert(
+        const OpenWifi::GLBLRAccountsDBRecordType &In, OpenWifi::ProvObjects::GLBLRAccountInfo &Out) {
+    Out.info.id = In.get<0>();
+    Out.info.name = In.get<1>();
+    Out.info.description = In.get<2>();
+    Out.info.notes =
+            OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::SecurityObjects::NoteInfo>(In.get<3>());
+    Out.info.created = In.get<4>();
+    Out.info.modified = In.get<5>();
+    Out.privateKey =In.get<6>();
+    Out.country = In.get<7>();
+    Out.province = In.get<8>();
+    Out.city = In.get<9>();
+    Out.organization = In.get<10>();
+    Out.commonName = In.get<11>();
+    Out.CSR = In.get<12>();
+    Out.CSRPrivateKey = In.get<13>();
+    Out.CSRPublicKey = In.get<14>();
+    Out.GlobalReachAcctId = In.get<15>();
+}
+
+template <>
+void ORM::DB<OpenWifi::GLBLRAccountsDBRecordType, OpenWifi::ProvObjects::GLBLRAccountInfo>::Convert(
+        const OpenWifi::ProvObjects::GLBLRAccountInfo &In, OpenWifi::GLBLRAccountsDBRecordType &Out) {
+    Out.set<0>(In.info.id);
+    Out.set<1>(In.info.name);
+    Out.set<2>(In.info.description);
+    Out.set<3>(OpenWifi::RESTAPI_utils::to_string(In.info.notes));
+    Out.set<4>(In.info.created);
+    Out.set<5>(In.info.modified);
+    Out.set<6>(In.privateKey);
+    Out.set<7>(In.country);
+    Out.set<8>(In.province);
+    Out.set<9>(In.city);
+    Out.set<10>(In.organization);
+    Out.set<11>(In.commonName);
+    Out.set<12>(In.CSR);
+    Out.set<13>(In.CSRPrivateKey);
+    Out.set<14>(In.CSRPublicKey);
+    Out.set<15>(In.GlobalReachAcctId);
+}

src/storage/storage_glblraccounts.h

@@ -0,0 +1,35 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<std::string,
+            std::string, std::string, std::string, uint64_t, uint64_t,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string>
+        GLBLRAccountsDBRecordType;
+
+    class GLBLRAccountInfoDB : public ORM::DB<GLBLRAccountsDBRecordType, ProvObjects::GLBLRAccountInfo> {
+    public:
+        GLBLRAccountInfoDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~GLBLRAccountInfoDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+    private:
+
+    };
+} // namespace OpenWifi

src/storage/storage_glblrcerts.cpp

@@ -0,0 +1,76 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "storage_glblrcerts.h"
+
+#include <framework/orm.h>
+#include "framework/OpenWifiTypes.h"
+#include "framework/RESTAPI_utils.h"
+
+#include "RESTObjects/RESTAPI_SecurityObjects.h"
+
+namespace OpenWifi {
+
+    static ORM::FieldVec GLBLRCertsDB_Fields{// object info
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"accountId", ORM::FieldType::FT_TEXT},
+            ORM::Field{"csr", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificate", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificateChain", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificateId", ORM::FieldType::FT_TEXT},
+            ORM::Field{"expiresAt", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT}
+    };
+
+    static ORM::IndexVec GLBLRCertsDB_Indexes{
+            {std::string("glblr_cert_id_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    GLBLRCertsDB::GLBLRCertsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "glblr_certs", GLBLRCertsDB_Fields, GLBLRCertsDB_Indexes, P, L, "glc") {}
+
+    bool GLBLRCertsDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{};
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::GLBLRCertsDBRecordType, OpenWifi::ProvObjects::GLBLRCertificateInfo>::Convert(
+        const OpenWifi::GLBLRCertsDBRecordType &In, OpenWifi::ProvObjects::GLBLRCertificateInfo &Out) {
+    Out.id = In.get<0>();
+    Out.name = In.get<1>();
+    Out.accountId = In.get<2>();
+    Out.csr = In.get<3>();
+    Out.certificate = In.get<4>();
+    Out.certificateChain = In.get<5>();
+    Out.certificateId = In.get<6>();
+    Out.expiresAt = In.get<7>();
+    Out.created = In.get<8>();
+}
+
+template <>
+void ORM::DB<OpenWifi::GLBLRCertsDBRecordType, OpenWifi::ProvObjects::GLBLRCertificateInfo>::Convert(
+        const OpenWifi::ProvObjects::GLBLRCertificateInfo &In, OpenWifi::GLBLRCertsDBRecordType &Out) {
+    Out.set<0>(In.id);
+    Out.set<1>(In.name);
+    Out.set<2>(In.accountId);
+    Out.set<3>(In.csr);
+    Out.set<4>(In.certificate);
+    Out.set<5>(In.certificateChain);
+    Out.set<6>(In.certificateId);
+    Out.set<7>(In.expiresAt);
+    Out.set<8>(In.created);
+}

src/storage/storage_glblrcerts.h

@@ -0,0 +1,37 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            uint64_t,
+            uint64_t>
+            GLBLRCertsDBRecordType;
+
+    class GLBLRCertsDB : public ORM::DB<GLBLRCertsDBRecordType, ProvObjects::GLBLRCertificateInfo> {
+    public:
+        GLBLRCertsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~GLBLRCertsDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+    private:
+
+    };
+} // namespace OpenWifi

src/storage/storage_orion_accounts.cpp

@@ -0,0 +1,76 @@
+//
+// Created by stephane bourque on 2023-09-17.
+//
+
+#include "storage_orion_accounts.h"
+#include <framework/orm.h>
+#include "framework/OpenWifiTypes.h"
+#include "framework/RESTAPI_utils.h"
+
+#include "RESTObjects/RESTAPI_SecurityObjects.h"
+
+namespace OpenWifi {
+
+    static ORM::FieldVec OrionAccountsDB_Fields{
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"description", ORM::FieldType::FT_TEXT},
+            ORM::Field{"notes", ORM::FieldType::FT_TEXT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"modified", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"privateKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificate", ORM::FieldType::FT_TEXT},
+            ORM::Field{"cacerts", ORM::FieldType::FT_TEXT}
+    };
+
+    static ORM::IndexVec OrionAccountsDB_Indexes{
+            {std::string("orion_name_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    OrionAccountsDB::OrionAccountsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "orion_accts", OrionAccountsDB_Fields, OrionAccountsDB_Indexes, P, L, "oat") {}
+
+    bool OrionAccountsDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{};
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::OrionAccountsDBRecordType, OpenWifi::ProvObjects::GooglOrionAccountInfo>::Convert(
+        const OpenWifi::OrionAccountsDBRecordType &In, OpenWifi::ProvObjects::GooglOrionAccountInfo &Out) {
+    Out.info.id = In.get<0>();
+    Out.info.name = In.get<1>();
+    Out.info.description = In.get<2>();
+    Out.info.notes =
+            OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::SecurityObjects::NoteInfo>(In.get<3>());
+    Out.info.created = In.get<4>();
+    Out.info.modified = In.get<5>();
+    Out.privateKey =In.get<6>();
+    Out.certificate = In.get<7>();
+    Out.cacerts = OpenWifi::RESTAPI_utils::to_object_array(In.get<8>());
+}
+
+template <>
+void ORM::DB<OpenWifi::OrionAccountsDBRecordType, OpenWifi::ProvObjects::GooglOrionAccountInfo>::Convert(
+        const OpenWifi::ProvObjects::GooglOrionAccountInfo &In, OpenWifi::OrionAccountsDBRecordType &Out) {
+    Out.set<0>(In.info.id);
+    Out.set<1>(In.info.name);
+    Out.set<2>(In.info.description);
+    Out.set<3>(OpenWifi::RESTAPI_utils::to_string(In.info.notes));
+    Out.set<4>(In.info.created);
+    Out.set<5>(In.info.modified);
+    Out.set<6>(In.privateKey);
+    Out.set<7>(In.certificate);
+    Out.set<8>(OpenWifi::RESTAPI_utils::to_string(In.cacerts));
+}

src/storage/storage_orion_accounts.h

@@ -0,0 +1,32 @@
+//
+// Created by stephane bourque on 2023-09-17.
+//
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<std::string,
+            std::string,
+            std::string,
+            std::string,
+            uint64_t,
+            uint64_t,
+            std::string,
+            std::string,
+            std::string>
+            OrionAccountsDBRecordType;
+
+    class OrionAccountsDB : public ORM::DB<OrionAccountsDBRecordType, ProvObjects::GooglOrionAccountInfo> {
+    public:
+        OrionAccountsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~OrionAccountsDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+    private:
+
+    };
+
+} // namespace OpenWifi

test_scripts/curl/cli

@@ -617,6 +617,51 @@ getsystemconfiguration() {
     jq < ${result_file}
 }
 
+creategraccount() {
+    payload="{ \"name\" : \"Test account\" , \"country\" : \"CA\", \"province\" : \"BC\" , \"city\" : \"Vancouver\", \"organization\" : \"Arilia Wireless Inc.\", \"commonName\" : \"arilia.com\", \"GlobalReachAcctId\" : \"bd63aaa7-b14d-4cdb-85ae-8de6cf2cfa31\", \"privateKey\" : \"-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgl1FpARtuOtw1F9sR2DD82jh6sZFGRn619IY0rmNIFEuhRANCAATB7ji6OF/+heGRCocgVNhw4QGvaL9Kp8F6ZqqZ3aMewRMOfzi3TQaXN12FNBsvXnptx5vk8GAzZk6UAzzvMBVK\n-----END PRIVATE KEY-----\" }"
+    curl    ${FLAGS} -X POST "https://${OWPROV}/api/v1/openroaming/globalreach/account/0" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" \
+        -d "$payload"  > ${result_file}
+    jq < ${result_file}
+}
+
+getgraccount() {
+    curl    ${FLAGS} -X GET "https://${OWPROV}/api/v1/openroaming/globalreach/account/$1" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" > ${result_file}
+    jq < ${result_file}
+}
+
+deletegraccount() {
+    curl    ${FLAGS} -X DELETE "https://${OWPROV}/api/v1/openroaming/globalreach/account/$1" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" > ${result_file}
+    jq < ${result_file}
+}
+
+getgraccounts() {
+    curl    ${FLAGS} -X GET "https://${OWPROV}/api/v1/openroaming/globalreach/accounts" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" > ${result_file}
+    jq < ${result_file}
+}
+
+creategrcert() {
+    payload="{ \"name\" : \"$2\" }"
+    curl    ${FLAGS} -X POST "https://${OWPROV}/api/v1/openroaming/globalreach/certificate/$1/0" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" \
+        -d "$payload"  > ${result_file}
+    jq < ${result_file}
+
+}
+
 shopt -s nocasematch
 case "$1" in
     "login") login; echo "You are logged in..."  ; logout ;;
@@ -673,6 +718,11 @@ case "$1" in
     "deleteoverride") login; deleteoverride "$2"; logout;;
     "venueupgraderevisions") login; venueupgraderevisions "$2"; logout;;
     "getsystemconfiguration") login; getsystemconfiguration "$2"; logout;;
+    "creategraccount") login; creategraccount ; logout;;
+    "getgraccount") login; getgraccount "$2"; logout;;
+    "getgraccounts") login; getgraccounts ; logout;;
+    "creategrcert") login; creategrcert "$2" "$3"; logout;;
+    "deletegraccount") login; deletegraccount "$2"; logout;;
     "getvenuesperrrm") login; getvenuesperrrm "$2"; logout;;
     *) help ;;
 esac