fix: release 3.2.1 version update

https://telecominfraproject.atlassian.net/browse/WIFI-14165

Signed-off-by: Ivan Chvets <ivan.chvets@kinarasystems.com>

BUILDING.md

@@ -1,5 +1,5 @@
 # Building from source
-In order to build the OWPROV, you will need to install its dependencies, which includes the following:
+In order to build OWPROV, you will need to install its dependencies, which includes the following:
 - cmake
 - boost
 - POCO 1.10.1 or later
@@ -12,19 +12,19 @@ In order to build the OWPROV, you will need to install its dependencies, which i
 
 The build is done in 2 parts. The first part is to build a local copy of the framework tailored to your environment. This
 framework is called [Poco](https://github.com/pocoproject/poco). The version used in this project has a couple of fixes
-from the master copy needed for cmake. Please use the version of this [Poco fix](https://github.com/AriliaWireless/poco). Building
+from the master copy needed for cmake. Please use the version of this [Poco fix](https://github.com/Telecominfraproject/wlan-cloud-lib-poco). Building
 Poco may take several minutes depending on the platform you are building on.
 
 ## Ubuntu
 These instructions have proven to work on Ubuntu 20.4.
 ```bash
-sudo apt install git cmake g++ libssl-dev libmariadb-dev 
+sudo apt install git cmake g++ libssl-dev libmariadb-dev
 sudo apt install libpq-dev libaprutil1-dev apache2-dev libboost-all-dev
 sudo apt install librdkafka-dev // default-libmysqlclient-dev
 sudo apt install nlohmann-json-dev
 
 cd ~
-git clone https://github.com/AriliaWireless/poco --branch poco-tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-poco --branch poco-tip-v1 poco
 cd poco
 mkdir cmake-build
 cd cmake-build
@@ -33,7 +33,7 @@ cmake --build . --config Release
 sudo cmake --build . --target install
 
 cd ~
-git clone https://github.com/AriliaWireless/cppkafka --branch tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-cppkafka --branch tip-v1 cppkafka
 cd cppkafka
 mkdir cmake-build
 cd cmake-build
@@ -42,7 +42,7 @@ cmake --build . --config Release
 sudo cmake --build . --target install
 
 cd ~
-git clone https://github.com/AriliaWireless/valijson --branch tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-valijson --branch tip-v1 valijson
 cd valijson
 mkdir cmake-build
 cd cmake-build
@@ -50,7 +50,8 @@ cmake ..
 cmake --build . --config Release
 sudo cmake --build . --target install
 
-git clone https://github.com/fmtlib/fmt --branch 9.0.0 /fmtlib
+cd ~
+git clone https://github.com/fmtlib/fmt --branch 9.0.0 fmtlib
 cd fmtlib
 mkdir cmake-build
 cd cmake-build
@@ -71,11 +72,11 @@ make -j 8
 The following instructions have proven to work on Fedora 33
 ```bash
 sudo yum install cmake g++ openssl-devel mysql-devel mysql apr-util-devel boost boost-devel
-sudo yum install yaml-cpp-devel lua-devel 
+sudo yum install yaml-cpp-devel lua-devel
 sudo dnf install postgresql.x86_64 librdkafka-devel
 sudo dnf install postgresql-devel json-devel
 
-git clone https://github.com/AriliaWireless/poco --branch poco-tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-poco --branch poco-tip-v1 poco
 cd poco
 mkdir cmake-build
 cd cmake-build
@@ -83,7 +84,8 @@ cmake ..
 cmake --build . --config Release
 sudo cmake --build . --target install
 
-git clone https://github.com/AriliaWireless/cppkafka --branch tip-v1
+cd ~
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-cppkafka --branch tip-v1 cppkafka
 cd cppkafka
 mkdir cmake-build
 cd cmake-build
@@ -92,7 +94,7 @@ cmake --build . --config Release
 sudo cmake --build . --target install
 
 cd ~
-git clone https://github.com/AriliaWireless/valijson --branch tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-valijson --branch tip-v1 valijson
 cd valijson
 mkdir cmake-build
 cd cmake-build
@@ -125,7 +127,7 @@ brew install openssl \
 	nlohmann-json \
 	fmt
 
-git clone https://github.com/AriliaWireless/poco --branch poco-tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-poco --branch poco-tip-v1 poco
 pushd poco
 mkdir cmake-build
 push cmake-build
@@ -135,7 +137,7 @@ sudo cmake --build . --target install
 popd
 popd
 
-git clone https://github.com/AriliaWireless/cppkafka --branch tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-cppkafka --branch tip-v1 cppkafka
 pushd cppkafka
 mkdir cmake-build
 pushd cmake-build
@@ -145,7 +147,7 @@ sudo cmake --build . --target install
 popd
 popd
 
-git clone https://github.com/AriliaWireless/valijson --branch tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-valijson --branch tip-v1 valijson
 cd valijson
 mkdir cmake-build
 cd cmake-build
@@ -172,6 +174,8 @@ adding -DSMALL_BUILD=1 on the cmake build line.
 
 ```bash
 sudo apt install git cmake g++ libssl-dev libaprutil1-dev apache2-dev libboost-all-dev libyaml-cpp-dev
+
+cd ~
 git clone https://github.com/stephb9959/poco
 cd poco
 mkdir cmake-build

CMakeLists.txt

@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.13)
-project(owprov VERSION 2.11.0)
+project(owprov VERSION 3.2.1)
 
 set(CMAKE_CXX_STANDARD 17)
 
@@ -37,7 +37,7 @@ if(GIT_FOUND AND EXISTS "${PROJECT_SOURCE_DIR}/.git")
     string(REGEX REPLACE "\n$" "" GIT_HASH "${GIT_HASH}")
 endif()
 
-add_definitions(-DAWS_CUSTOM_MEMORY_MANAGEMENT)
+add_definitions(-DAWS_CUSTOM_MEMORY_MANAGEMENT -DBOOST_NO_CXX98_FUNCTION_BASE=1)
 
 find_package(OpenSSL    REQUIRED)
 find_package(ZLIB       REQUIRED)
@@ -209,12 +209,37 @@ add_executable(owprov
         src/ProvWebSocketClient.cpp src/ProvWebSocketClient.h
         src/Tasks/VenueRebooter.h src/Tasks/VenueUpgrade.h
         src/sdks/SDK_fms.cpp src/sdks/SDK_fms.h
-        src/RESTAPI/RESTAPI_overrides_handler.cpp src/RESTAPI/RESTAPI_overrides_handler.h)
+        src/RESTAPI/RESTAPI_overrides_handler.cpp src/RESTAPI/RESTAPI_overrides_handler.h
+        src/storage/storage_glblraccounts.cpp src/storage/storage_glblraccounts.h
+        src/storage/storage_glblrcerts.cpp src/storage/storage_glblrcerts.h
+        src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.h
+        src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.h
+        src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.cpp src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.h
+        src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.cpp src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.h
+        src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.h
+        src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.cpp src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.h
+        src/storage/storage_orion_accounts.cpp src/storage/storage_orion_accounts.h
+        src/storage/storage_radius_endpoints.cpp
+        src/storage/storage_radius_endpoints.h
+        src/RESTAPI/RESTAPI_radiusendpoint_list_handler.cpp
+        src/RESTAPI/RESTAPI_radiusendpoint_list_handler.h
+        src/RESTAPI/RESTAPI_radius_endpoint_handler.cpp
+        src/RESTAPI/RESTAPI_radius_endpoint_handler.h
+        src/RadiusEndpointTypes/GlobalReach.cpp src/RadiusEndpointTypes/GlobalReach.h
+        src/RadiusEndpointTypes/OrionWifi.h
+        src/RadiusEndpointUpdater.cpp
+        src/RadiusEndpointUpdater.h
+        src/RadiusEndpointTypes/Radsec.cpp
+        src/RadiusEndpointTypes/Radsec.h
+        src/RadiusEndpointTypes/GenericRadius.cpp
+        src/RadiusEndpointTypes/GenericRadius.h
+)
 
 target_link_libraries(owprov PUBLIC
         ${Poco_LIBRARIES}
         ${MySQL_LIBRARIES}
         ${ZLIB_LIBRARIES}
         CppKafka::cppkafka
+        resolv
         fmt::fmt)
 

Dockerfile

@@ -15,8 +15,9 @@ FROM build-base AS poco-build
 
 ARG POCO_VERSION
 
-ADD https://api.github.com/repos/AriliaWireless/poco/git/refs/tags/${POCO_VERSION} version.json
-RUN git clone https://github.com/AriliaWireless/poco --branch ${POCO_VERSION} /poco
+ADD https://api.github.com/repos/Telecominfraproject/wlan-cloud-lib-poco/git/refs/tags/${POCO_VERSION} version.json
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-lib-poco --branch ${POCO_VERSION} /poco
+
 
 WORKDIR /poco
 RUN mkdir cmake-build
@@ -29,8 +30,8 @@ FROM build-base AS cppkafka-build
 
 ARG CPPKAFKA_VERSION
 
-ADD https://api.github.com/repos/AriliaWireless/cppkafka/git/refs/tags/${CPPKAFKA_VERSION} version.json
-RUN git clone https://github.com/AriliaWireless/cppkafka --branch ${CPPKAFKA_VERSION} /cppkafka
+ADD https://api.github.com/repos/Telecominfraproject/wlan-cloud-lib-cppkafka/git/refs/tags/${CPPKAFKA_VERSION} version.json
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-lib-cppkafka --branch ${CPPKAFKA_VERSION} /cppkafka
 
 WORKDIR /cppkafka
 RUN mkdir cmake-build
@@ -43,8 +44,8 @@ FROM build-base AS valijson-build
 
 ARG VALIJASON_VERSION
 
-ADD https://api.github.com/repos/AriliaWireless/valijson/git/refs/tags/${VALIJASON_VERSION} version.json
-RUN git clone https://github.com/AriliaWireless/valijson --branch ${VALIJASON_VERSION} /valijson
+ADD https://api.github.com/repos/Telecominfraproject/wlan-cloud-lib-valijson/git/refs/tags/${VALIJASON_VERSION} version.json
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-lib-valijson --branch ${VALIJASON_VERSION} /valijson
 
 WORKDIR /valijson
 RUN mkdir cmake-build

build

@@ -1 +1 @@
-4
+1

config-samples/OpenRo.am Test.mobileconfig

@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>AutoJoin</key>
+			<true/>
+			<key>CaptiveBypass</key>
+			<false/>
+			<key>DisableAssociationMACRandomization</key>
+			<false/>
+			<key>DisplayedOperatorName</key>
+			<string>OpenRo.am</string>
+			<key>DomainName</key>
+			<string>openro.am</string>
+			<key>EAPClientConfiguration</key>
+			<dict>
+				<key>AcceptEAPTypes</key>
+				<array>
+					<integer>21</integer>
+				</array>
+				<key>OuterIdentity</key>
+				<string>anonymous@openro.am</string>
+				<key>TLSMaximumVersion</key>
+				<string>1.2</string>
+				<key>TLSMinimumVersion</key>
+				<string>1.2</string>
+				<key>TTLSInnerAuthentication</key>
+				<string>MSCHAPv2</string>
+				<key>UserName</key>
+				<string>420a5371-47d4-4d1d-b234-d17be4e54bb3@openro.am</string>
+				<key>UserPassword</key>
+				<string>XaHBCFhgGxi-mCK9XXdQ8</string>
+			</dict>
+			<key>EncryptionType</key>
+			<string>WPA2</string>
+			<key>HIDDEN_NETWORK</key>
+			<false/>
+			<key>IsHotspot</key>
+			<true/>
+			<key>NAIRealmNames</key>
+			<array>
+				<string>openro.am</string>
+			</array>
+			<key>PayloadDescription</key>
+			<string>Configures Wi-Fi settings</string>
+			<key>PayloadDisplayName</key>
+			<string>Wi-Fi</string>
+			<key>PayloadIdentifier</key>
+			<string>com.apple.wifi.managed.12788EED-2E0C-4370-9411-4EEFC8D9ABB0</string>
+			<key>PayloadType</key>
+			<string>com.apple.wifi.managed</string>
+			<key>PayloadUUID</key>
+			<string>12788EED-2E0C-4370-9411-4EEFC8D9ABB0</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+			<key>ProxyType</key>
+			<string>None</string>
+			<key>RoamingConsortiumOIs</key>
+			<array>
+				<string>5A03BA0000</string>
+			</array>
+			<key>ServiceProviderRoamingEnabled</key>
+			<true/>
+		</dict>
+	</array>
+	<key>PayloadDisplayName</key>
+	<string>OpenRo.am Test</string>
+	<key>PayloadIdentifier</key>
+	<string>openroam.44A21054-2F3F-437F-822A-C2F6766A2A23</string>
+	<key>PayloadOrganization</key>
+	<string>OpenRo.am</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>1D460B0F-9311-4FD2-A75D-BADA866BC31C</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>

openapi/openroaming_globalreach.yaml

@@ -0,0 +1,407 @@
+openapi: 3.0.1
+info:
+  title: OpenWiFi RadiusEndpointTypes Provisioning Model for Global Reach
+  description: Definitions and APIs to Open Roaming WiFi.
+  version: 2.5.0
+  license:
+    name: BSD3
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
+
+servers:
+  - url: 'https://localhost:16005/api/v1'
+
+security:
+  - bearerAuth: []
+  - ApiKeyAuth: []
+
+components:
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: X-API-KEY
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+
+  responses:
+    NotFound:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/NotFound'
+    Unauthorized:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Unauthorized'
+    Success:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Success'
+    BadRequest:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/BadRequest'
+
+  schemas:
+    GLBLRAccountInfo:
+      type: object
+      properties:
+        allOf:
+          $ref: 'https://github.com/Telecominfraproject/wlan-cloud-owprov/blob/main/openpapi/owprov.yaml#/components/schemas/ObjectInfo'
+        privateKey:
+          type: string
+        country:
+          type: string
+        province:
+          type: string
+        city:
+          type: string
+        organization:
+          type: string
+        commonName:
+          type: string
+        CSR:
+          type: string
+        CSRPrivateKey:
+          type: string
+        CSRPublicKey:
+          type: string
+        GlobalReachAcctId:
+          type: string
+
+    GLBLRCertificateInfo:
+      type: object
+      properties:
+        id:
+          type: string
+          format: uuid
+        name:
+          type: string
+        accountId:
+          type: string
+          format: uuid
+        csr:
+          type: string
+        certificate:
+          type: string
+        certificateChain:
+          type: string
+        certificateId:
+          type: string
+        expiresAt:
+          type: integer
+          format: int64
+        created:
+          type: integer
+          format: int64
+
+paths:
+  /openroaming/globalreach/accounts:
+    get:
+      tags:
+        - RadiusEndpointTypes-Global Reach
+      operationId: getOpenRoamingGlobalReachAccountList
+      summary: Retrieve account list.
+      parameters:
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of accounts
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+
+      responses:
+        200:
+          description: The list of accounts
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GLBLRAccountInfo'
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/globalreach/account/{name}:
+    get:
+      tags:
+        - RadiusEndpointTypes-Global Reach
+      operationId: getOpenRoamingGlobalReachAccount
+      summary: Retrieve account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - RadiusEndpointTypes-Global Reach
+      operationId: deleteOpenRoamingGlobalReachAccount
+      summary: Delete account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - RadiusEndpointTypes-Global Reach
+      operationId: createOpenRoamingGlobalReachAccount
+      summary: Create account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GLBLRAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - RadiusEndpointTypes-Global Reach
+      operationId: modifyOpenRoamingGlobalReachAccount
+      summary: Modify account information.
+      parameters:
+        - in: path
+          description: The account name
+          name: name
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GLBLRAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/globalreach/certificates/{account}:
+    get:
+      tags:
+        - RadiusEndpointTypes-Global Reach Certificate
+      operationId: getOpenRoamingGlobalReachCertificateList
+      summary: Retrieve certificate list.
+      parameters:
+        - in: path
+          description: The account name
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of certificates
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+
+      responses:
+        200:
+          description: The list of certificates
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GLBLRCertificateInfo'
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/globalreach/certificate/{account}/{id}:
+    get:
+      tags:
+        - RadiusEndpointTypes-Global Reach Certificate
+      operationId: getOpenRoamingGlobalReachCertificate
+      summary: Retrieve certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: The certificate id in provisioning - not the certificate_id from GlobalReach
+          name: id
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRCertificateInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - RadiusEndpointTypes-Global Reach Certificate
+      operationId: deleteOpenRoamingGlobalReachCertificate
+      summary: Delete certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: The certificate id in provisioning - not the certificate_id from GlobalReach
+          name: id
+          schema:
+            type: string
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - RadiusEndpointTypes-Global Reach Certificate
+      operationId: createOpenRoamingGlobalReachCertificate
+      summary: Create certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: Must be set to "0"
+          name: id
+          schema:
+            type: string
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GLBLRCertificateInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRCertificateInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - RadiusEndpointTypes-Global Reach Certificate
+      operationId: updateOpenRoamingGlobalReachCertificate
+      summary: Update certificate information.
+      parameters:
+        - in: path
+          description: The account name - this is the provisioning ID for the account. Not the GlobalReach ID.
+          name: account
+          schema:
+            type: string
+          required: true
+        - in: path
+          description: the UUID of the certificate
+          name: id
+          schema:
+            type: string
+          required: true
+        - in: query
+          description: Update an existing certificate
+          name: updateCertificate
+          schema:
+            type: boolean
+            default: false
+          required: false
+      responses:
+        200:
+          $ref: '#/components/schemas/GLBLRCertificateInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+

openapi/openroaming_orion.yaml

@@ -0,0 +1,199 @@
+openapi: 3.0.1
+info:
+  title: OpenWiFi RadiusEndpointTypes Provisioning Model for Google Orion
+  description: Definitions and APIs to Open Roaming WiFi.
+  version: 2.5.0
+  license:
+    name: BSD3
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
+
+servers:
+  - url: 'https://localhost:16005/api/v1'
+
+security:
+  - bearerAuth: []
+  - ApiKeyAuth: []
+
+components:
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: X-API-KEY
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+
+  responses:
+    NotFound:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/NotFound'
+    Unauthorized:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Unauthorized'
+    Success:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Success'
+    BadRequest:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/BadRequest'
+
+  schemas:
+    GooglOrionAccountInfo:
+      type: object
+      properties:
+        allOf:
+          $ref: 'https://github.com/Telecominfraproject/wlan-cloud-owprov/blob/main/openpapi/owprov.yaml#/components/schemas/ObjectInfo'
+        privateKey:
+          type: string
+        certificate:
+          type: string
+        cacerts:
+          type: array
+          items:
+            type: string
+
+paths:
+  /openroaming/orion/accounts:
+    get:
+      tags:
+        - RadiusEndpointTypes-Google Orion
+      operationId: getOpenRoamingGlobalReachAccountList
+      summary: Retrieve account list.
+      parameters:
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of accounts
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+
+      responses:
+        200:
+          description: The list of accounts
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/GooglOrionAccountInfo'
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /openroaming/orion/account/{id}:
+    get:
+      tags:
+        - RadiusEndpointTypes-Google Orion
+      operationId: getOpenRoamingGlobalReachAccount
+      summary: Retrieve account information.
+      parameters:
+        - in: path
+          description: The account ID
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      responses:
+        200:
+          $ref: '#/components/schemas/GooglOrionAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - RadiusEndpointTypes-Google Orion
+      operationId: deleteOpenRoamingGlobalReachAccount
+      summary: Delete account information.
+      parameters:
+        - in: path
+          description: The account ID
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - RadiusEndpointTypes-Google Orion
+      operationId: createOpenRoamingGlobalReachAccount
+      summary: Create account information.
+      parameters:
+        - in: path
+          description: The account ID
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GooglOrionAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GooglOrionAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - RadiusEndpointTypes-Google Orion
+      operationId: modifyOpenRoamingGlobalReachAccount
+      summary: Modify account information.
+      parameters:
+        - in: path
+          description: The account ID
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/GooglOrionAccountInfo'
+      responses:
+        200:
+          $ref: '#/components/schemas/GooglOrionAccountInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+

openapi/ow_or_ameriband.yaml

@@ -1,268 +0,0 @@
-openapi: 3.0.1
-info:
-  title: OpenWiFi Open roaming Ameriband Provisioning Model
-  description: Registration of an OpenRoaming profile with Ameriband for TIP OpenWifi.
-  version: 1.0.0
-  license:
-    name: BSD3
-    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
-
-servers:
-  - url: 'https://tip.regiatration.ameriband.com:8001/api/v1'
-
-security:
-  - bearerAuth: []
-
-components:
-  securitySchemes:
-    bearerAuth:
-      type: http
-      scheme: bearer
-
-  responses:
-    NotFound:
-      description: The specified resource was not found.
-      content:
-        application/json:
-          schema:
-            properties:
-              ErrorCode:
-                type: integer
-              ErrorDetails:
-                type: string
-              ErrorDescription:
-                type: string
-
-    Unauthorized:
-      description: The requested does not have sufficient rights to perform the operation.
-      content:
-        application/json:
-          schema:
-            properties:
-              ErrorCode:
-                type: integer
-                enum:
-                  - 0     # Success
-                  - 8     # INVALID_TOKEN
-                  - 9     # EXPIRED_TOKEN
-              ErrorDetails:
-                type: string
-              ErrorDescription:
-                type: string
-
-    Success:
-      description: The requested operation was performed.
-      content:
-        application/json:
-          schema:
-            properties:
-              Operation:
-                type: string
-              Details:
-                type: string
-              Code:
-                type: integer
-
-    BadRequest:
-      description: The requested operation failed.
-      content:
-        application/json:
-          schema:
-            properties:
-              ErrorCode:
-                type: integer
-              ErrorDetails:
-                type: string
-              ErrorDescription:
-                type: integer
-
-  schemas:
-    RegistrationRequest:
-      type: object
-      properties:
-        orgRequestId:
-          type: string
-          format: uuid
-          minLength: 36
-          maxLength: 36
-          example:
-            Client will generate a UUID that must be returned in the response.
-        orgAcceptedTermsAndConditions:
-          type: boolean
-          default: false
-        orgLegalName:
-          type: string
-          minLength: 1
-        orgWebSite:
-          type: string
-          format: url
-          minLength: 1
-        orgContact:
-          type: string
-          minLength: 1
-          example:
-            John Smith
-        orgEmail:
-          type: string
-          format: email
-          minLength: 1
-        orgPhone:
-          type: string
-          example:
-            (607)555-1234 or +1(223)555-1222
-        orgLocation:
-          type: string
-          example:
-            Boston, NH - LA, CA
-        orgCertificate:
-          type: string
-          minLength: 1
-          example:
-            This must be the entire PEM file content of the certificate, encoded using base64
-
-    RegistrationResponse:
-      type: object
-      properties:
-        orgRequestId:
-          type: string
-          format: uuid
-          minLength: 36
-          maxLength: 36
-          example:
-            This should be the same orgRequestId passed during registration.
-        orgNASID:
-          type: string
-          minLength: 10
-          description:
-            This is the NASID generated by Ameriband. It will be used by the operator as NASID when contacting Ameriband.
-        ameribandCertificate:
-          type: string
-          minLength: 1
-          example:
-            This must be the entire PEM file content of the certificate, encoded using base64
-
-    RegistrationInformationRequest:
-      type: object
-      properties:
-        link:
-          description: This should be the link where a potential registrant can read the terms and conditions of registering with Ameriband.
-          type: string
-          format: url
-          minLength: 1
-          example:
-            https://ameriband.com/romain-registration.html
-
-paths:
-  /termsAndConditions:
-    get:
-      summary: The registrant must be given a chance to view the terms and conditions of the relationship they are entering into
-      operationId: getTermsAndConditions
-      responses:
-        200:
-          description: Sucessfully retrieved Terms and Conditions
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RegistrationInformationRequest'
-        404:
-          $ref: '#/components/responses/Unauthorized'
-
-  /registration:
-    get:
-      tags:
-        - Registration
-      operationId: getRegistrationInformation
-      summary: This should return the information from a registration based on the NASID
-      parameters:
-        - in: query
-          name: orgNASID
-          schema:
-            type: string
-          required: true
-          example:
-            This is the orgNASID returned during registration.
-      responses:
-        200:
-          $ref: '#/components/schemas/RegistrationResponse'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-        404:
-          $ref: '#/components/responses/NotFound'
-
-    post:
-      summary: Called when the registrant ahs read the T&Cs and iw willing to submit their information to enter in a partnership
-      tags:
-        - Registration
-      operationId: createRegistration
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/RegistrationRequest'
-      responses:
-        200:
-          description: Succesfully registered
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RegistrationResponse'
-        400:
-          description: Registration failed due to  missing or incomplete information
-          $ref: '#/components/responses/BadRequest'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-
-    put:
-      summary: Called when the registrant needs to update its information with Ameriband. The does not generate a new NASID.
-      tags:
-        - Registration
-      operationId: updateRegistration
-      parameters:
-        - in: query
-          name: orgNASID
-          schema:
-            type: string
-          required: true
-          example:
-            This is the orgNASID returned during registration.
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/RegistrationRequest'
-      responses:
-        200:
-          description: Succesfully found the information based on the orgNASID
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RegistrationResponse'
-        400:
-          $ref: '#/components/responses/BadRequest'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-        404:
-          $ref: '#/components/responses/NotFound'
-
-    delete:
-      tags:
-        - Registration
-      summary: When a registrant wants to terminate a relationship with Ameriband. Ameriband should also delete all information from the registrant
-      operationId: deleteRegistration
-      parameters:
-        - in: query
-          name: orgNASID
-          schema:
-            type: string
-          required: true
-          example:
-            This is the orgNASID returned during registration.
-      responses:
-        204:
-          $ref: '#/components/responses/Success'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-        404:
-          $ref: '#/components/responses/NotFound'

openapi/owprov.yaml

@@ -815,6 +815,17 @@ components:
           type: string
           minLength: 2
           maxLength: 2
+        imported:
+          type: integer
+          format: int64
+        connected:
+          type: integer
+          format: int64
+        platform:
+          type: string
+          enum:
+            - AP
+            - SWITCH
 
     VenueDeviceList:
       type: object
@@ -3240,6 +3251,15 @@ paths:
           schema:
             type: boolean
           required: false
+        - in: query
+          name: deviceType
+          schema:
+            type: string
+            enum:
+              - AP
+              - SWITCH
+          required: false
+          default: AP
       requestBody:
         description: Information used to create the new entity
         content:
@@ -3268,6 +3288,15 @@ paths:
             format: uuid
             example: When modifying the root entity, the uuid 0000-0000-0000 must be entered.
           required: true
+        - in: query
+          name: deviceType
+          schema:
+            type: string
+            enum:
+              - AP
+              - SWITCH
+          required: false
+          default: AP
       requestBody:
         description: Information used to modify the new entity
         content:

openapi/radius_endpoints.yaml

@@ -0,0 +1,342 @@
+openapi: 3.0.1
+info:
+  title: OpenWiFi RADIUS Resource Model
+  description: Definitions and APIs to manage RADIUS Resources.
+  version: 1.0.0
+  license:
+    name: BSD3
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/LICENSE
+
+servers:
+  - url: 'https://localhost:16005/api/v1'
+
+security:
+  - bearerAuth: []
+  - ApiKeyAuth: []
+
+components:
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: X-API-KEY
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+
+  responses:
+    NotFound:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/NotFound'
+    Unauthorized:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Unauthorized'
+    Success:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/Success'
+    BadRequest:
+      $ref: 'https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml#/components/responses/BadRequest'
+
+  schemas:
+
+    RADIUSServer:
+      type: object
+      properties:
+        Hostname:
+          type: string
+        IP:
+          type: string
+        Port:
+          type: integer
+          format: int32
+        Secret:
+          type: string
+
+    RADIUSEndPointRadiusType:
+      type: object
+      properties:
+        Authentication:
+          type: array
+          items:
+            $ref: '#/components/schemas/RADIUSServer'
+        Accounting:
+          type: array
+          items:
+            $ref: '#/components/schemas/RADIUSServer'
+        CoA:
+          type: array
+          items:
+            $ref: '#/components/schemas/RADIUSServer'
+        AccountingInterval:
+          type: integer
+          format: int32
+
+    RADIUSEndPointRadsecType:
+      type: object
+      properties:
+        Hostname:
+          type: string
+        IP:
+          type: string
+        Port:
+          type: integer
+        Secret:
+          type: string
+          default: radsec
+        UseOpenRoamingAccount:
+          type: string
+          format: uuid
+        Weight:
+          type: integer
+          format: int32
+        Certificate:
+          type: string
+        PrivateKey:
+          type: string
+        CaCerts:
+          type: array
+          items:
+            type: string
+        AllowSelfSigned:
+          type: boolean
+          default: false
+
+    RADIUSEndPoint:
+      type: object
+      properties:
+        allOf:
+          $ref: 'https://github.com/Telecominfraproject/wlan-cloud-owprov/blob/main/openpapi/owprov.yaml#/components/schemas/ObjectInfo'
+        Type:
+          type: string
+          enum:
+            - generic
+            - radsec
+            - globalreach
+            - orion
+          default: radius
+        RadsecServers:
+          type: array
+          items:
+            $ref: '#/components/schemas/RADIUSEndPointRadsecType'
+        RadiusServers:
+          type: array
+          items:
+            $ref: '#/components/schemas/RADIUSEndPointRadiusType'
+        PoolStrategy:
+          type: string
+          enum:
+            - round_robin
+            - weighted
+            - random
+          default: random
+        UseGWProxy:
+          type: boolean
+          default: true
+        Index:
+          type: string
+          example:
+            - 0.0.1.1: a ficticious IP address that should be between 0.0.1.1 and 0.0.2.254
+        UsedBy:
+          type: array
+          description: list of configuration using this endpoint
+          items:
+            type: string
+            format: uuid
+        NasIdentifier:
+          type: string
+        AccountingInterval:
+          type: integer
+          format: int64
+
+    RADIUSEndpointUpdateStatus:
+      type: object
+      properties:
+        lastUpdate:
+          type: integer
+          format: int64
+        lastConfigurationChange:
+          type: integer
+          format: int64
+
+
+
+paths:
+  /RADIUSEndPoints:
+    get:
+      tags:
+        - RADIUS Endpoints
+      operationId: getRADIUSEndPoints
+      summary: Retrieve the lists of RADIUSendPoints
+      parameters:
+        - in: query
+          description: Pagination start (starts at 1. If not specified, 1 is assumed)
+          name: offset
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: Maximum number of entries to return (if absent, no limit is assumed)
+          name: limit
+          schema:
+            type: integer
+          required: false
+        - in: query
+          description: return the number of certificates
+          name: countOnly
+          schema:
+            type: boolean
+          required: false
+        - in: query
+          description: return the last update time
+          name: currentStatus
+          schema:
+            type: boolean
+          required: false
+      responses:
+        200:
+          description: The list of endpoints
+          content:
+            application/json:
+              schema:
+                oneOf:
+                  - type: array
+                    items:
+                      $ref: '#/components/schemas/RADIUSEndPoint'
+                  - $ref: '#/components/schemas/RADIUSEndpointUpdateStatus'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - RADIUS Endpoints
+      operationId: updateRADIUSEndpoints
+      summary: Force an Update to teh RADIUSendPoints in the controller
+      parameters:
+        - in: query
+          name: updateEndpoints
+          schema:
+            type: boolean
+          required: false
+      responses:
+        200:
+          description: The list of endpoints
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  Error:
+                    type: string
+                  ErrorNum:
+                    type: integer
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+  /RADIUSEndPoint/{id}:
+    get:
+      tags:
+        - RADIUS Endpoints
+      operationId: getRADIUSEndPoint
+      summary: Retrieve a RADIUSendPoint
+      parameters:
+        - in: path
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      responses:
+        200:
+          description: The endpoint
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RADIUSEndPoint'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    delete:
+      tags:
+        - RADIUS Endpoints
+      operationId: deleteRADIUSEndPoint
+      summary: Delete a RADIUSendPoint
+      parameters:
+        - in: path
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    post:
+      tags:
+        - RADIUS Endpoints
+      operationId: createRADIUSEndPoint
+      summary: Create a RADIUSendPoint
+      parameters:
+        - in: path
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RADIUSEndPoint'
+      responses:
+        200:
+          $ref: '#/components/schemas/RADIUSEndPoint'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
+    put:
+      tags:
+        - RADIUS Endpoints
+      operationId: modifyRADIUSEndPoint
+      summary: Modify a RADIUSendPoint
+      parameters:
+        - in: path
+          name: id
+          schema:
+            type: string
+            format: uuid
+          required: true
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RADIUSEndPoint'
+      responses:
+        200:
+          $ref: '#/components/schemas/RADIUSEndPoint'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'

openapi/rrm_provider.yaml

@@ -133,29 +133,32 @@ paths:
       summary: Run a specific or default RRM algorithm. The UI user or CLI user will have the ability to run an algorithm on demand.
       parameters:
         - in: query
-          description:
+          description: The venue this algorithm should be run on.
           name: venue
           schema:
             type: string
             format: uuid
           required: true
         - in: query
-          description: Perform RRM without updating anything. This may be used by an admin to see what RRM would do.
-          name: mock
+          description: Perform RRM asynchronously, synchronously or in mockRun mode (without updating anything, this may be used by an admin to see what RRM would do).
+          name: mode
           schema:
-            type: boolean
-            default: false
+            type: string
+            enum: [ async, sync, mockRun ]
           required: false
         - in: query
           description: Specify the RRM algorithm to use. If omitted, select the default algorithm.
+          name: algorithm
           schema:
             type: string
           required: false
         - in: query
-          description: Specify the parameters to use with the RRM algorithm to use. If omitted, select the default parameters.
+          description: Specify the comma separated name=value parameters to use with the RRM algorithm to use. If omitted, select the default parameters.
+          name: parameters
           schema:
             type: string
           required: false
+
       responses:
         200:
           description: Return the list of actions that were or would be performed.

src/APConfig.cpp

@@ -9,6 +9,11 @@
 #include "Poco/StringTokenizer.h"
 #include "fmt/format.h"
 
+#include <RadiusEndpointTypes/OrionWifi.h>
+#include <RadiusEndpointTypes/GlobalReach.h>
+#include <RadiusEndpointTypes/Radsec.h>
+#include <RadiusEndpointTypes/GenericRadius.h>
+
 namespace OpenWifi {
 
 	APConfig::APConfig(const std::string &SerialNumber, const std::string &DeviceType,
@@ -55,75 +60,154 @@ namespace OpenWifi {
 		 */
 	}
 
-	bool APConfig::ReplaceVariablesInObject(const Poco::JSON::Object::Ptr &Original,
-											Poco::JSON::Object::Ptr &Result) {
-		// get all the names and expand
-		auto Names = Original->getNames();
-		for (const auto &i : Names) {
-			if (i == "__variableBlock") {
-				if (Original->isArray(i)) {
-					auto UUIDs = Original->getArray(i);
-					for (const auto &uuid : *UUIDs) {
-						ProvObjects::VariableBlock VB;
-						if (StorageService()->VariablesDB().GetRecord("id", uuid, VB)) {
-							for (const auto &var : VB.variables) {
-								Poco::JSON::Parser P;
-								auto VariableBlockInfo =
-									P.parse(var.value).extract<Poco::JSON::Object::Ptr>();
-								auto VarNames = VariableBlockInfo->getNames();
-								for (const auto &j : VarNames) {
-									Result->set(j, VariableBlockInfo->get(j));
-								}
-							}
+    bool APConfig::InsertRadiusEndPoint(const ProvObjects::RADIUSEndPoint &RE, Poco::JSON::Object &Result) {
+        if(RE.UseGWProxy) {
+            Poco::JSON::Object  ServerSettings;
+            if (RE.Type == "orion") {
+                return OpenRoaming_Orion()->Render(RE, SerialNumber_, Result);
+            } else if (RE.Type == "globalreach") {
+                return OpenRoaming_GlobalReach()->Render(RE, SerialNumber_, Result);
+            } else if (RE.Type == "radsec") {
+                return OpenRoaming_Radsec()->Render(RE, SerialNumber_, Result);
+            } else if (RE.Type == "generic") {
+                return OpenRoaming_GenericRadius()->Render(RE, SerialNumber_, Result);
+            }
+            Result.set( "radius" , ServerSettings);
+        } else {
+            std::cout << "Radius proxy off" << RE.info.name << std::endl;
+        }
+        return false;
+    }
+
+	void APConfig::ReplaceNestedVariables(const std::string uuid, Poco::JSON::Object &Result) {
+		/*
+		Helper method contains code previously in ReplaceVariablesinObject.
+		Once the top-level variable is resolved, this will be called to resolve any
+		variables nested within the top-level variable.
+		*/
+		ProvObjects::VariableBlock VB;
+		if (StorageService()->VariablesDB().GetRecord("id", uuid, VB)) {
+			for (const auto &var: VB.variables) {
+				Poco::JSON::Parser P;
+				auto VariableBlockInfo =
+					P.parse(var.value).extract<Poco::JSON::Object::Ptr>();
+				auto VarNames = VariableBlockInfo->getNames();
+				for (const auto &j: VarNames) {
+					if(VariableBlockInfo->isArray(j)) {
+						auto Elements = VariableBlockInfo->getArray(j);
+						if(Elements->size()>0) {
+							Poco::JSON::Array InnerArray;
+							ReplaceVariablesInArray(*Elements, InnerArray);
+							Result.set(j, InnerArray);
+						} else {
+//                      	std::cout << "Empty Array!!!" << std::endl;
 						}
+					} else if(VariableBlockInfo->isObject(j)) {
+						Poco::JSON::Object  InnerEval;
+						auto O = VariableBlockInfo->getObject(j);
+						ReplaceVariablesInObject(*O,InnerEval);
+						Result.set(j, InnerEval);
+					} else {
+						Result.set(j, VariableBlockInfo->get(j));
 					}
 				}
-			} else if (Original->isArray(i)) {
-				auto Arr = Poco::makeShared<Poco::JSON::Array>();
-				auto Obj = Original->getArray(i);
-				ReplaceVariablesInArray(Obj, Arr);
-				Result->set(i, Arr);
-			} else if (Original->isObject(i)) {
-				auto Expanded = Poco::makeShared<Poco::JSON::Object>();
-				auto Obj = Original->getObject(i);
-				ReplaceVariablesInObject(Obj, Expanded);
-				Result->set(i, Expanded);
+			}
+		}
+	}
+
+    bool APConfig::ReplaceVariablesInObject(const Poco::JSON::Object &Original,
+											Poco::JSON::Object &Result) {
+		// get all the names and expand
+		auto Names = Original.getNames();
+		for (const auto &i : Names) {
+            if (i == "__variableBlock") {
+                if (Original.isArray(i)) {
+					/*
+					E.g. of what the variable block would look like in an array:
+					"ssids": [
+						{
+							"__variableBlock": [
+								"79c083d2-d496-4de0-8600-76a63556851b"
+							]
+						}
+					]
+					*/
+                    auto UUIDs = Original.getArray(i);
+                    for (const std::string &uuid: *UUIDs) {
+                        ReplaceNestedVariables(uuid, Result);
+					}
+                }
+				else {
+					/*
+					E.g. of what the variable block would look like replacing an entire json blob:
+					"services" : {
+						"__variableBlock": "ef8db4c0-f0ef-40d2-b676-c9c02ef39430"
+					}
+					*/
+					const std::string uuid = Original.get(i);
+					ReplaceNestedVariables(uuid, Result);
+				}
+            } else if (i == "__radiusEndpoint") {
+                auto EndPointId = Original.get(i).toString();
+                ProvObjects::RADIUSEndPoint RE;
+//                std::cout << "ID->" << EndPointId << std::endl;
+                if(StorageService()->RadiusEndpointDB().GetRecord("id",EndPointId,RE)) {
+                    InsertRadiusEndPoint(RE, Result);
+                } else {
+                    poco_error(Logger_, fmt::format("RADIUS Endpoint {} could not be found. Please delete this configuration and recreate it."));
+                    return false;
+                }
+			} else if (Original.isArray(i)) {
+                Poco::JSON::Array Arr;
+				auto Obj = Original.getArray(i);
+                if(Obj->size()>0) {
+                    ReplaceVariablesInArray(*Obj, Arr);
+                    Result.set(i, Arr);
+                }
+			} else if (Original.isObject(i)) {
+                Poco::JSON::Object Expanded;
+				auto Obj = Original.getObject(i);
+				ReplaceVariablesInObject(*Obj, Expanded);
+				Result.set(i, Expanded);
 			} else {
-				Result->set(i, Original->get(i));
+				Result.set(i, Original.get(i));
 			}
 		}
 		return true;
 	}
 
-	bool APConfig::ReplaceVariablesInArray(const Poco::JSON::Array::Ptr &Original,
-										   Poco::JSON::Array::Ptr &ResultArray) {
-
-		for (const auto &element : *Original) {
+	bool APConfig::ReplaceVariablesInArray(const Poco::JSON::Array &Original,
+										   Poco::JSON::Array &ResultArray) {
 
+		for (const auto &element : Original) {
+//            std::cout << element.toString() << std::endl;
 			if (element.isArray()) {
-				auto Expanded = Poco::makeShared<Poco::JSON::Array>();
-				const auto &Object = element.extract<Poco::JSON::Array::Ptr>();
-				ReplaceVariablesInArray(Object, Expanded);
-				ResultArray->add(Expanded);
+                Poco::JSON::Array  Expanded;
+				const auto Object = element.extract<Poco::JSON::Array::Ptr>();
+                if(Object->size()>0) {
+                    ReplaceVariablesInArray(*Object, Expanded);
+                    ResultArray.add(Expanded);
+                }
 			} else if (element.isStruct()) {
-				auto Expanded = Poco::makeShared<Poco::JSON::Object>();
+                Poco::JSON::Object  Expanded;
 				const auto &Object = element.extract<Poco::JSON::Object::Ptr>();
-				ReplaceVariablesInObject(Object, Expanded);
-				ResultArray->add(Expanded);
+				ReplaceVariablesInObject(*Object, Expanded);
+				ResultArray.add(Expanded);
 			} else if (element.isString() || element.isNumeric() || element.isBoolean() ||
 					   element.isInteger() || element.isSigned()) {
-				ResultArray->add(element);
+				ResultArray.add(element);
 			} else {
-				auto Expanded = Poco::makeShared<Poco::JSON::Object>();
+                Poco::JSON::Object  Expanded;
 				const auto &Object = element.extract<Poco::JSON::Object::Ptr>();
-				ReplaceVariablesInObject(Object, Expanded);
-				ResultArray->add(Expanded);
+				ReplaceVariablesInObject(*Object, Expanded);
+				ResultArray.add(Expanded);
 			}
 		}
 		return true;
 	}
 
 	bool APConfig::Get(Poco::JSON::Object::Ptr &Configuration) {
+
 		if (Config_.empty()) {
 			Explanation_.clear();
 			try {
@@ -177,8 +261,8 @@ namespace OpenWifi {
 								ExObj.set("element", OriginalArray);
 								Explanation_.add(ExObj);
 							}
-							auto ExpandedArray = Poco::makeShared<Poco::JSON::Array>();
-							ReplaceVariablesInArray(OriginalArray, ExpandedArray);
+                            Poco::JSON::Array ExpandedArray;
+							ReplaceVariablesInArray(*OriginalArray, ExpandedArray);
 							Configuration->set(SectionName, ExpandedArray);
 						} else if (O->isObject(SectionName)) {
 							auto OriginalSection =
@@ -191,8 +275,8 @@ namespace OpenWifi {
 								ExObj.set("element", OriginalSection);
 								Explanation_.add(ExObj);
 							}
-							auto ExpandedSection = Poco::makeShared<Poco::JSON::Object>();
-							ReplaceVariablesInObject(OriginalSection, ExpandedSection);
+                            Poco::JSON::Object ExpandedSection;
+							ReplaceVariablesInObject(*OriginalSection, ExpandedSection);
 							Configuration->set(SectionName, ExpandedSection);
 						} else {
                             poco_warning(Logger(), fmt::format("Unknown config element type: {}",O->get(SectionName).toString()));
@@ -225,7 +309,7 @@ namespace OpenWifi {
 									RadioArray->get(RadioIndex).extract<Poco::JSON::Object::Ptr>();
 								if (Tokens[2] == "tx-power") {
 									IndexedRadio->set(
-										"rx-power",
+										"tx-power",
 										std::strtoull(col.parameterValue.c_str(), nullptr, 10));
 									if (Explain_) {
 										Poco::JSON::Object ExObj;
@@ -317,6 +401,7 @@ namespace OpenWifi {
 
 		ProvObjects::DeviceConfiguration Config;
 		if (StorageService()->ConfigurationDB().GetRecord("id", UUID, Config)) {
+//            std::cout << Config.info.name << ":" << Config.configuration.size() << std::endl;
 			if (!Config.configuration.empty()) {
 				if (DeviceTypeMatch(DeviceType_, Config.deviceTypes)) {
 					for (const auto &i : Config.configuration) {
@@ -375,4 +460,4 @@ namespace OpenWifi {
 		} else {
 		}
 	}
-} // namespace OpenWifi
+} // namespace OpenWifi

src/APConfig.h

@@ -45,10 +45,11 @@ namespace OpenWifi {
 		bool Sub_ = false;
 		Poco::Logger &Logger() { return Logger_; }
 
-		bool ReplaceVariablesInArray(const Poco::JSON::Array::Ptr &O,
-									 Poco::JSON::Array::Ptr &Result);
-		bool ReplaceVariablesInObject(const Poco::JSON::Object::Ptr &Original,
-									  Poco::JSON::Object::Ptr &Result);
+		bool ReplaceVariablesInArray(const Poco::JSON::Array &O,
+									 Poco::JSON::Array &Result);
+		void ReplaceNestedVariables(const std::string uuid, Poco::JSON::Object &Result);
+		bool ReplaceVariablesInObject(const Poco::JSON::Object &Original,
+									  Poco::JSON::Object &Result);
 
 		bool FindRadio(const std::string &Band, const Poco::JSON::Array::Ptr &Arr,
 					   Poco::JSON::Object::Ptr &Radio);
@@ -58,5 +59,6 @@ namespace OpenWifi {
 				   Poco::JSON::Object::Ptr &C);
 		bool RemoveBand(const std::string &Band, const Poco::JSON::Array::Ptr &A_in,
 						Poco::JSON::Array::Ptr &A_Out);
+        bool InsertRadiusEndPoint(const ProvObjects::RADIUSEndPoint &EP, Poco::JSON::Object &Result);
 	};
 } // namespace OpenWifi

src/AutoDiscovery.cpp

@@ -5,6 +5,7 @@
 #include "AutoDiscovery.h"
 #include "Poco/JSON/Parser.h"
 #include "StorageService.h"
+#include "Tasks/VenueConfigUpdater.h"
 #include "framework/KafkaManager.h"
 #include "framework/KafkaTopics.h"
 #include "framework/ow_constants.h"
@@ -31,7 +32,51 @@ namespace OpenWifi {
 		poco_information(Logger(), "Stopped...");
 	};
 
-	void AutoDiscovery::run() {
+    void AutoDiscovery::ProcessPing(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                                    std::string &Compat, std::string &Conn, std::string &locale) {
+        if (P->has(uCentralProtocol::CONNECTIONIP))
+            Conn = P->get(uCentralProtocol::CONNECTIONIP).toString();
+        if (P->has(uCentralProtocol::FIRMWARE))
+            FW = P->get(uCentralProtocol::FIRMWARE).toString();
+        if (P->has(uCentralProtocol::SERIALNUMBER))
+            SN = P->get(uCentralProtocol::SERIALNUMBER).toString();
+        if (P->has(uCentralProtocol::COMPATIBLE))
+            Compat = P->get(uCentralProtocol::COMPATIBLE).toString();
+        if (P->has("locale")) {
+            locale = P->get("locale").toString();
+        }
+    }
+
+    void AutoDiscovery::ProcessConnect(const Poco::JSON::Object::Ptr &P, std::string &FW, std::string &SN,
+                                       std::string &Compat, std::string &Conn, std::string &locale) {
+        if (P->has(uCentralProtocol::CONNECTIONIP))
+            Conn = P->get(uCentralProtocol::CONNECTIONIP).toString();
+        if (P->has(uCentralProtocol::FIRMWARE))
+            FW = P->get(uCentralProtocol::FIRMWARE).toString();
+        if (P->has(uCentralProtocol::SERIALNUMBER))
+            SN = P->get(uCentralProtocol::SERIALNUMBER).toString();
+        else if (P->has(uCentralProtocol::SERIAL))
+            SN = P->get(uCentralProtocol::SERIAL).toString();
+        if (P->has("locale")) {
+            locale = P->get("locale").toString();
+        }
+        if(P->has(uCentralProtocol::CAPABILITIES)) {
+            auto CapObj = P->getObject(uCentralProtocol::CAPABILITIES);
+            if (CapObj->has(uCentralProtocol::COMPATIBLE))
+                Compat = CapObj->get(uCentralProtocol::COMPATIBLE).toString();
+        }
+    }
+
+    void AutoDiscovery::ProcessDisconnect(const Poco::JSON::Object::Ptr &P, [[maybe_unused]] std::string &FW,
+                                            std::string &SN,
+                                          [[maybe_unused]] std::string &Compat,
+                                          [[maybe_unused]] std::string &Conn,
+                                          [[maybe_unused]] std::string &locale) {
+        if (P->has(uCentralProtocol::SERIALNUMBER))
+            SN = P->get(uCentralProtocol::SERIALNUMBER).toString();
+    }
+
+    void AutoDiscovery::run() {
 		Poco::AutoPtr<Poco::Notification> Note(Queue_.waitDequeueNotification());
 		Utils::SetThreadName("auto-discovery");
 		while (Note && Running_) {
@@ -40,43 +85,38 @@ namespace OpenWifi {
 				try {
 					Poco::JSON::Parser Parser;
 					auto Object = Parser.parse(Msg->Payload()).extract<Poco::JSON::Object::Ptr>();
+                    bool    Connected=true;
+                    bool isConnection=false;
 
 					if (Object->has(uCentralProtocol::PAYLOAD)) {
-						auto PayloadObj = Object->getObject(uCentralProtocol::PAYLOAD);
-						std::string ConnectedIP, SerialNumber, DeviceType;
-						if (PayloadObj->has(uCentralProtocol::CONNECTIONIP))
-							ConnectedIP =
-								PayloadObj->get(uCentralProtocol::CONNECTIONIP).toString();
-						if (PayloadObj->has(uCentralProtocol::CAPABILITIES)) {
-							auto CapObj = PayloadObj->getObject(uCentralProtocol::CAPABILITIES);
-							if (CapObj->has(uCentralProtocol::COMPATIBLE)) {
-								DeviceType = CapObj->get(uCentralProtocol::COMPATIBLE).toString();
-								SerialNumber = PayloadObj->get(uCentralProtocol::SERIAL).toString();
-							}
-						} else if (PayloadObj->has(uCentralProtocol::PING)) {
-							auto PingMessage = PayloadObj->getObject(uCentralProtocol::PING);
-							if (PingMessage->has(uCentralProtocol::FIRMWARE) &&
-								PingMessage->has(uCentralProtocol::SERIALNUMBER) &&
-								PingMessage->has(uCentralProtocol::COMPATIBLE)) {
-								if (PingMessage->has(uCentralProtocol::CONNECTIONIP))
-									ConnectedIP =
-										PingMessage->get(uCentralProtocol::CONNECTIONIP).toString();
-								SerialNumber =
-									PingMessage->get(uCentralProtocol::SERIALNUMBER).toString();
-								DeviceType =
-									PingMessage->get(uCentralProtocol::COMPATIBLE).toString();
-							}
-						}
-						std::string Locale;
-						if (PayloadObj->has("locale"))
-							Locale = PayloadObj->get("locale").toString();
+                        auto PayloadObj = Object->getObject(uCentralProtocol::PAYLOAD);
+                        std::string ConnectedIP, SerialNumber, Compatible, Firmware, Locale ;
+                        if (PayloadObj->has(uCentralProtocol::PING)) {
+                            auto PingObj = PayloadObj->getObject("ping");
+                            ProcessPing(PingObj, Firmware, SerialNumber, Compatible, ConnectedIP, Locale);
+                        } else if(PayloadObj->has("capabilities")) {
+                            isConnection=true;
+                            ProcessConnect(PayloadObj, Firmware, SerialNumber, Compatible, ConnectedIP, Locale);
+                        } else if(PayloadObj->has("disconnection")) {
+                            //  we ignore disconnection in provisioning
+                            Connected=false;
+                            ProcessConnect(PayloadObj, Firmware, SerialNumber, Compatible, ConnectedIP, Locale);
+                        } else {
+                            poco_debug(Logger(),fmt::format("Unknown message on 'connection' topic: {}",Msg->Payload()));
+                        }
 
-						if (!SerialNumber.empty()) {
-							StorageService()->InventoryDB().CreateFromConnection(
-								SerialNumber, ConnectedIP, DeviceType, Locale);
-						}
-					}
+                        if (!SerialNumber.empty() && Connected) {
+                            StorageService()->InventoryDB().CreateFromConnection(
+                                    SerialNumber, ConnectedIP, Compatible, Locale, isConnection);
+                            // Now that the entry has been created, we can try to push a config if
+                            // the connection was a capabilities message.
+                            if (isConnection){
+                                ComputeAndPushConfig(SerialNumber, Compatible, Logger());
+                            }
+                        }
+                    }
 				} catch (const Poco::Exception &E) {
+                    std::cout << "EX:" << Msg->Payload() << std::endl;
 					Logger().log(E);
 				} catch (...) {
 				}

src/AutoDiscovery.h

@@ -9,6 +9,7 @@
 
 #include "Poco/Notification.h"
 #include "Poco/NotificationQueue.h"
+#include "Poco/JSON/Object.h"
 
 namespace OpenWifi {
 
@@ -46,7 +47,14 @@ namespace OpenWifi {
 		Poco::Thread Worker_;
 		std::atomic_bool Running_ = false;
 
-		AutoDiscovery() noexcept
+        void ProcessPing(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                                        std::string &Compat, std::string &Conn, std::string &locale) ;
+        void ProcessConnect(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                         std::string &Compat, std::string &Conn, std::string &locale) ;
+        void ProcessDisconnect(const Poco::JSON::Object::Ptr & P, std::string &FW, std::string &SN,
+                            std::string &Compat, std::string &Conn, std::string &locale) ;
+
+        AutoDiscovery() noexcept
 			: SubSystemServer("AutoDiscovery", "AUTO-DISCOVERY", "discovery") {}
 	};
 

src/Daemon.cpp

@@ -23,6 +23,10 @@
 #include "UI_Prov_WebSocketNotifications.h"
 #include "framework/ConfigurationValidator.h"
 #include "framework/UI_WebSocketClientServer.h"
+#include <RadiusEndpointTypes/GlobalReach.h>
+#include <RadiusEndpointTypes/OrionWifi.h>
+#include <RadiusEndpointTypes/Radsec.h>
+#include <RadiusEndpointTypes/GenericRadius.h>
 
 namespace OpenWifi {
 	class Daemon *Daemon::instance_ = nullptr;
@@ -35,7 +39,11 @@ namespace OpenWifi {
 												ConfigurationValidator(), SerialNumberCache(),
 												AutoDiscovery(), JobController(),
 												UI_WebSocketClientServer(), FindCountryFromIP(),
-												Signup(), FileDownloader()});
+												Signup(), FileDownloader(),
+                                                OpenRoaming_GlobalReach(),
+                                                OpenRoaming_Orion(), OpenRoaming_Radsec(),
+                                                OpenRoaming_GenericRadius()
+            });
 		}
 		return instance_;
 	}

src/DeviceTypeCache.h

@@ -63,17 +63,9 @@ namespace OpenWifi {
 			std::lock_guard G(Mutex_);
 
 			Initialized_ = true;
-			std::string DeviceTypes;
-			if (AppServiceRegistry().Get("deviceTypes", DeviceTypes)) {
-				Poco::JSON::Parser P;
-				try {
-					auto O = P.parse(DeviceTypes).extract<Poco::JSON::Array::Ptr>();
-					for (const auto &i : *O) {
-						DeviceTypes_.insert(i.toString());
-					}
-				} catch (...) {
-				}
-			}
+			std::vector<std::string> DeviceTypes;
+			AppServiceRegistry().Get("deviceTypes", DeviceTypes);
+            std::for_each(DeviceTypes.begin(),DeviceTypes.end(),[&](const std::string &s){ DeviceTypes_.insert(s);});
 		}
 
 		inline bool UpdateDeviceTypes() {
@@ -107,15 +99,9 @@ namespace OpenWifi {
 
 		inline void SaveCache() {
 			std::lock_guard G(Mutex_);
-
-			Poco::JSON::Array Arr;
-			for (auto const &i : DeviceTypes_)
-				Arr.add(i);
-
-			std::stringstream OS;
-			Arr.stringify(OS);
-
-			AppServiceRegistry().Set("deviceTypes", OS.str());
+            std::vector<std::string>    DeviceTypes;
+            std::for_each(DeviceTypes_.begin(),DeviceTypes_.end(),[&](const std::string &s){DeviceTypes.emplace_back(s);});
+			AppServiceRegistry().Set("deviceTypes", DeviceTypes);
 		}
 	};
 

src/FileDownloader.cpp

@@ -24,9 +24,15 @@ namespace OpenWifi {
 
 	void FileDownloader::onTimer([[maybe_unused]] Poco::Timer &timer) {
 		const static std::vector<std::pair<std::string, std::string>> Files{
-			{"https://raw.githubusercontent.com/blogic/ucentral-schema/main/ucentral.schema.json",
-			 "ucentral.schema.json"},
-			{"https://ucentral.io/ucentral.schema.pretty.json", "ucentral.schema.pretty.json"}};
+            {
+                "https://raw.githubusercontent.com/Telecominfraproject/wlan-ucentral-schema/main/ucentral.schema.pretty.json",
+                "ucentral.schema.pretty.json"
+            },
+            {
+                "https://raw.githubusercontent.com/Telecominfraproject/wlan-ucentral-schema/main/ucentral.schema.json",
+                "ucentral.schema.json"
+            }
+        };
 
 		Utils::SetThreadName("file-dmnldr");
 

src/Kafka_ProvUpdater.h

@@ -39,9 +39,7 @@ namespace OpenWifi {
 		Poco::JSON::Object Payload;
 		obj.to_json(Payload);
 		Payload.set("ObjectType", OT);
-		std::ostringstream OS;
-		Payload.stringify(OS);
-		KafkaManager()->PostMessage(KafkaTopics::PROVISIONING_CHANGE, Ops[op], std::make_shared<std::string>(OS.str()));
+		KafkaManager()->PostMessage(KafkaTopics::PROVISIONING_CHANGE, Ops[op], Payload);
 
 		return true;
 	}

src/RESTAPI/RESTAPI_configurations_handler.cpp

@@ -91,9 +91,10 @@ namespace OpenWifi {
 			}
 			auto Config = RawObject->get("configuration").toString();
 			Poco::JSON::Object Answer;
-			std::vector<std::string> Error;
+            auto deviceType = GetParameter("deviceType", "AP");
+            std::string Error;
 			auto Res =
-				ValidateUCentralConfiguration(Config, Error, GetBoolParameter("strict", true));
+				ValidateUCentralConfiguration(ConfigurationValidator::GetType(deviceType),Config, Error, GetBoolParameter("strict", true));
 			Answer.set("valid", Res);
 			Answer.set("error", Error);
 			return ReturnObject(Answer);
@@ -134,11 +135,27 @@ namespace OpenWifi {
 		}
 
 		std::vector<std::string> Errors;
-		if (!ValidateConfigBlock(NewObject, Errors)) {
-			return BadRequest(RESTAPI::Errors::ConfigBlockInvalid);
+        auto deviceType = GetParameter("deviceType", "AP");
+        if (!ValidateConfigBlock(ConfigurationValidator::GetType(deviceType), NewObject, Errors)) {
+            return BadRequest(RESTAPI::Errors::ConfigBlockInvalid);
+        }
+
+		Types::UUIDvec_t ToVariables;
+		if (RawObject->has("variables")) {
+			for (const auto &i : NewObject.variables) {
+				if (!i.empty() && !StorageService()->VariablesDB().Exists("id", i)) {
+					return BadRequest(RESTAPI::Errors::VariableMustExist);
+				}
+			}
+			for (const auto &i : NewObject.variables)
+				ToVariables.emplace_back(i);
+			
+			ToVariables = NewObject.variables;
 		}
 
 		if (DB_.CreateRecord(NewObject)) {
+			AddMembership(StorageService()->VariablesDB(),
+							 &ProvObjects::VariableBlock::configurations, ToVariables, NewObject.info.id);
 			MoveUsage(StorageService()->PolicyDB(), DB_, "", NewObject.managementPolicy,
 					  NewObject.info.id);
 			AddMembership(StorageService()->VenueDB(), &ProvObjects::Venue::configurations,
@@ -185,9 +202,10 @@ namespace OpenWifi {
 			Existing.deviceTypes = NewObject.deviceTypes;
 
 		std::vector<std::string> Errors;
-		if (!ValidateConfigBlock(NewObject, Errors)) {
-			return BadRequest(RESTAPI::Errors::ConfigBlockInvalid);
-		}
+        auto deviceType = GetParameter("deviceType", "AP");
+        if (!ValidateConfigBlock(ConfigurationValidator::GetType(deviceType), NewObject, Errors)) {
+            return BadRequest(RESTAPI::Errors::ConfigBlockInvalid);
+        }
 
 		if (RawObject->has("configuration")) {
 			Existing.configuration = NewObject.configuration;

src/RESTAPI/RESTAPI_db_helpers.h

@@ -389,6 +389,13 @@ namespace OpenWifi {
 			DB.ManipulateVectorMember(T, "id", Obj, Id, true);
 	}
 
+	template <typename db_type, typename Member>
+	void AddMembership(db_type &DB, Member T, const Types::UUIDvec_t &Obj, const std::string &Id) {
+		for (const auto &i : Obj) {
+			AddMembership(DB, T, i, Id);
+		}
+	}
+
 	template <typename db_type, typename Member>
 	void ManageMembership(db_type &DB, Member T, const std::string &From, const std::string &To,
 						  const std::string &Id) {
@@ -431,47 +438,49 @@ namespace OpenWifi {
 		return EntityDB::RootUUID();
 	}
 
-	inline bool ValidateConfigBlock(const ProvObjects::DeviceConfiguration &Config,
-									std::vector<std::string> &Errors) {
-		static const std::vector<std::string> SectionNames{
-			"globals",	   "interfaces", "metrics", "radios",	  "services",	"unit",
-			"definitions", "ethernet",	 "switch",	"config-raw", "third-party"};
+    inline bool ValidateConfigBlock(ConfigurationValidator::ConfigurationType Type, const ProvObjects::DeviceConfiguration &Config,
+                                    std::vector<std::string> &Errors) {
+        static const std::vector<std::string> SectionNames{
+                "globals",	   "interfaces", "metrics", "radios",	  "services",	"unit",
+                "definitions", "ethernet",	 "switch",	"config-raw", "third-party"};
 
-		for (const auto &i : Config.configuration) {
-			Poco::JSON::Parser P;
-			if (i.name.empty()) {
-				Errors.push_back("Name is empty");
-				return false;
-			}
+        for (const auto &i : Config.configuration) {
+            Poco::JSON::Parser P;
+            if (i.name.empty()) {
+                Errors.push_back("Name is empty");
+                return false;
+            }
 
-			try {
-				auto Blocks = P.parse(i.configuration).extract<Poco::JSON::Object::Ptr>();
-				auto N = Blocks->getNames();
-				for (const auto &j : N) {
-					if (std::find(SectionNames.cbegin(), SectionNames.cend(), j) ==
-						SectionNames.cend()) {
-						Errors.push_back("Unknown block name");
-						return false;
-					}
-				}
-			} catch (const Poco::JSON::JSONException &E) {
-				Errors.push_back("Invalid JSON document");
-				return false;
-			}
+            try {
+                auto Blocks = P.parse(i.configuration).extract<Poco::JSON::Object::Ptr>();
+                auto N = Blocks->getNames();
+                for (const auto &j : N) {
+                    if (std::find(SectionNames.cbegin(), SectionNames.cend(), j) ==
+                        SectionNames.cend()) {
+                        Errors.push_back("Unknown block name");
+                        return false;
+                    }
+                }
+            } catch (const Poco::JSON::JSONException &E) {
+                Errors.push_back("Invalid JSON document");
+                return false;
+            }
 
-			try {
-				if (ValidateUCentralConfiguration(i.configuration, Errors, true)) {
-					// std::cout << "Block: " << i.name << " is valid" << std::endl;
-				} else {
-					return false;
-				}
-			} catch (...) {
-				Errors.push_back("Invalid configuration caused an exception");
-				return false;
-			}
-		}
-		return true;
-	}
+            try {
+                std::string Error;
+                if (ValidateUCentralConfiguration(Type,i.configuration, Error, true)) {
+                    // std::cout << "Block: " << i.name << " is valid" << std::endl;
+                } else {
+                    Errors.push_back(Error);
+                    return false;
+                }
+            } catch (...) {
+                Errors.push_back("Invalid configuration caused an exception");
+                return false;
+            }
+        }
+        return true;
+    }
 
 	template <typename Type>
 	std::map<std::string, std::string> CreateObjects(Type &NewObject, RESTAPIHandler &R,
@@ -535,7 +544,7 @@ namespace OpenWifi {
 						ProvObjects::DeviceConfiguration DC;
 						if (DC.from_json(ConfigurationDetails)) {
 							if constexpr (std::is_same_v<Type, ProvObjects::InventoryTag>) {
-								if (!ValidateConfigBlock(DC, Errors)) {
+								if (!ValidateConfigBlock(ConfigurationValidator::ConfigurationType::AP,DC, Errors)) {
 									break;
 								}
 								ProvObjects::CreateObjectInfo(R.UserInfo_.userinfo, DC.info);

src/RESTAPI/RESTAPI_inventory_handler.cpp

@@ -14,28 +14,13 @@
 #include "RESTAPI/RESTAPI_db_helpers.h"
 #include "SerialNumberCache.h"
 #include "StorageService.h"
+#include "Tasks/VenueConfigUpdater.h"
 #include "framework/utils.h"
 #include "sdks/SDK_gw.h"
 #include "sdks/SDK_sec.h"
 
 namespace OpenWifi {
 
-	void GetRejectedLines(const Poco::JSON::Object::Ptr &Response, Types::StringVec &Warnings) {
-		try {
-			if (Response->has("results")) {
-				auto Results = Response->get("results").extract<Poco::JSON::Object::Ptr>();
-				auto Status = Results->get("status").extract<Poco::JSON::Object::Ptr>();
-				auto Rejected = Status->getArray("rejected");
-				std::transform(
-					Rejected->begin(), Rejected->end(), std::back_inserter(Warnings),
-					[](auto i) -> auto { return i.toString(); });
-				//                for(const auto &i:*Rejected)
-				//                  Warnings.push_back(i.toString());
-			}
-		} catch (...) {
-		}
-	}
-
 	void RESTAPI_inventory_handler::DoGet() {
 
 		ProvObjects::InventoryTag Existing;
@@ -314,6 +299,8 @@ namespace OpenWifi {
 			return NotFound();
 		}
 
+		std::string previous_venue = Existing.venue;
+
 		auto RemoveSubscriber = GetParameter("removeSubscriber");
 		if (!RemoveSubscriber.empty()) {
 			if (Existing.subscriber == RemoveSubscriber) {
@@ -471,6 +458,13 @@ namespace OpenWifi {
 			SDK::GW::Device::SetOwnerShip(this, SerialNumber, Existing.entity, Existing.venue,
 										  Existing.subscriber);
 
+			// Attempt an automatic config push when the venue is set and different than what is
+			// in DB.
+			poco_information(Logger(), fmt::format("New Venue {} Old Venue {}", NewObject.venue, previous_venue));
+			if (!NewObject.venue.empty() && NewObject.venue != previous_venue) {
+				ComputeAndPushConfig(SerialNumber, NewObject.deviceType, Logger());
+			}
+
 			ProvObjects::InventoryTag NewObjectCreated;
 			DB_.GetRecord("id", Existing.info.id, NewObjectCreated);
 			Poco::JSON::Object Answer;

src/RESTAPI/RESTAPI_inventory_list_handler.cpp

@@ -131,7 +131,9 @@ namespace OpenWifi {
 		} else {
 			ProvObjects::InventoryTagVec Tags;
 			DB_.GetRecords(QB_.Offset, QB_.Limit, Tags, "", OrderBy);
-			return MakeJSONObjectArray("taglist", Tags, *this);
+            return SendList(Tags, SerialOnly);
+
+//			return MakeJSONObjectArray("taglist", Tags, *this);
 		}
 	}
 } // namespace OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.cpp

@@ -0,0 +1,125 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_acct_handler.h"
+#include <RadiusEndpointTypes/GlobalReach.h>
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_acct_handler::DoGet() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        RecordType   Record;
+        if(DB_.GetRecord("id",Account,Record)) {
+            return ReturnObject(Record);
+        }
+        return NotFound();
+    }
+
+    void RESTAPI_openroaming_gr_acct_handler::DoDelete() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        RecordType   Record;
+        if(!DB_.GetRecord("id",Account,Record)) {
+            return NotFound();
+        }
+
+        StorageService()->GLBLRCertsDB().DeleteRecords(fmt::format(" accountId='{}' ", Account));
+        DB_.DeleteRecord("id", Account);
+
+        return OK();
+    }
+
+    void RESTAPI_openroaming_gr_acct_handler::DoPost() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType    NewObject;
+        if( !NewObject.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(NewObject.privateKey.empty() || NewObject.GlobalReachAcctId.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(!NewObject.privateKey.empty() && !Utils::VerifyECKey(NewObject.privateKey)) {
+            return BadRequest(RESTAPI::Errors::NotAValidECKey);
+        }
+
+        std::string GlobalReachName;
+        if(!OpenRoaming_GlobalReach()->VerifyAccount(NewObject.GlobalReachAcctId,NewObject.privateKey,GlobalReachName)) {
+            return BadRequest(RESTAPI::Errors::InvalidGlobalReachAccount);
+        }
+
+        if( NewObject.commonName.empty() || NewObject.organization.empty() ||
+            NewObject.city.empty() || NewObject.province.empty() || NewObject.country.empty() ) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        Utils::CSRCreationParameters    P;
+        P.Country = NewObject.country;
+        P.CommonName = NewObject.commonName;
+        P.Province = NewObject.province;
+        P.City = NewObject.city;
+        P.Organization = NewObject.organization;
+        Utils::CSRCreationResults       R;
+        if(!Utils::CreateX509CSR(P,R)) {
+            return BadRequest(RESTAPI::Errors::CannotCreateCSR);
+        }
+
+        NewObject.CSR = R.CSR;
+        NewObject.CSRPublicKey = R.PublicKey;
+        NewObject.CSRPrivateKey = R.PrivateKey;
+
+        ProvObjects::CreateObjectInfo(RawObject,UserInfo_.userinfo,NewObject.info);
+
+        if(DB_.CreateRecord(NewObject)) {
+            RecordType StoredObject;
+            DB_.GetRecord("id",NewObject.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_openroaming_gr_acct_handler::DoPut() {
+        auto Account = GetBinding("account","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType    Modify;
+        if(!Modify.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        RecordType    Existing;
+        if(!DB_.GetRecord("id",Account,Existing)) {
+            return NotFound();
+        }
+
+        if(!ProvObjects::UpdateObjectInfo(RawObject,UserInfo_.userinfo,Existing.info)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(DB_.UpdateRecord("id",Existing.info.id,Existing)) {
+            RecordType StoredObject;
+            DB_.GetRecord("id",Existing.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotUpdated);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.h

@@ -0,0 +1,32 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/account/{id}"}; };
+
+    private:
+        using RecordType = ProvObjects::GLBLRAccountInfo;
+        GLBLRAccountInfoDB &DB_ = StorageService()->GLBLRAccountInfoDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final;
+        void DoDelete() final;
+    };
+} // namespace OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.cpp

@@ -0,0 +1,113 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_cert_handler.h"
+#include <RadiusEndpointTypes/GlobalReach.h>
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_cert_handler::DoGet() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+
+        if(Account.empty() || Id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(!StorageService()->GLBLRAccountInfoDB().Exists("id",Account)) {
+            return NotFound();
+        }
+
+        std::vector<RecordType>  Certificates;
+        DB_.GetRecords(0,1,Certificates,fmt::format(" accountId='{}' and id='{}' ", Account, Id));
+        if(Certificates.empty()) {
+            return NotFound();
+        }
+        return ReturnObject(Certificates[0]);
+    }
+
+    void RESTAPI_openroaming_gr_cert_handler::DoDelete() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+        if(Account.empty() || Id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(!StorageService()->GLBLRAccountInfoDB().Exists("id",Account)) {
+            return NotFound();
+        }
+
+        DB_.DeleteRecords(fmt::format(" accountId='{}' and id='{}' ", Account, Id));
+        return OK();
+    }
+
+    void RESTAPI_openroaming_gr_cert_handler::DoPost() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+
+        if(Account.empty() || Id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType   NewObject;
+        if( !NewObject.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(NewObject.name.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        ProvObjects::GLBLRAccountInfo   AccountInfo;
+        if(!StorageService()->GLBLRAccountInfoDB().GetRecord("id",Account, AccountInfo)) {
+            return BadRequest(RESTAPI::Errors::InvalidGlobalReachAccount);
+        }
+
+        if(OpenRoaming_GlobalReach()->CreateRADSECCertificate(AccountInfo.GlobalReachAcctId,NewObject.name,AccountInfo.CSR, NewObject)) {
+            NewObject.id = MicroServiceCreateUUID();
+            NewObject.accountId = Account;
+            NewObject.created = Utils::Now();
+            NewObject.csr = AccountInfo.CSR;
+            DB_.CreateRecord(NewObject);
+            RecordType   CreatedObject;
+            DB_.GetRecord("id",NewObject.id,CreatedObject);
+            return ReturnObject(CreatedObject);
+        }
+
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_openroaming_gr_cert_handler::DoPut() {
+        auto Account = GetBinding("account","");
+        auto Id = GetBinding("id","");
+        auto UpdateCertificate = GetBoolParameter("updateCertificate",false);
+
+        if(Account.empty() || Id.empty() || !UpdateCertificate){
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        ProvObjects::GLBLRAccountInfo   AccountInfo;
+        if(!StorageService()->GLBLRAccountInfoDB().GetRecord("id",Account, AccountInfo)) {
+            return BadRequest(RESTAPI::Errors::InvalidGlobalReachAccount);
+        }
+
+        ProvObjects::GLBLRCertificateInfo   Existing;
+        if(!DB_.GetRecord("id",Id,Existing)) {
+            return NotFound();
+        }
+
+        if(OpenRoaming_GlobalReach()->CreateRADSECCertificate(AccountInfo.GlobalReachAcctId,Existing.name,AccountInfo.CSR, Existing)) {
+            Existing.created = Utils::Now();
+            DB_.UpdateRecord("id",Existing.id,Existing);
+            RecordType   CreatedObject;
+            DB_.GetRecord("id",Existing.id,CreatedObject);
+            ProvObjects::RADIUSEndpointUpdateStatus Status;
+            Status.ChangeConfiguration();
+            return ReturnObject(CreatedObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotUpdated);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_cert_handler.h

@@ -0,0 +1,32 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_cert_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_cert_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                            RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                            bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/certificate/{account}/{id}"}; };
+
+    private:
+        using RecordType = ProvObjects::GLBLRCertificateInfo;
+        GLBLRCertsDB &DB_ = StorageService()->GLBLRCertsDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final ;
+        void DoDelete() final;
+    };
+} // namespace OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.cpp

@@ -0,0 +1,20 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_list_acct_handler.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_list_acct_handler::DoGet() {
+
+        if(GetBoolParameter("countOnly")) {
+            return ReturnCountOnly(DB_.Count());
+        }
+
+        std::vector<RecordType>  Accounts;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Accounts);
+        return ReturnObject(Accounts);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.h

@@ -0,0 +1,30 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_list_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_list_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/accounts"}; };
+
+    private:
+        using RecordType = ProvObjects::GLBLRAccountInfo;
+        GLBLRAccountInfoDB &DB_ = StorageService()->GLBLRAccountInfoDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final{};
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.cpp

@@ -0,0 +1,36 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "RESTAPI_openroaming_gr_list_certificates.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_gr_list_certificates::DoGet() {
+        auto Account = GetBinding("account");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if(Account=="*") {
+            std::vector< ProvObjects::GLBLRCertificateInfo> Arr;
+            for(const auto &cert:QB_.Select) {
+                ProvObjects::GLBLRCertificateInfo CInfo;
+                if(StorageService()->GLBLRCertsDB().GetRecord("id",cert,CInfo)) {
+                    Arr.emplace_back(CInfo);
+                }
+            }
+            return ReturnObject(Arr);
+        }
+
+        auto Where = fmt::format(" accountId='{}'", Account);
+        if(GetBoolParameter("countOnly")) {
+            return ReturnCountOnly(DB_.Count(Where));
+        }
+
+        std::vector<RecordType>  Certificates;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Certificates, Where);
+        return ReturnObject(Certificates);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_gr_list_certificates.h

@@ -0,0 +1,30 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_gr_list_certificates : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_gr_list_certificates(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/globalreach/certificates/{account}"}; };
+
+    private:
+        using RecordType = ProvObjects::GLBLRCertificateInfo;
+        GLBLRCertsDB &DB_ = StorageService()->GLBLRCertsDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final{};
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi
+

src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.cpp

@@ -0,0 +1,99 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#include "RESTAPI_openroaming_orion_acct_handler.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_orion_acct_handler::DoGet() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        RecordType   Record;
+        if(DB_.GetRecord("id",Account,Record)) {
+            return ReturnObject(Record);
+        }
+        return NotFound();
+    }
+
+    void RESTAPI_openroaming_orion_acct_handler::DoDelete() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        RecordType   Record;
+        if(!DB_.GetRecord("id",Account,Record)) {
+            return NotFound();
+        }
+        DB_.DeleteRecord("id", Account);
+        return OK();
+    }
+
+    void RESTAPI_openroaming_orion_acct_handler::DoPost() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType    NewObject;
+        if( !NewObject.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if( NewObject.privateKey.empty()    ||
+            NewObject.certificate.empty()   ||
+            NewObject.cacerts.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        if( !Utils::VerifyECKey(NewObject.privateKey)           ||
+            !Utils::ValidX509Certificate(NewObject.certificate) ||
+            !Utils::ValidX509Certificate(NewObject.cacerts)) {
+            return BadRequest(RESTAPI::Errors::NotAValidECKey);
+        }
+
+        ProvObjects::CreateObjectInfo(RawObject,UserInfo_.userinfo,NewObject.info);
+
+        if(DB_.CreateRecord(NewObject)) {
+            RecordType StoredObject;
+            DB_.GetRecord("id",NewObject.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_openroaming_orion_acct_handler::DoPut() {
+        auto Account = GetBinding("id","");
+        if(Account.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType    Modify;
+        if(!Modify.from_json(RawObject)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        RecordType    Existing;
+        if(!DB_.GetRecord("id",Account,Existing)) {
+            return NotFound();
+        }
+
+        if(!ProvObjects::UpdateObjectInfo(RawObject,UserInfo_.userinfo,Existing.info)) {
+            return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(DB_.UpdateRecord("id",Existing.info.id,Existing)) {
+            RecordType StoredObject;
+            DB_.GetRecord("id",Existing.info.id,StoredObject);
+            return ReturnObject(StoredObject);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotUpdated);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_orion_acct_handler.h

@@ -0,0 +1,32 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_orion_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_orion_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                    RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                    bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/orion/account/{id}"}; };
+
+    private:
+        using RecordType = ProvObjects::GooglOrionAccountInfo;
+        OrionAccountsDB &DB_ = StorageService()->OrionAccountsDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final;
+        void DoDelete() final;
+    };
+} // namespace OpenWifi

src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.cpp

@@ -0,0 +1,19 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#include "RESTAPI_openroaming_orion_list_acct_handler.h"
+
+
+namespace OpenWifi {
+
+    void RESTAPI_openroaming_orion_list_acct_handler::DoGet() {
+        if(GetBoolParameter("countOnly")) {
+            return ReturnCountOnly(DB_.Count());
+        }
+        std::vector<RecordType >  Accounts;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Accounts);
+        return ReturnObject(Accounts);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.h

@@ -0,0 +1,30 @@
+//
+// Created by stephane bourque on 2023-09-15.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_openroaming_orion_list_acct_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_openroaming_orion_list_acct_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/openroaming/orion/accounts"}; };
+
+    private:
+        using RecordType = ProvObjects::GooglOrionAccountInfo;
+        OrionAccountsDB &DB_ = StorageService()->OrionAccountsDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final{};
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi
+

src/RESTAPI/RESTAPI_radius_endpoint_handler.cpp

@@ -0,0 +1,202 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#include "RESTAPI_radius_endpoint_handler.h"
+#include <storage/storage_orion_accounts.h>
+#include <RESTObjects/RESTAPI_GWobjects.h>
+
+namespace OpenWifi {
+
+    void RESTAPI_radius_endpoint_handler::DoGet() {
+        auto id = GetBinding("id");
+        if(id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingAuthenticationInformation);
+        }
+
+        RecordType Record;
+        if(DB_.GetRecord("id",id,Record)) {
+            return ReturnObject(Record);
+        }
+
+        return NotFound();
+    }
+
+    void RESTAPI_radius_endpoint_handler::DoDelete() {
+        auto id = GetBinding("id");
+        if(id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingAuthenticationInformation);
+        }
+        RecordType Record;
+        if(DB_.GetRecord("id",id,Record)) {
+            DB_.DeleteRecord("id",id);
+            ProvObjects::RADIUSEndpointUpdateStatus Status;
+            Status.ChangeConfiguration();
+            return OK();
+        }
+        return NotFound();
+    }
+
+    static bool ValidPort(std::uint32_t P) {
+        return P>0 && P<65535;
+    }
+
+    static bool ValidRadiusServer(const ProvObjects::RADIUSServer &S) {
+        if(S.Hostname.empty() || !ValidPort(S.Port) || !Utils::ValidIP(S.IP) || S.Secret.empty()) {
+            return false;
+        }
+        return true;
+    }
+
+    static bool ValidRadiusServer(const std::vector<ProvObjects::RADIUSServer> &ServerList) {
+        return std::all_of(ServerList.begin(),ServerList.end(),[](const ProvObjects::RADIUSServer &Server)->bool { return ValidRadiusServer(Server); });
+    }
+
+    void RESTAPI_radius_endpoint_handler::DoPost() {
+        auto id = GetBinding("id");
+        if(id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingAuthenticationInformation);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType     NewRecord;
+        if(!NewRecord.from_json(RawObject)) {
+            return BadRequest(RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        if(GWObjects::RadiusEndpointType(NewRecord.Type)==GWObjects::RadiusEndpointType::unknown) {
+            return BadRequest(RESTAPI::Errors::InvalidRadiusTypeEndpoint);
+        }
+        if(GWObjects::RadiusPoolStrategy(NewRecord.PoolStrategy)==GWObjects::RadiusPoolStrategy::unknown) {
+            return BadRequest(RESTAPI::Errors::InvalidRadiusEndpointPoolStrategy);
+        }
+        if(!NewRecord.RadiusServers.empty() && !NewRecord.RadsecServers.empty()) {
+            return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
+        }
+
+        auto EndPointType = GWObjects::RadiusEndpointType(NewRecord.Type);
+        switch(EndPointType) {
+            case GWObjects::RadiusEndpointType::radsec:
+            case GWObjects::RadiusEndpointType::orion:
+            case GWObjects::RadiusEndpointType::globalreach:
+            {
+                if(NewRecord.RadsecServers.empty()) {
+                    return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
+                }
+            } break;
+            case GWObjects::RadiusEndpointType::generic: {
+                if(NewRecord.RadiusServers.empty()) {
+                    return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
+                }
+            } break;
+            default:
+                return BadRequest(RESTAPI::Errors::EndpointMustHaveOneTypeOfServers);
+        }
+
+        if(NewRecord.Index.empty() || !RadiusEndpointDB::ValidIndex(NewRecord.Index)) {
+            return BadRequest(RESTAPI::Errors::RadiusEndpointIndexInvalid);
+        }
+
+        //  Make sure that nobody is using that index
+        auto where = fmt::format(" index='{}' ", NewRecord.Index);
+        if(DB_.Count(where)!=0) {
+            return BadRequest(RESTAPI::Errors::RadiusEndpointIndexInvalid);
+        }
+
+        if(EndPointType==GWObjects::RadiusEndpointType::generic) {
+            for(const auto &Server:NewRecord.RadiusServers) {
+                if(!ValidRadiusServer(Server.Authentication) ||
+                !ValidRadiusServer(Server.Accounting) ||
+                !ValidRadiusServer(Server.CoA)) {
+                    return BadRequest(RESTAPI::Errors::InvalidRadiusServer);
+                }
+            }
+        } else {
+            switch(EndPointType) {
+                case GWObjects::RadiusEndpointType::orion: {
+                    for(const auto &Server:NewRecord.RadsecServers) {
+                        if(!StorageService()->OrionAccountsDB().Exists("id",Server.UseOpenRoamingAccount)) {
+                            return BadRequest(RESTAPI::Errors::OrionAccountMustExist);
+                        }
+                    }
+                } break;
+                case GWObjects::RadiusEndpointType::globalreach: {
+                    for(const auto &Server:NewRecord.RadsecServers) {
+                        if(!StorageService()->GLBLRCertsDB().Exists("id",Server.UseOpenRoamingAccount)) {
+                            return BadRequest(RESTAPI::Errors::GlobalReachCertMustExist);
+                        }
+                    }
+                } break;
+                case GWObjects::RadiusEndpointType::radsec: {
+                    for(const auto &Server:NewRecord.RadsecServers) {
+                        if(Server.Certificate.empty() || !Utils::ValidX509Certificate(Server.Certificate)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecMainCertificate);
+                        }
+                        if(Server.CaCerts.empty() || !Utils::ValidX509Certificate(Server.CaCerts)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecCaCertificate);
+                        }
+                        if(Server.PrivateKey.empty() || !Utils::VerifyPrivateKey(Server.PrivateKey)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecPrivteKey);
+                        }
+                        if(!Utils::ValidIP(Server.IP)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecIPAddress);
+                        }
+                        if(!(Server.Port>0 && Server.Port<65535)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecPort);
+                        }
+                        if(Server.Secret.empty()) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecSecret);
+                        }
+                    }
+
+                } break;
+                default: {
+
+                }
+            }
+        }
+
+        ProvObjects::CreateObjectInfo(RawObject,UserInfo_.userinfo,NewRecord.info);
+        if(DB_.CreateRecord(NewRecord)) {
+            RecordType  AddedRecord;
+            DB_.GetRecord("id", NewRecord.info.id, AddedRecord);
+            ProvObjects::RADIUSEndpointUpdateStatus Status;
+            Status.ChangeConfiguration();
+            return ReturnObject(AddedRecord);
+        }
+        return BadRequest(RESTAPI::Errors::RecordNotCreated);
+    }
+
+    void RESTAPI_radius_endpoint_handler::DoPut() {
+        auto id = GetBinding("id");
+        if(id.empty()) {
+            return BadRequest(RESTAPI::Errors::MissingAuthenticationInformation);
+        }
+
+        const auto &RawObject = ParsedBody_;
+        RecordType     ModifiedRecord;
+        if(!ModifiedRecord.from_json(RawObject)) {
+            return BadRequest(RESTAPI::Errors::InvalidJSONDocument);
+        }
+
+        RecordType     Existing;
+        if(!DB_.GetRecord("id",id,Existing)) {
+            return NotFound();
+        }
+
+        AssignIfPresent(RawObject,"NasIdentifier", Existing.NasIdentifier);
+        AssignIfPresent(RawObject,"AccountingInterval", Existing.AccountingInterval);
+
+        ProvObjects::UpdateObjectInfo(RawObject, UserInfo_.userinfo, Existing.info);
+        if(DB_.UpdateRecord("id", Existing.info.id, Existing)) {
+            RecordType  AddedRecord;
+            DB_.GetRecord("id", Existing.info.id, AddedRecord);
+            ProvObjects::RADIUSEndpointUpdateStatus Status;
+            Status.ChangeConfiguration();
+            return ReturnObject(AddedRecord);
+        }
+
+        return BadRequest(RESTAPI::Errors::NotImplemented);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_radius_endpoint_handler.h

@@ -0,0 +1,33 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_radius_endpoint_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_radius_endpoint_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                            RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                            bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_POST,
+                                                          Poco::Net::HTTPRequest::HTTP_DELETE,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/RADIUSEndPoint/{id}"}; };
+
+    private:
+        using RecordType = ProvObjects::RADIUSEndPoint;
+        RadiusEndpointDB &DB_ = StorageService()->RadiusEndpointDB();
+        void DoGet() final;
+        void DoPost() final;
+        void DoPut() final;
+        void DoDelete() final;
+    };
+} // namespace OpenWifi
+

src/RESTAPI/RESTAPI_radiusendpoint_list_handler.cpp

@@ -0,0 +1,49 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#include "RESTAPI_radiusendpoint_list_handler.h"
+#include "framework/AppServiceRegistry.h"
+#include "RadiusEndpointUpdater.h"
+
+namespace OpenWifi {
+
+    void RESTAPI_radiusendpoint_list_handler::DoGet() {
+
+        if(GetBoolParameter("currentStatus")) {
+            ProvObjects::RADIUSEndpointUpdateStatus Status;
+            Status.Read();
+            return ReturnObject(Status);
+        }
+
+        if(QB_.CountOnly) {
+            return ReturnCountOnly(DB_.Count());
+        }
+
+        std::vector<RecordType>    Records;
+        DB_.GetRecords(QB_.Offset,QB_.Limit,Records);
+        return ReturnObject(Records);
+    }
+
+    void RESTAPI_radiusendpoint_list_handler::DoPut() {
+        if( UserInfo_.userinfo.userRole!=SecurityObjects::ROOT &&
+            UserInfo_.userinfo.userRole!=SecurityObjects::ADMIN) {
+            return BadRequest(RESTAPI::Errors::ACCESS_DENIED);
+        }
+
+        if(GetBoolParameter("updateEndpoints")) {
+            RadiusEndpointUpdater R;
+
+            std::uint64_t ErrorCode;
+            std::string ErrorDetails;
+            std::string ErrorDescription;
+
+            if(!R.UpdateEndpoints(this, ErrorCode, ErrorDetails,ErrorDescription)) {
+                return InternalError(RESTAPI::Errors::msg{.err_num = ErrorCode, .err_txt = ErrorDetails + ":" + ErrorDescription});
+            }
+            return OK();
+        }
+        return BadRequest(RESTAPI::Errors::MissingAuthenticationInformation);
+    }
+
+} // OpenWifi

src/RESTAPI/RESTAPI_radiusendpoint_list_handler.h

@@ -0,0 +1,31 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#pragma once
+#include "StorageService.h"
+#include "framework/RESTAPI_Handler.h"
+
+namespace OpenWifi {
+    class RESTAPI_radiusendpoint_list_handler : public RESTAPIHandler {
+    public:
+        RESTAPI_radiusendpoint_list_handler(const RESTAPIHandler::BindingMap &bindings, Poco::Logger &L,
+                                                 RESTAPI_GenericServerAccounting &Server, uint64_t TransactionId,
+                                                 bool Internal)
+                : RESTAPIHandler(bindings, L,
+                                 std::vector<std::string>{Poco::Net::HTTPRequest::HTTP_GET,
+                                                          Poco::Net::HTTPRequest::HTTP_PUT,
+                                                          Poco::Net::HTTPRequest::HTTP_OPTIONS},
+                                 Server, TransactionId, Internal) {}
+        static auto PathName() { return std::list<std::string>{"/api/v1/RADIUSEndPoints"}; };
+
+    private:
+        using RecordType = ProvObjects::RADIUSEndPoint;
+        RadiusEndpointDB &DB_ = StorageService()->RadiusEndpointDB();
+        void DoGet() final;
+        void DoPost() final{};
+        void DoPut() final;
+        void DoDelete() final{};
+    };
+} // namespace OpenWifi
+

src/RESTAPI/RESTAPI_routers.cpp

@@ -35,6 +35,14 @@
 #include "RESTAPI/RESTAPI_variables_list_handler.h"
 #include "RESTAPI/RESTAPI_venue_handler.h"
 #include "RESTAPI/RESTAPI_venue_list_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_acct_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_list_acct_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_cert_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_gr_list_certificates.h"
+#include "RESTAPI/RESTAPI_openroaming_orion_acct_handler.h"
+#include "RESTAPI/RESTAPI_openroaming_orion_list_acct_handler.h"
+#include "RESTAPI/RESTAPI_radiusendpoint_list_handler.h"
+#include "RESTAPI/RESTAPI_radius_endpoint_handler.h"
 
 #include "framework/RESTAPI_SystemCommand.h"
 #include "framework/RESTAPI_WebSocketServer.h"
@@ -60,7 +68,11 @@ namespace OpenWifi {
 			RESTAPI_operators_list_handler, RESTAPI_service_class_handler,
 			RESTAPI_service_class_list_handler, RESTAPI_op_contact_handler,
 			RESTAPI_op_contact_list_handler, RESTAPI_op_location_handler,
-			RESTAPI_op_location_list_handler, RESTAPI_asset_server, RESTAPI_overrides_handler>(
+			RESTAPI_op_location_list_handler, RESTAPI_asset_server, RESTAPI_overrides_handler,
+            RESTAPI_openroaming_gr_acct_handler, RESTAPI_openroaming_gr_list_acct_handler,
+            RESTAPI_openroaming_gr_cert_handler, RESTAPI_openroaming_gr_list_certificates,
+            RESTAPI_openroaming_orion_acct_handler, RESTAPI_openroaming_orion_list_acct_handler,
+            RESTAPI_radiusendpoint_list_handler, RESTAPI_radius_endpoint_handler>(
 			Path, Bindings, L, S, TransactionId);
 	}
 
@@ -82,7 +94,11 @@ namespace OpenWifi {
 			RESTAPI_operators_list_handler, RESTAPI_service_class_handler,
 			RESTAPI_service_class_list_handler, RESTAPI_op_contact_handler,
 			RESTAPI_op_contact_list_handler, RESTAPI_op_location_handler,
-			RESTAPI_op_location_list_handler, RESTAPI_overrides_handler>(Path, Bindings, L, S,
-																		 TransactionId);
+			RESTAPI_op_location_list_handler, RESTAPI_overrides_handler,
+            RESTAPI_openroaming_gr_acct_handler, RESTAPI_openroaming_gr_list_acct_handler,
+            RESTAPI_openroaming_gr_cert_handler, RESTAPI_openroaming_gr_list_certificates,
+            RESTAPI_openroaming_orion_acct_handler, RESTAPI_openroaming_orion_list_acct_handler,
+            RESTAPI_radiusendpoint_list_handler, RESTAPI_radius_endpoint_handler>(
+                    Path, Bindings, L, S,TransactionId);
 	}
 } // namespace OpenWifi

src/RESTAPI/RESTAPI_venue_handler.cpp

@@ -187,7 +187,7 @@ namespace OpenWifi {
 			}
 		}
 
-		if (!NewObject.sourceIP.empty() && CIDR::ValidateIpRanges(NewObject.sourceIP)) {
+		if (!NewObject.sourceIP.empty() && !CIDR::ValidateIpRanges(NewObject.sourceIP)) {
 			return BadRequest(RESTAPI::Errors::InvalidIPRanges);
 		}
 
@@ -276,21 +276,19 @@ namespace OpenWifi {
 		auto testUpdateOnly = GetBoolParameter("testUpdateOnly");
 		if (testUpdateOnly) {
 			ProvObjects::SerialNumberList SNL;
-
+            StorageService()->InventoryDB().GetDevicesForVenue(UUID, SNL.serialNumbers);
 			Poco::JSON::Object Answer;
-			SNL.serialNumbers = Existing.devices;
 			SNL.to_json(Answer);
 			return ReturnObject(Answer);
 		}
 
 		if (GetBoolParameter("updateAllDevices")) {
 			ProvObjects::SerialNumberList SNL;
+            StorageService()->InventoryDB().GetDevicesForVenue(UUID, SNL.serialNumbers);
 
 			Poco::JSON::Object Answer;
-			SNL.serialNumbers = Existing.devices;
 			auto JobId = MicroServiceCreateUUID();
 			Types::StringVec Parameters{UUID};
-			;
 			auto NewJob = new VenueConfigUpdater(JobId, "VenueConfigurationUpdater", Parameters, 0,
 												 UserInfo_.userinfo, Logger());
 			JobController()->AddJob(dynamic_cast<Job *>(NewJob));
@@ -302,11 +300,10 @@ namespace OpenWifi {
 		if (GetBoolParameter("upgradeAllDevices")) {
 			if (GetBoolParameter("revisionsAvailable")) {
 				std::set<std::string> DeviceTypes;
-				for (const auto &serialNumber : Existing.devices) {
-					ProvObjects::InventoryTag Device;
-					if (StorageService()->InventoryDB().GetRecord("id", serialNumber, Device)) {
-						DeviceTypes.insert(Device.deviceType);
-					}
+                std::vector<ProvObjects::InventoryTag> ExistingDevices;
+                StorageService()->InventoryDB().GetDevicesForVenue(UUID, ExistingDevices);
+				for (const auto &device : ExistingDevices) {
+                    DeviceTypes.insert(device.deviceType);
 				}
 
 				//  Get all the revisions for all the device types
@@ -374,18 +371,17 @@ namespace OpenWifi {
 				return ReturnObject(Answer);
 			}
 
-			ProvObjects::SerialNumberList SNL;
-
 			auto Revision = GetParameter("revision", "");
 			if (Revision.empty()) {
 				return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
 			}
 
+            ProvObjects::SerialNumberList SNL;
+            StorageService()->InventoryDB().GetDevicesForVenue(UUID, SNL.serialNumbers);
+
 			Poco::JSON::Object Answer;
-			SNL.serialNumbers = Existing.devices;
 			auto JobId = MicroServiceCreateUUID();
 			Types::StringVec Parameters{UUID, Revision};
-			;
 			auto NewJob = new VenueUpgrade(JobId, "VenueFirmwareUpgrade", Parameters, 0,
 										   UserInfo_.userinfo, Logger());
 			JobController()->AddJob(dynamic_cast<Job *>(NewJob));
@@ -396,9 +392,9 @@ namespace OpenWifi {
 
 		if (GetBoolParameter("rebootAllDevices")) {
 			ProvObjects::SerialNumberList SNL;
+            StorageService()->InventoryDB().GetDevicesForVenue(UUID, SNL.serialNumbers);
 
 			Poco::JSON::Object Answer;
-			SNL.serialNumbers = Existing.devices;
 			auto JobId = MicroServiceCreateUUID();
 			Types::StringVec Parameters{UUID};
 			;

src/RESTObjects/RESTAPI_GWobjects.cpp

@@ -171,6 +171,31 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "lastModified", LastModified);
 	}
 
+	void DefaultFirmware::to_json(Poco::JSON::Object &Obj) const {
+		field_to_json(Obj, "deviceType", deviceType);
+		field_to_json(Obj, "description", Description);
+		field_to_json(Obj, "uri", uri);
+		field_to_json(Obj, "revision", revision);
+		field_to_json(Obj, "imageCreationDate", imageCreationDate);
+		field_to_json(Obj, "created", Created);
+		field_to_json(Obj, "lastModified", LastModified);
+	}
+
+	bool DefaultFirmware::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj, "deviceType", deviceType);
+			field_from_json(Obj, "description", Description);
+			field_from_json(Obj, "uri", uri);
+			field_from_json(Obj, "revision", revision);
+			field_from_json(Obj, "imageCreationDate", imageCreationDate);
+			field_from_json(Obj, "created", Created);
+			field_from_json(Obj, "lastModified", LastModified);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
 	void CommandDetails::to_json(Poco::JSON::Object &Obj) const {
 		EmbedDocument("details", Obj, Details);
 		EmbedDocument("results", Obj, Results);
@@ -246,6 +271,8 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "connectionCompletionTime", connectionCompletionTime);
 		field_to_json(Obj, "totalConnectionTime", Utils::Now() - started);
 		field_to_json(Obj, "certificateExpiryDate", certificateExpiryDate);
+		field_to_json(Obj, "connectReason", connectReason);
+
 #ifdef TIP_GATEWAY_SERVICE
 		hasRADIUSSessions = RADIUSSessionTracker()->HasSessions(SerialNumber);
 		AP_WS_Server()->ExtendedAttributes(SerialNumber, hasGPS, sanity,
@@ -403,6 +430,10 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "acctConfig", acctConfig);
 		field_to_json(Obj, "coaConfig", coaConfig);
 		field_to_json(Obj, "useByDefault", useByDefault);
+		field_to_json(Obj, "radsecKeepAlive", radsecKeepAlive);
+		field_to_json(Obj, "poolProxyIp", poolProxyIp);
+		field_to_json(Obj, "radsecPoolType", radsecPoolType);
+		field_to_json(Obj, "enabled", enabled);
 	}
 
 	bool RadiusProxyPool::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -413,6 +444,10 @@ namespace OpenWifi::GWObjects {
 			field_from_json(Obj, "acctConfig", acctConfig);
 			field_from_json(Obj, "coaConfig", coaConfig);
 			field_from_json(Obj, "useByDefault", useByDefault);
+			field_from_json(Obj, "radsecKeepAlive", radsecKeepAlive);
+			field_from_json(Obj, "poolProxyIp", poolProxyIp);
+			field_from_json(Obj, "radsecPoolType", radsecPoolType);
+			field_from_json(Obj, "enabled", enabled);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}
@@ -630,18 +665,50 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "chargeableUserIdentity", chargeableUserIdentity);
 		field_to_json(Obj, "interface", interface);
 		field_to_json(Obj, "secret", secret);
+		field_to_json(Obj, "nasId", nasId);
+		field_to_json(Obj, "calledStationId", calledStationId);
 	}
 
 	void RADIUSSessionList::to_json(Poco::JSON::Object &Obj) const {
 		field_to_json(Obj, "sessions", sessions);
 	}
 
+	void RadiusCoADMParameters::to_json(Poco::JSON::Object &Obj) const {
+		field_to_json(Obj, "accountingSessionId", accountingSessionId);
+		field_to_json(Obj, "accountingMultiSessionId", accountingMultiSessionId);
+		field_to_json(Obj, "callingStationId", callingStationId);
+		field_to_json(Obj, "chargeableUserIdentity", chargeableUserIdentity);
+		field_to_json(Obj, "userName", userName);
+	}
+
 	bool RadiusCoADMParameters::from_json(const Poco::JSON::Object::Ptr &Obj) {
 		try {
 			field_from_json(Obj, "accountingSessionId", accountingSessionId);
 			field_from_json(Obj, "accountingMultiSessionId", accountingMultiSessionId);
 			field_from_json(Obj, "callingStationId", callingStationId);
 			field_from_json(Obj, "chargeableUserIdentity", chargeableUserIdentity);
+			field_from_json(Obj, "userName", userName);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
+	bool DeviceTransferRequest::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj, "serialNumber", serialNumber);
+			field_from_json(Obj, "server", server);
+			field_from_json(Obj, "port", port);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
+	bool DeviceCertificateUpdateRequest::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj, "serialNumber", serialNumber);
+			field_from_json(Obj, "encodedCertificate", encodedCertificate);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}

src/RESTObjects/RESTAPI_GWobjects.h

@@ -42,12 +42,13 @@ namespace OpenWifi::GWObjects {
 		uint64_t sessionId = 0;
 		double connectionCompletionTime = 0.0;
 		std::uint64_t certificateExpiryDate = 0;
-		bool hasRADIUSSessions = false;
+		std::uint64_t hasRADIUSSessions = 0;
 		bool hasGPS = false;
 		std::uint64_t sanity=0;
 		std::double_t memoryUsed=0.0;
 		std::double_t load=0.0;
 		std::double_t temperature=0.0;
+		std::string 	connectReason;
 
 		void to_json(const std::string &SerialNumber, Poco::JSON::Object &Obj) ;
 	};
@@ -181,6 +182,26 @@ namespace OpenWifi::GWObjects {
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
 	};
 
+	struct DefaultFirmware {
+		std::string deviceType;
+		std::string Description;
+		std::string uri;
+		std::string revision;
+		uint64_t imageCreationDate;
+		uint64_t Created;
+		uint64_t LastModified;
+
+		void to_json(Poco::JSON::Object &Obj) const;
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+
+	struct DefaultFirmwareList {
+		std::vector<DefaultFirmware>	firmwares;
+
+		void to_json(Poco::JSON::Object &Obj) const;
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+
 	struct CommandDetails {
 		std::string UUID;
 		std::string SerialNumber;
@@ -339,6 +360,10 @@ namespace OpenWifi::GWObjects {
 		RadiusProxyServerConfig acctConfig;
 		RadiusProxyServerConfig coaConfig;
 		bool useByDefault = false;
+		std::string 	radsecPoolType;
+		std::string 	poolProxyIp;
+		std::uint64_t 	radsecKeepAlive=25;
+		bool			enabled=true;
 
 		void to_json(Poco::JSON::Object &Obj) const;
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
@@ -393,7 +418,8 @@ namespace OpenWifi::GWObjects {
 					 			callingStationId,
 								chargeableUserIdentity,
 								secret,
-								interface;
+								interface,
+								nasId;
 		std::uint64_t 			inputPackets = 0,
 								outputPackets = 0,
 								inputOctets = 0,
@@ -401,6 +427,7 @@ namespace OpenWifi::GWObjects {
 								inputGigaWords = 0,
 								outputGigaWords = 0;
 		std::uint32_t 			sessionTime = 0;
+		std::string 			calledStationId;
 
 #ifdef TIP_GATEWAY_SERVICE
 		RADIUS::RadiusPacket	accountingPacket;
@@ -418,7 +445,68 @@ namespace OpenWifi::GWObjects {
 		std::string 			accountingSessionId,
 								accountingMultiSessionId,
 								callingStationId,
-								chargeableUserIdentity;
+								chargeableUserIdentity,
+								userName;
+
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+		void to_json(Poco::JSON::Object &Obj) const;
+	};
+
+	enum class RadiusPoolStrategy {
+		round_robin, random, weighted, unknown
+	};
+
+	enum class RadiusEndpointType {
+		generic, radsec, globalreach, orion, unknown
+	};
+
+	static inline RadiusEndpointType RadiusEndpointType(const std::string &T) {
+		if(T=="generic") return RadiusEndpointType::generic;
+		if(T=="radsec") return RadiusEndpointType::radsec;
+		if(T=="globalreach") return RadiusEndpointType::globalreach;
+		if(T=="orion") return RadiusEndpointType::orion;
+		return RadiusEndpointType::unknown;
+	}
+
+	static inline RadiusPoolStrategy RadiusPoolStrategy(const std::string &T) {
+		if(T=="round_robin") return RadiusPoolStrategy::round_robin;
+		if(T=="random") return RadiusPoolStrategy::random;
+		if(T=="weighted") return RadiusPoolStrategy::weighted;
+		return RadiusPoolStrategy::unknown;
+	}
+
+	static inline std::string to_string(enum RadiusEndpointType T) {
+		switch(T) {
+		case RadiusEndpointType::generic: return "generic";
+		case RadiusEndpointType::radsec: return "radsec";
+		case RadiusEndpointType::globalreach: return "globalreach";
+		case RadiusEndpointType::orion: return "orion";
+		default:
+			return "unknown";
+		}
+	}
+
+	static inline std::string to_string(enum RadiusPoolStrategy T) {
+		switch(T) {
+		case RadiusPoolStrategy::round_robin: return "round_robin";
+		case RadiusPoolStrategy::random: return "random";
+		case RadiusPoolStrategy::weighted: return "weighted";
+		default:
+			return "unknown";
+		}
+	}
+
+	struct DeviceTransferRequest {
+		std::string 	serialNumber;
+		std::string 	server;
+		std::uint64_t 	port;
+
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+
+	struct DeviceCertificateUpdateRequest {
+		std::string 	serialNumber;
+		std::string 	encodedCertificate;
 
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
 	};

src/RESTObjects/RESTAPI_OWLSobjects.cpp

@@ -78,21 +78,22 @@ namespace OpenWifi::OWLSObjects {
 		return false;
 	}
 
-	void SimulationStatus::to_json(Poco::JSON::Object &Obj) const {
-		field_to_json(Obj, "id", id);
-		field_to_json(Obj, "simulationId", simulationId);
-		field_to_json(Obj, "state", state);
-		field_to_json(Obj, "tx", tx);
-		field_to_json(Obj, "rx", rx);
-		field_to_json(Obj, "msgsTx", msgsTx);
-		field_to_json(Obj, "msgsRx", msgsRx);
-		field_to_json(Obj, "liveDevices", liveDevices);
-		field_to_json(Obj, "timeToFullDevices", timeToFullDevices);
-		field_to_json(Obj, "startTime", startTime);
-		field_to_json(Obj, "endTime", endTime);
-		field_to_json(Obj, "errorDevices", errorDevices);
-		field_to_json(Obj, "owner", owner);
-	}
+    void SimulationStatus::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "id", id);
+        field_to_json(Obj, "simulationId", simulationId);
+        field_to_json(Obj, "state", state);
+        field_to_json(Obj, "tx", tx);
+        field_to_json(Obj, "rx", rx);
+        field_to_json(Obj, "msgsTx", msgsTx);
+        field_to_json(Obj, "msgsRx", msgsRx);
+        field_to_json(Obj, "liveDevices", liveDevices);
+        field_to_json(Obj, "timeToFullDevices", timeToFullDevices);
+        field_to_json(Obj, "startTime", startTime);
+        field_to_json(Obj, "endTime", endTime);
+        field_to_json(Obj, "errorDevices", errorDevices);
+        field_to_json(Obj, "owner", owner);
+        field_to_json(Obj, "expectedDevices", expectedDevices);
+    }
 
 	void Dashboard::to_json([[maybe_unused]] Poco::JSON::Object &Obj) const {}
 

src/RESTObjects/RESTAPI_OWLSobjects.h

@@ -43,23 +43,24 @@ namespace OpenWifi::OWLSObjects {
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
 	};
 
-	struct SimulationStatus {
-		std::string id;
-		std::string simulationId;
-		std::string state;
-		uint64_t tx;
-		uint64_t rx;
-		uint64_t msgsTx;
-		uint64_t msgsRx;
-		uint64_t liveDevices;
-		uint64_t timeToFullDevices;
-		uint64_t startTime;
-		uint64_t endTime;
-		uint64_t errorDevices;
-		std::string owner;
+    struct SimulationStatus {
+        std::string id;
+        std::string simulationId;
+        std::string state;
+        uint64_t tx;
+        uint64_t rx;
+        uint64_t msgsTx;
+        uint64_t msgsRx;
+        uint64_t liveDevices;
+        uint64_t timeToFullDevices;
+        uint64_t startTime;
+        uint64_t endTime;
+        uint64_t errorDevices;
+        std::string owner;
+        uint64_t expectedDevices;
 
-		void to_json(Poco::JSON::Object &Obj) const;
-	};
+        void to_json(Poco::JSON::Object &Obj) const;
+    };
 
 	struct Dashboard {
 		int O;

src/RESTObjects/RESTAPI_ProvObjects.cpp

@@ -587,6 +587,9 @@ namespace OpenWifi::ProvObjects {
 		field_to_json(Obj, "locale", locale);
 		field_to_json(Obj, "realMacAddress", realMacAddress);
 		field_to_json(Obj, "doNotAllowOverrides", doNotAllowOverrides);
+        field_to_json(Obj, "imported", imported);
+        field_to_json(Obj, "connected", connected);
+        field_to_json(Obj, "platform", platform);
 	}
 
 	bool InventoryTag::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -609,6 +612,9 @@ namespace OpenWifi::ProvObjects {
 			field_from_json(Obj, "locale", locale);
 			field_from_json(Obj, "realMacAddress", realMacAddress);
 			field_from_json(Obj, "doNotAllowOverrides", doNotAllowOverrides);
+            field_from_json(Obj, "imported", imported);
+            field_from_json(Obj, "connected", connected);
+            field_from_json(Obj, "platform", platform);
 			return true;
 		} catch (...) {
 		}
@@ -1194,4 +1200,243 @@ namespace OpenWifi::ProvObjects {
 		return false;
 	}
 
+    void GLBLRAccountInfo::to_json(Poco::JSON::Object &Obj) const {
+        info.to_json(Obj);
+        field_to_json(Obj, "privateKey", privateKey);
+        field_to_json(Obj, "country", country);
+        field_to_json(Obj, "province", province);
+        field_to_json(Obj, "city", city);
+        field_to_json(Obj, "organization", organization);
+        field_to_json(Obj, "commonName", commonName);
+        field_to_json(Obj, "CSR", CSR);
+        field_to_json(Obj, "CSRPrivateKey", CSRPrivateKey);
+        field_to_json(Obj, "CSRPublicKey", CSRPublicKey);
+        field_to_json(Obj, "GlobalReachAcctId", GlobalReachAcctId);
+    }
+
+    bool GLBLRAccountInfo::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            info.from_json(Obj);
+            field_from_json(Obj, "privateKey", privateKey);
+            field_from_json(Obj, "country", country);
+            field_from_json(Obj, "province", province);
+            field_from_json(Obj, "city", city);
+            field_from_json(Obj, "organization", organization);
+            field_from_json(Obj, "commonName", commonName);
+            field_from_json(Obj, "CSR", CSR);
+            field_from_json(Obj, "CSRPrivateKey", CSRPrivateKey);
+            field_from_json(Obj, "CSRPublicKey", CSRPublicKey);
+            field_from_json(Obj, "GlobalReachAcctId", GlobalReachAcctId);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void GLBLRCertificateInfo::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "id", id);
+        field_to_json(Obj, "name", name);
+        field_to_json(Obj, "accountId", accountId);
+        field_to_json(Obj, "csr", csr);
+        field_to_json(Obj, "certificate", certificate);
+        field_to_json(Obj, "certificateChain", certificateChain);
+        field_to_json(Obj, "certificateId", certificateId);
+        field_to_json(Obj, "expiresAt", expiresAt);
+        field_to_json(Obj, "created", created);
+    }
+
+    bool GLBLRCertificateInfo::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "id", id);
+            field_from_json(Obj, "name", name);
+            field_from_json(Obj, "accountId", accountId);
+            field_from_json(Obj, "csr", csr);
+            field_from_json(Obj, "certificate", certificate);
+            field_from_json(Obj, "certificateChain", certificateChain);
+            field_from_json(Obj, "certificateId", certificateId);
+            field_from_json(Obj, "expiresAt", expiresAt);
+            field_from_json(Obj, "created", created);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void GooglOrionAccountInfo::to_json(Poco::JSON::Object &Obj) const {
+        info.to_json(Obj);
+        field_to_json(Obj, "privateKey", privateKey);
+        field_to_json(Obj, "certificate", certificate);
+        field_to_json(Obj, "cacerts", cacerts);
+    }
+
+    bool GooglOrionAccountInfo::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            info.from_json(Obj);
+            field_from_json(Obj, "privateKey", privateKey);
+            field_from_json(Obj, "certificate", certificate);
+            field_from_json(Obj, "cacerts", cacerts);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void RADIUSServer::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "Hostname", Hostname);
+        field_to_json(Obj, "IP", IP);
+        field_to_json(Obj, "Port", Port);
+        field_to_json(Obj, "Secret", Secret);
+    }
+
+    bool RADIUSServer::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "Hostname", Hostname);
+            field_from_json(Obj, "IP", IP);
+            field_from_json(Obj, "Port", Port);
+            field_from_json(Obj, "Secret", Secret);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void RADIUSEndPointRadiusType::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "Authentication", Authentication);
+        field_to_json(Obj, "Accounting", Accounting);
+        field_to_json(Obj, "CoA", CoA);
+        field_to_json(Obj, "AccountingInterval", AccountingInterval);
+    }
+
+    bool RADIUSEndPointRadiusType::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "Authentication", Authentication);
+            field_from_json(Obj, "Accounting", Accounting);
+            field_from_json(Obj, "CoA", CoA);
+            field_from_json(Obj, "AccountingInterval", AccountingInterval);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void RADIUSEndPointRadsecType::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "Hostname", Hostname);
+        field_to_json(Obj, "IP", IP);
+        field_to_json(Obj, "Port", Port);
+        field_to_json(Obj, "Secret", Secret);
+        field_to_json(Obj, "OpenRoamingType", OpenRoamingType);
+        field_to_json(Obj, "UseOpenRoamingAccount", UseOpenRoamingAccount);
+        field_to_json(Obj, "Weight", Weight);
+        field_to_json(Obj, "Certificate", Certificate);
+        field_to_json(Obj, "PrivateKey", PrivateKey);
+        field_to_json(Obj, "CaCerts", CaCerts);
+        field_to_json(Obj, "AllowSelfSigned", AllowSelfSigned);
+    }
+
+    bool RADIUSEndPointRadsecType::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "Hostname", Hostname);
+            field_from_json(Obj, "IP", IP);
+            field_from_json(Obj, "Port", Port);
+            field_from_json(Obj, "Secret", Secret);
+            field_from_json(Obj, "OpenRoamingType", OpenRoamingType);
+            field_from_json(Obj, "UseOpenRoamingAccount", UseOpenRoamingAccount);
+            field_from_json(Obj, "Weight", Weight);
+            field_from_json(Obj, "Certificate", Certificate);
+            field_from_json(Obj, "PrivateKey", PrivateKey);
+            field_from_json(Obj, "CaCerts", CaCerts);
+            field_from_json(Obj, "AllowSelfSigned", AllowSelfSigned);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void RADIUSEndPoint::to_json(Poco::JSON::Object &Obj) const {
+        info.to_json(Obj);
+        field_to_json(Obj, "Type", Type);
+        field_to_json(Obj, "RadsecServers", RadsecServers);
+        field_to_json(Obj, "RadiusServers", RadiusServers);
+        field_to_json(Obj, "PoolStrategy", PoolStrategy);
+        field_to_json(Obj, "Index", Index);
+        field_to_json(Obj, "UsedBy", UsedBy);
+        field_to_json(Obj, "UseGWProxy", UseGWProxy);
+        field_to_json(Obj, "NasIdentifier", NasIdentifier);
+        field_to_json(Obj, "AccountingInterval", AccountingInterval);
+    }
+
+    bool RADIUSEndPoint::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            info.from_json(Obj);
+            field_from_json(Obj, "Type", Type);
+            field_from_json(Obj, "RadsecServers", RadsecServers);
+            field_from_json(Obj, "RadiusServers", RadiusServers);
+            field_from_json(Obj, "PoolStrategy", PoolStrategy);
+            field_from_json(Obj, "Index", Index);
+            field_from_json(Obj, "UsedBy", UsedBy);
+            field_from_json(Obj, "UseGWProxy", UseGWProxy);
+            field_from_json(Obj, "NasIdentifier", NasIdentifier);
+            field_from_json(Obj, "AccountingInterval", AccountingInterval);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    void RADIUSEndpointUpdateStatus::to_json(Poco::JSON::Object &Obj) const {
+        field_to_json(Obj, "lastUpdate", lastUpdate);
+        field_to_json(Obj, "lastConfigurationChange", lastConfigurationChange);
+    }
+
+    bool RADIUSEndpointUpdateStatus::from_json(const Poco::JSON::Object::Ptr &Obj) {
+        try {
+            field_from_json(Obj, "lastUpdate", lastUpdate);
+            field_from_json(Obj, "lastConfigurationChange", lastConfigurationChange);
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool RADIUSEndpointUpdateStatus::Read() {
+        Poco::File  F(OpenWifi::MicroServiceDataDirectory()+"/RADIUSEndpointUpdateStatus.json");
+        try {
+            if (F.exists()) {
+                Poco::JSON::Parser P;
+                std::ifstream ifs(F.path(), std::ios_base::in | std::ios_base::binary);
+                auto Obj = P.parse(ifs);
+                return from_json(Obj.extract<Poco::JSON::Object::Ptr>());
+            }
+        } catch (...) {
+        }
+        return false;
+    }
+
+    bool RADIUSEndpointUpdateStatus::Save() {
+        Poco::File  F(OpenWifi::MicroServiceDataDirectory()+"/RADIUSEndpointUpdateStatus.json");
+        try {
+            Poco::JSON::Object Obj;
+            to_json(Obj);
+            std::ofstream O(F.path(), std::ios_base::out | std::ios_base::trunc | std::ios_base::binary);
+            Poco::JSON::Stringifier::stringify(Obj, O);
+            return true;
+        } catch (...) {
+        }
+        return false;
+    }
+
+    bool RADIUSEndpointUpdateStatus::ChangeConfiguration() {
+        Read();
+        lastConfigurationChange = Utils::Now();
+        return Save();
+    }
+
 } // namespace OpenWifi::ProvObjects

src/RadiusEndpointTypes/GenericRadius.cpp

@@ -0,0 +1,8 @@
+//
+// Created by stephane bourque on 2023-10-18.
+//
+
+#include "GenericRadius.h"
+
+namespace OpenWifi {
+} // OpenWifi

src/RadiusEndpointTypes/GenericRadius.h

@@ -0,0 +1,67 @@
+//
+// Created by stephane bourque on 2023-10-18.
+//
+
+#pragma once
+
+#include <Poco/Net/IPAddress.h>
+#include <Poco/Net/SocketAddress.h>
+#include <framework/utils.h>
+#include <framework/SubSystemServer.h>
+#include <RESTObjects/RESTAPI_ProvObjects.h>
+
+namespace OpenWifi {
+
+    namespace GenericRadius {
+        class OpenRoaming : public SubSystemServer {
+        public:
+            static auto instance() {
+                static auto instance_ = new OpenRoaming;
+                return instance_;
+            }
+
+            inline int Start() override {
+                return 0;
+            }
+
+            inline void Stop() override {
+            }
+
+            inline bool Render(const OpenWifi::ProvObjects::RADIUSEndPoint &RE, const std::string &SerialNumber,
+                               Poco::JSON::Object &Result) {
+                if (RE.UseGWProxy) {
+                    Poco::JSON::Object Auth, Acct, CoA;
+
+                    Auth.set("host", RE.Index);
+                    Auth.set("port", RE.RadiusServers[0].Authentication[0].Port);
+                    Auth.set("secret", RE.RadiusServers[0].Authentication[0].Secret);
+
+                    Acct.set("host", RE.Index);
+                    Acct.set("port", RE.RadiusServers[0].Accounting[0].Port);
+                    Acct.set("secret", RE.RadiusServers[0].Accounting[0].Secret);
+                    Acct.set("interval", RE.AccountingInterval);
+
+                    CoA.set("host", RE.Index);
+                    CoA.set("port", RE.RadiusServers[0].CoA[0].Port);
+                    CoA.set("secret", RE.RadiusServers[0].CoA[0].Secret);
+
+                    Result.set("nas-identifier", RE.NasIdentifier.empty() ? SerialNumber : RE.NasIdentifier);
+                    Result.set("authentication", Auth);
+                    Result.set("accounting", Acct);
+                    Result.set("dynamic-authorization", CoA);
+                } else {
+
+                }
+                return false;
+            }
+
+        private:
+            OpenRoaming() noexcept
+                    : SubSystemServer("OpenRoaming_GenericRadius", "GENRAD", "genrad") {
+            }
+        };
+
+    }
+
+    inline auto OpenRoaming_GenericRadius() { return GenericRadius::OpenRoaming::instance(); }
+}

src/RadiusEndpointTypes/GlobalReach.cpp

@@ -0,0 +1,258 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "GlobalReach.h"
+#include <Poco/JWT/Token.h>
+#include <Poco/JWT/Signer.h>
+#include <Poco/Net/HTTPSClientSession.h>
+#include <Poco/Net/DNS.h>
+#include <Poco/URI.h>
+#include <Poco/TemporaryFile.h>
+#include <Poco/JSON/Object.h>
+#include <Poco/JSON/Parser.h>
+#include <framework/RESTAPI_Handler.h>
+#include <framework/MicroServiceFuncs.h>
+#include <StorageService.h>
+
+namespace OpenWifi {
+
+    namespace GlobalReach {
+        int OpenRoaming::Start() {
+            poco_information(Logger(), "Starting...");
+            InitCache();
+            return 0;
+        }
+
+        void OpenRoaming::Stop() {
+            poco_information(Logger(), "Stopping...");
+            poco_information(Logger(), "Stopped...");
+        }
+
+        void OpenRoaming::InitCache() {
+
+            auto F = [&](const ProvObjects::GLBLRAccountInfo &Info) {
+                poco_information(Logger(), fmt::format("Adding {} to cache.", Info.info.name));
+                if (!Info.privateKey.empty() && !Info.GlobalReachAcctId.empty()) {
+                    MakeToken(Info.GlobalReachAcctId, Info.privateKey);
+                }
+                return true;
+            };
+
+            StorageService()->GLBLRAccountInfoDB().Iterate(F);
+        }
+
+        bool OpenRoaming::Render(const OpenWifi::ProvObjects::RADIUSEndPoint &RE, const std::string &SerialNumber, Poco::JSON::Object &Result) {
+            if(RE.UseGWProxy) {
+                Poco::JSON::Object  Auth, Acct, CoA;
+
+                Auth.set("host", RE.Index);
+                Auth.set("port", 1812 );
+                Auth.set("secret", RE.RadsecServers[0].Secret);
+
+                Acct.set("host", RE.Index);
+                Acct.set("port", 1813);
+                Acct.set("secret", RE.RadsecServers[0].Secret);
+                Acct.set("interval", RE.AccountingInterval);
+
+                CoA.set("host", RE.Index);
+                CoA.set("port", 3799);
+                CoA.set("secret", RE.RadsecServers[0].Secret);
+
+                Result.set("nas-identifier", RE.NasIdentifier.empty() ? SerialNumber : RE.NasIdentifier );
+                Result.set("authentication", Auth);
+                Result.set("accounting", Acct);
+                Result.set("dynamic-authorization", CoA);
+            } else {
+
+            }
+            return false;
+        }
+
+        bool OpenRoaming::CreateRADSECCertificate(
+            const std::string &GlobalReachAccountId,
+            const std::string &Name,
+            const std::string &CSR,
+            ProvObjects::GLBLRCertificateInfo &NewCertificate) {
+
+            try {
+                auto BearerToken = MakeToken(GlobalReachAccountId);
+                Poco::URI URI{"https://config.openro.am/v1/radsec/issue"};
+                std::string Path(URI.getPathAndQuery());
+                Poco::Net::HTTPRequest Request(Poco::Net::HTTPRequest::HTTP_POST, Path,
+                                               Poco::Net::HTTPMessage::HTTP_1_1);
+                Request.add("Authorization", "Bearer " + BearerToken);
+
+                Poco::Net::HTTPSClientSession Session(URI.getHost(), URI.getPort());
+                Session.setTimeout(Poco::Timespan(10000, 10000));
+                Poco::JSON::Object CertRequestBody;
+                CertRequestBody.set("name", Name);
+                CertRequestBody.set("csr", CSR);
+
+                std::ostringstream os;
+                CertRequestBody.stringify(os);
+                Request.setContentType("application/json");
+                Request.setContentLength((long) os.str().size());
+
+                auto &Body = Session.sendRequest(Request);
+                Body << os.str();
+
+                Poco::Net::HTTPResponse Response;
+                std::istream &is = Session.receiveResponse(Response);
+                if (Response.getStatus() == Poco::Net::HTTPResponse::HTTP_OK) {
+                    Poco::JSON::Parser P;
+                    auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate", NewCertificate.certificate);
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate_chain", NewCertificate.certificateChain);
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate_id", NewCertificate.certificateId);
+                    RESTAPIHandler::AssignIfPresent(Result, "expires_at", NewCertificate.expiresAt);
+                    return true;
+                }
+                Poco::JSON::Parser P;
+                std::ostringstream oos;
+                auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+                Result->stringify(oos);
+            } catch (const Poco::Exception &E) {
+                poco_error(Logger(),
+                           fmt::format("Could not create a new RADSEC certificate: {},{}", E.name(), E.displayText()));
+            }
+            return false;
+        }
+
+        bool OpenRoaming::GetRADSECCertificate(
+                const std::string &GlobalReachAccountId,
+                std::string &CertificateId,
+                ProvObjects::GLBLRCertificateInfo &NewCertificate) {
+
+            try {
+                Poco::URI URI{fmt::format("https://config.openro.am/v1/radsec/cert/{}", CertificateId)};
+
+                std::string Path(URI.getPathAndQuery());
+
+                Poco::Net::HTTPRequest Request(Poco::Net::HTTPRequest::HTTP_GET, Path,
+                                               Poco::Net::HTTPMessage::HTTP_1_1);
+
+                auto BearerToken = MakeToken(GlobalReachAccountId);
+                Request.add("Authorization", "Bearer " + BearerToken);
+
+                Poco::Net::HTTPSClientSession Session(URI.getHost(), URI.getPort());
+                Session.setTimeout(Poco::Timespan(10000, 10000));
+
+                Session.sendRequest(Request);
+
+                Poco::Net::HTTPResponse Response;
+                std::istream &is = Session.receiveResponse(Response);
+                if (Response.getStatus() == Poco::Net::HTTPResponse::HTTP_OK) {
+                    Poco::JSON::Parser P;
+                    auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate", NewCertificate.certificate);
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate_chain", NewCertificate.certificateChain);
+                    RESTAPIHandler::AssignIfPresent(Result, "certificate_id", NewCertificate.certificateId);
+                    RESTAPIHandler::AssignIfPresent(Result, "expires_at", NewCertificate.expiresAt);
+                    return true;
+                }
+            } catch (const Poco::Exception &E) {
+                poco_error(Logger(), fmt::format("Could not retrieve the certificate from GlobalReach: {},{}", E.name(),
+                                                 E.displayText()));
+            }
+            return false;
+        }
+
+        std::string
+        OpenRoaming::MakeToken(const std::string &GlobalReachAccountId, const std::string &PrivateKey) {
+            try {
+                Poco::JWT::Token token;
+                token.setType("JWT");
+                token.setAlgorithm("ES256");
+                token.setIssuedAt(std::time(nullptr));
+
+                token.payload().set("iss", GlobalReachAccountId);
+                token.payload().set("iat", (unsigned long) std::time(nullptr));
+
+                Poco::SharedPtr<Poco::Crypto::ECKey> Key;
+                auto KeyHash = Utils::ComputeHash(PrivateKey);
+                auto KeyHint = PrivateKeys_.find(GlobalReachAccountId);
+                if (KeyHint != PrivateKeys_.end() && PrivateKey.empty()) {
+                    Key = KeyHint->second.second;
+                } else {
+                    if (PrivateKey.empty()) {
+                        return "";
+                    }
+                    Poco::TemporaryFile F;
+                    std::ofstream ofs(F.path().c_str(),
+                                      std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+                    ofs << PrivateKey;
+                    ofs.close();
+                    auto NewKey = Poco::SharedPtr<Poco::Crypto::ECKey>(
+                            new Poco::Crypto::ECKey("", F.path(), ""));
+                    Key = NewKey;
+                    PrivateKeys_[GlobalReachAccountId] = std::make_pair(KeyHash, NewKey);
+                }
+
+                Poco::JWT::Signer Signer;
+                Signer.setECKey(Key);
+                Signer.addAllAlgorithms();
+                return Signer.sign(token, Poco::JWT::Signer::ALGO_ES256);
+            } catch (const Poco::Exception &E) {
+                poco_error(Logger(),
+                           fmt::format("Cannot create a Global Reach token: {},{}", E.name(), E.displayText()));
+            }
+            return "";
+        }
+
+        bool
+        OpenRoaming::VerifyAccount(const std::string &GlobalReachAccountId, const std::string &PrivateKey,
+                                               std::string &Name) {
+            auto BearerToken = MakeToken(GlobalReachAccountId, PrivateKey);
+
+            Poco::URI URI{"https://config.openro.am/v1/config"};
+            std::string Path(URI.getPathAndQuery());
+            Poco::Net::HTTPRequest Request(Poco::Net::HTTPRequest::HTTP_GET, Path,
+                                           Poco::Net::HTTPMessage::HTTP_1_1);
+            Request.add("Authorization", "Bearer " + BearerToken);
+
+            Poco::Net::HTTPSClientSession Session(URI.getHost(), URI.getPort());
+            Session.setTimeout(Poco::Timespan(10000, 10000));
+            Session.sendRequest(Request);
+            Poco::Net::HTTPResponse Response;
+            std::istream &is = Session.receiveResponse(Response);
+            if (Response.getStatus() == Poco::Net::HTTPResponse::HTTP_OK) {
+                Poco::JSON::Parser P;
+                auto Result = P.parse(is).extract<Poco::JSON::Object::Ptr>();
+                if (Result->has("name")) {
+                    Name = Result->get("name").toString();
+                }
+                return true;
+            }
+            return false;
+        }
+
+//        static std::string ServiceName{"\"aaa+auth:radius.tls.tcp\""};
+        static std::string ServiceName{"\"x-openroam:radius.tls.tcp\""};
+
+        std::vector<Utils::HostNameServerResult> OpenRoaming::GetServers() {
+            const std::string &domain = "openro.am";
+            auto Naptrs = Utils::getNAPTRRecords(domain);
+            std::vector<Utils::HostNameServerResult>   Results;
+
+            for(const auto &rec:Naptrs) {
+                if(rec.service==ServiceName) {
+                    auto Srvs = Utils::getSRVRecords(rec.replacement);
+                    for(const auto &srv:Srvs) {
+                        Utils::HostNameServerResult    R{srv.srvname,srv.port};
+                        if(!Utils::ValidIP(srv.srvname)) {
+                            auto Server = Poco::Net::DNS::hostByName(srv.srvname).addresses();
+                            if(!Server.empty()) {
+                                R.Hostname = Server[0].toString();
+                            }
+                        }
+                        Results.emplace_back(R);
+                    }
+                }
+            }
+            return Results;
+        }
+
+    }
+
+} // OpenWifi

src/RadiusEndpointTypes/GlobalReach.h

@@ -0,0 +1,57 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#pragma once
+
+#include "framework/SubSystemServer.h"
+#include "framework/utils.h"
+#include "Poco/JSON/Object.h"
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+
+namespace OpenWifi {
+
+    namespace GlobalReach {
+        class OpenRoaming : public SubSystemServer {
+        public:
+            static auto instance() {
+                static auto instance_ = new OpenRoaming;
+                return instance_;
+            }
+
+            int Start() override;
+
+            void Stop() override;
+
+            bool CreateRADSECCertificate(const std::string &AccountName,
+                                         const std::string &Name,
+                                         const std::string &CSR,
+                                         ProvObjects::GLBLRCertificateInfo &NewCertificate);
+
+            bool GetRADSECCertificate(const std::string &AccountName, std::string &CertificateId,
+                                      ProvObjects::GLBLRCertificateInfo &NewCertificate);
+
+            bool
+            VerifyAccount(const std::string &GlobalReachAccountId, const std::string &PrivateKey, std::string &Name);
+
+            void InitCache();
+
+            bool Render(const OpenWifi::ProvObjects::RADIUSEndPoint &RE, const std::string & SerialNUmber, Poco::JSON::Object &Result);
+            std::vector<Utils::HostNameServerResult> GetServers();
+
+        private:
+            std::string MakeToken(const std::string &GlobalReachAccountId, const std::string &PrivateKey = "");
+
+            std::map<std::string, std::pair<std::string, Poco::SharedPtr<Poco::Crypto::ECKey>>> PrivateKeys_;
+
+            OpenRoaming() noexcept
+                    : SubSystemServer("OpenRoaming_GlobalReach", "GLBL-REACH", "globalreach") {
+            }
+        };
+
+    }
+
+    inline auto OpenRoaming_GlobalReach() { return GlobalReach::OpenRoaming::instance(); }
+
+} // OpenWifi
+

src/RadiusEndpointTypes/OrionWifi.h

@@ -0,0 +1,79 @@
+//
+// Created by stephane bourque on 2023-09-28.
+//
+
+#pragma once
+
+#include <Poco/Net/IPAddress.h>
+#include <Poco/Net/SocketAddress.h>
+#include <framework/utils.h>
+#include <framework/SubSystemServer.h>
+
+namespace OpenWifi {
+
+    namespace Orion {
+
+        class OpenRoaming : public SubSystemServer {
+        public:
+            static auto instance() {
+                static auto instance_ = new OpenRoaming;
+                return instance_;
+            }
+
+            inline int Start() override {
+
+                return 0;
+            }
+
+            inline void Stop() override {
+
+            }
+
+            static inline const std::vector<Utils::HostNameServerResult> OrionWifiServerAddresses = {
+                    {"216.239.32.91", 2083},
+                    {"216.239.34.91", 2083}
+            };
+
+            inline std::vector<Utils::HostNameServerResult> GetServers() {
+                return OrionWifiServerAddresses;
+            }
+
+            inline bool Render(const OpenWifi::ProvObjects::RADIUSEndPoint &RE, const std::string &SerialNumber, Poco::JSON::Object &Result) {
+                if(RE.UseGWProxy) {
+                    Poco::JSON::Object  Auth, Acct, CoA;
+
+                    Auth.set("host", RE.Index);
+                    Auth.set("port", 1812 );
+                    Auth.set("secret", RE.RadsecServers[0].Secret);
+
+                    Acct.set("host", RE.Index);
+                    Acct.set("port", 1813);
+                    Acct.set("secret", RE.RadsecServers[0].Secret);
+                    Acct.set("interval", RE.AccountingInterval);
+
+                    CoA.set("host", RE.Index);
+                    CoA.set("port", 3799);
+                    CoA.set("secret", RE.RadsecServers[0].Secret);
+
+                    Result.set("nas-identifier", RE.NasIdentifier.empty() ? SerialNumber : RE.NasIdentifier );
+                    Result.set("authentication", Auth);
+                    Result.set("accounting", Acct);
+                    Result.set("dynamic-authorization", CoA);
+
+                } else {
+
+                }
+                return false;
+            }
+
+        private:
+            OpenRoaming() noexcept
+                    : SubSystemServer("OpenRoaming_Orion", "ORION", "orion") {
+            }
+        };
+
+    }
+
+    inline auto OpenRoaming_Orion() { return Orion::OpenRoaming::instance(); }
+
+}

src/RadiusEndpointTypes/Radsec.cpp

@@ -0,0 +1,8 @@
+//
+// Created by stephane bourque on 2023-10-03.
+//
+
+#include "Radsec.h"
+
+namespace OpenWidi {
+} // OpenWidi

src/RadiusEndpointTypes/Radsec.h

@@ -0,0 +1,71 @@
+//
+// Created by stephane bourque on 2023-10-03.
+//
+
+#pragma once
+
+#include <Poco/Net/IPAddress.h>
+#include <Poco/Net/SocketAddress.h>
+#include <framework/utils.h>
+#include <framework/SubSystemServer.h>
+#include <RESTObjects/RESTAPI_ProvObjects.h>
+
+namespace OpenWifi {
+
+    namespace Radsec {
+
+        class OpenRoaming : public SubSystemServer {
+        public:
+            static auto instance() {
+                static auto instance_ = new OpenRoaming;
+                return instance_;
+            }
+
+            inline int Start() override {
+
+                return 0;
+            }
+
+            inline void Stop() override {
+
+            }
+
+            inline bool Render(const OpenWifi::ProvObjects::RADIUSEndPoint &RE, const std::string &SerialNumber, Poco::JSON::Object &Result) {
+                if(RE.UseGWProxy) {
+                    Poco::JSON::Object  Auth, Acct, CoA;
+
+                    Auth.set("host", RE.Index);
+                    Auth.set("port", 1812 );
+                    Auth.set("secret", RE.RadsecServers[0].Secret);
+
+                    Acct.set("host", RE.Index);
+                    Acct.set("port", 1813);
+                    Acct.set("secret", RE.RadsecServers[0].Secret);
+                    Acct.set("interval", RE.AccountingInterval);
+
+                    CoA.set("host", RE.Index);
+                    CoA.set("port", 3799);
+                    CoA.set("secret", RE.RadsecServers[0].Secret);
+
+                    Result.set("nas-identifier", RE.NasIdentifier.empty() ? SerialNumber : RE.NasIdentifier );
+                    Result.set("authentication", Auth);
+                    Result.set("accounting", Acct);
+                    Result.set("dynamic-authorization", CoA);
+
+                } else {
+
+                }
+                return false;
+            }
+
+        private:
+            OpenRoaming() noexcept
+                    : SubSystemServer("OpenRoaming_Raadsec", "RADSEC", "radsec") {
+            }
+        };
+
+    }
+
+    inline auto OpenRoaming_Radsec() { return Radsec::OpenRoaming::instance(); }
+
+}

src/RadiusEndpointUpdater.cpp

@@ -0,0 +1,5 @@
+//
+// Created by stephane bourque on 2023-10-02.
+//
+
+#include "RadiusEndpointUpdater.h"

src/RadiusEndpointUpdater.h

@@ -0,0 +1,225 @@
+//
+// Created by stephane bourque on 2023-10-02.
+//
+
+#pragma once
+#include <vector>
+#include <utility>
+#include <framework/AppServiceRegistry.h>
+#include <framework/utils.h>
+#include <StorageService.h>
+#include <RadiusEndpointTypes/OrionWifi.h>
+#include <RadiusEndpointTypes/GlobalReach.h>
+#include <sdks/SDK_gw.h>
+#include <RESTObjects/RESTAPI_GWobjects.h>
+
+namespace OpenWifi {
+    class RadiusEndpointUpdater {
+    public:
+
+        void ParseCertChain(const std::string &Chain, std::vector<std::string> &ChainVec) {
+            std::istringstream os(Chain);
+            std::string CurrentCert;
+            bool InCert = false;
+            std::string Line;
+            while(std::getline(os,Line)) {
+                if(Line=="-----BEGIN CERTIFICATE-----") {
+                    InCert = true;
+                    CurrentCert += Line;
+                    CurrentCert += "\n";
+                    continue;
+                }
+                if(Line=="-----END CERTIFICATE-----" && InCert) {
+                    InCert = false;
+                    CurrentCert += Line;
+                    CurrentCert += "\n";
+                    ChainVec.emplace_back(CurrentCert);
+                    continue;
+                }
+                if(InCert) {
+                    CurrentCert += Line;
+                    CurrentCert += "\n";
+                }
+            }
+        }
+
+        void UpdateRadiusServerEntry( GWObjects::RadiusProxyServerConfig &Config,
+                                      const ProvObjects::RADIUSEndPoint &Endpoint,
+                                      const std::vector<ProvObjects::RADIUSServer> &Servers) {
+            Config.monitor = false;
+            Config.strategy = Endpoint.PoolStrategy;
+            Config.monitorMethod = "none";
+            Config.strategy = "random";
+            for (const auto &Server: Servers) {
+                GWObjects::RadiusProxyServerEntry PE;
+                PE.radsec = false;
+                PE.name = Server.Hostname;
+                PE.ignore = false;
+                PE.ip = Server.IP;
+                PE.port = PE.radsecPort = Server.Port;
+                PE.allowSelfSigned = false;
+                PE.weight = 10;
+                PE.secret = PE.radsecSecret = "radsec";
+                Config.servers.emplace_back(PE);
+            }
+        }
+
+        inline bool UpdateEndpoints( RESTAPIHandler *Client, std::uint64_t & ErrorCode,
+                                     std::string & ErrorDetails,
+                                     std::string & ErrorDescription) {
+
+            std::vector<ProvObjects::RADIUSEndPoint>    Endpoints;
+            GWObjects::RadiusProxyPoolList  Pools;
+            StorageService()->RadiusEndpointDB().GetRecords(0,500,Endpoints);
+
+            for(const auto &Endpoint:Endpoints) {
+                GWObjects::RadiusProxyPool  PP;
+
+                PP.name = Endpoint.info.name;
+                PP.description = Endpoint.info.description;
+                PP.useByDefault = false;
+                PP.poolProxyIp = Endpoint.Index;
+                PP.radsecKeepAlive = 25;
+                PP.enabled = true;
+
+                if(Endpoint.Type=="orion" && !Endpoint.RadsecServers.empty()) {
+                    auto Svrs = OpenRoaming_Orion()->GetServers();
+                    PP.radsecPoolType="orion";
+                    ProvObjects::GooglOrionAccountInfo  OA;
+                    if(StorageService()->OrionAccountsDB().GetRecord("id", Endpoint.RadsecServers[0].UseOpenRoamingAccount, OA)) {
+                        for(auto *ServerType:{&PP.authConfig, &PP.acctConfig, &PP.coaConfig}) {
+                            ServerType->monitor = false;
+                            ServerType->strategy = Endpoint.PoolStrategy;
+                            ServerType->monitorMethod = "none";
+                            ServerType->strategy = "random";
+                            int i=1;
+                            for (const auto &Server: Svrs) {
+                                GWObjects::RadiusProxyServerEntry PE;
+                                PE.radsecCert = Utils::base64encode((const u_char *)OA.certificate.c_str(),OA.certificate.size());
+                                PE.radsecKey = Utils::base64encode((const u_char *)OA.privateKey.c_str(),OA.privateKey.size());
+                                for(const auto &cert:OA.cacerts) {
+                                    auto C = Utils::base64encode((const u_char *)cert.c_str(),cert.size());
+                                    PE.radsecCacerts.emplace_back(C);
+                                }
+                                PE.radsec = true;
+                                PE.name = fmt::format("Server {}",i++);
+                                PE.ignore = false;
+                                PE.ip = Server.Hostname;
+                                PE.port = PE.radsecPort = Server.Port;
+                                PE.allowSelfSigned = false;
+                                PE.weight = 10;
+                                PE.secret = PE.radsecSecret = "radsec";
+                                ServerType->servers.emplace_back(PE);
+                            }
+                        }
+                        Pools.pools.emplace_back(PP);
+                    }
+                } else if(Endpoint.Type=="globalreach" && !Endpoint.RadsecServers.empty()) {
+                    auto Svrs = OpenRoaming_GlobalReach()->GetServers();
+                    PP.radsecPoolType="globalreach";
+                    ProvObjects::GLBLRCertificateInfo   GRCertificate;
+                    ProvObjects::GLBLRAccountInfo       GRAccountInfo;
+                    if( StorageService()->GLBLRCertsDB().GetRecord("id",Endpoint.RadsecServers[0].UseOpenRoamingAccount,GRCertificate) &&
+                        StorageService()->GLBLRAccountInfoDB().GetRecord("id",GRCertificate.accountId,GRAccountInfo)) {
+                        for(auto *ServerType:{&PP.authConfig, &PP.acctConfig, &PP.coaConfig}) {
+                            ServerType->monitor = false;
+                            ServerType->monitorMethod = "none";
+                            ServerType->strategy = Endpoint.PoolStrategy;
+                            ServerType->strategy = "random";
+                            int i = 1;
+                            for (const auto &Server: Svrs) {
+                                GWObjects::RadiusProxyServerEntry PE;
+                                PE.radsecCert = Utils::base64encode((const u_char *)GRCertificate.certificate.c_str(),GRCertificate.certificate.size());
+                                PE.radsecKey = Utils::base64encode((const u_char *)GRAccountInfo.CSRPrivateKey.c_str(),GRAccountInfo.CSRPrivateKey.size());
+                                std::vector<std::string> Chain;
+                                ParseCertChain(GRCertificate.certificateChain,Chain);
+                                for(const auto &cert:Chain) {
+                                    PE.radsecCacerts.emplace_back( Utils::base64encode((const u_char *)cert.c_str(),cert.size()));
+                                }
+                                PE.radsec = true;
+                                PE.name = fmt::format("Server {}", i++);
+                                PE.ignore = false;
+                                PE.ip = Server.Hostname;
+                                PE.port = PE.radsecPort = Server.Port;
+                                PE.allowSelfSigned = false;
+                                PE.weight = 10;
+                                PE.secret = PE.radsecSecret = "radsec";
+                                ServerType->servers.emplace_back(PE);
+                            }
+                        }
+                        Pools.pools.emplace_back(PP);
+                    }
+                } else if(Endpoint.Type=="radsec"  && !Endpoint.RadsecServers.empty()) {
+                    PP.radsecPoolType="radsec";
+                    for(auto *ServerType:{&PP.authConfig, &PP.acctConfig, &PP.coaConfig}) {
+                        ServerType->monitor = false;
+                        ServerType->strategy = Endpoint.PoolStrategy;
+                        ServerType->monitorMethod = "none";
+                        ServerType->strategy = "random";
+                        for (const auto &Server: Endpoint.RadsecServers) {
+                            GWObjects::RadiusProxyServerEntry PE;
+                            PE.radsecCert = Utils::base64encode((const u_char *)Server.Certificate.c_str(), Server.Certificate.size());
+                            PE.radsecKey = Utils::base64encode((const u_char *)Server.PrivateKey.c_str(),Server.PrivateKey.size());
+                            for(const auto &C:Server.CaCerts) {
+                                PE.radsecCacerts.emplace_back(Utils::base64encode(
+                                        (const u_char *) C.c_str(),
+                                        C.size()));
+                            }
+                            PE.radsec = true;
+                            PE.name = Server.Hostname;
+                            PE.ignore = false;
+                            PE.ip = Server.IP;
+                            PE.port = PE.radsecPort = Server.Port;
+                            PE.allowSelfSigned = false;
+                            PE.weight = 10;
+                            PE.secret = PE.radsecSecret = "radsec";
+                            ServerType->servers.emplace_back(PE);
+                        }
+                    }
+                    Pools.pools.emplace_back(PP);
+                } else if(Endpoint.Type=="generic"  && !Endpoint.RadiusServers.empty()) {
+                    PP.radsecPoolType="generic";
+                    UpdateRadiusServerEntry(PP.authConfig, Endpoint, Endpoint.RadiusServers[0].Authentication);
+                    UpdateRadiusServerEntry(PP.acctConfig, Endpoint, Endpoint.RadiusServers[0].Accounting);
+                    UpdateRadiusServerEntry(PP.coaConfig, Endpoint, Endpoint.RadiusServers[0].CoA);
+                    Pools.pools.emplace_back(PP);
+                }
+            }
+
+/*
+            Poco::JSON::Object  oo;
+            Pools.to_json(oo);
+            oo.stringify(std::cout,2,2);
+*/
+            GWObjects::RadiusProxyPoolList  NewPools;
+            Poco::JSON::Object ErrorObj;
+            if(SDK::GW::RADIUS::SetConfiguration(Client, Pools, NewPools, ErrorObj)) {
+                ProvObjects::RADIUSEndpointUpdateStatus Status;
+                Status.Read();
+                Status.lastConfigurationChange = Status.lastUpdate = Utils::Now();
+                return Status.Save();
+            }
+/*
+            ErrorCode:
+            type: integer
+            ErrorDetails:
+            type: string
+            ErrorDescription:
+            type: string
+  */
+            if(ErrorObj.has("ErrorCode") && !ErrorObj.isNull("ErrorCode"))
+                ErrorCode = ErrorObj.get("ErrorCode");
+            if(ErrorObj.has("ErrorDescription") && !ErrorObj.isNull("ErrorDescription"))
+                ErrorDescription = ErrorObj.get("ErrorDescription").toString();
+            if(ErrorObj.has("ErrorDetails") && !ErrorObj.isNull("ErrorDetails"))
+                ErrorDetails += ErrorObj.get("ErrorDetails").toString();
+            return false;
+        }
+
+    private:
+
+    };
+
+
+
+} // OpenWifi

src/StorageService.cpp

@@ -39,6 +39,10 @@ namespace OpenWifi {
 		OpLocationDB_ = std::make_unique<OpenWifi::OpLocationDB>(dbType_, *Pool_, Logger());
 		OpContactDB_ = std::make_unique<OpenWifi::OpContactDB>(dbType_, *Pool_, Logger());
 		OverridesDB_ = std::make_unique<OpenWifi::OverridesDB>(dbType_, *Pool_, Logger());
+        GLBLRAccountInfoDB_ = std::make_unique<OpenWifi::GLBLRAccountInfoDB>(dbType_, *Pool_, Logger());
+        GLBLRCertsDB_ = std::make_unique<OpenWifi::GLBLRCertsDB>(dbType_, *Pool_, Logger());
+        OrionAccountsDB_ = std::make_unique<OpenWifi::OrionAccountsDB>(dbType_, *Pool_, Logger());
+        RadiusEndpointDB_ = std::make_unique<OpenWifi::RadiusEndpointDB>(dbType_, *Pool_, Logger());
 
 		EntityDB_->Create();
 		PolicyDB_->Create();
@@ -59,6 +63,10 @@ namespace OpenWifi {
 		OpLocationDB_->Create();
 		OpContactDB_->Create();
 		OverridesDB_->Create();
+        GLBLRAccountInfoDB_->Create();
+        GLBLRCertsDB_->Create();
+        OrionAccountsDB_->Create();
+        RadiusEndpointDB_->Create();
 
 		ExistFunc_[EntityDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
 			return EntityDB_->Exists(F, V);
@@ -117,8 +125,22 @@ namespace OpenWifi {
 		ExistFunc_[OverridesDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
 			return OverridesDB_->Exists(F, V);
 		};
+        ExistFunc_[GLBLRAccountInfoDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return GLBLRAccountInfoDB_->Exists(F, V);
+        };
+        ExistFunc_[GLBLRCertsDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return GLBLRCertsDB_->Exists(F, V);
+        };
+        ExistFunc_[OrionAccountsDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return OrionAccountsDB_->Exists(F, V);
+        };
+        ExistFunc_[RadiusEndpointDB_->Prefix()] = [=](const char *F, std::string &V) -> bool {
+            return RadiusEndpointDB_->Exists(F, V);
+        };
 
-		ExpandFunc_[EntityDB_->Prefix()] = [=](const char *F, std::string &V, std::string &Name,
+
+
+        ExpandFunc_[EntityDB_->Prefix()] = [=](const char *F, std::string &V, std::string &Name,
 											   std::string &Description) -> bool {
 			return EntityDB_->GetNameAndDescription(F, V, Name, Description);
 		};
@@ -206,9 +228,29 @@ namespace OpenWifi {
 			[=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
 				[[maybe_unused]] std::string &Name,
 				[[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[GLBLRAccountInfoDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[OverridesDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[GLBLRCertsDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
+        ExpandFunc_[OrionAccountsDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
 
-		InventoryDB_->InitializeSerialCache();
+        ExpandFunc_[RadiusEndpointDB_->Prefix()] =
+                [=]([[maybe_unused]] const char *F, [[maybe_unused]] std::string &V,
+                    [[maybe_unused]] std::string &Name,
+                    [[maybe_unused]] std::string &Description) -> bool { return false; };
 
+        InventoryDB_->InitializeSerialCache();
 		ConsistencyCheck();
 		InitializeSystemDBs();
 

src/StorageService.h

@@ -28,6 +28,10 @@
 #include "storage/storage_tags.h"
 #include "storage/storage_variables.h"
 #include "storage/storage_venue.h"
+#include "storage/storage_glblraccounts.h"
+#include "storage/storage_glblrcerts.h"
+#include "storage/storage_orion_accounts.h"
+#include "storage/storage_radius_endpoints.h"
 
 #include "Poco/URI.h"
 #include "framework/ow_constants.h"
@@ -47,25 +51,29 @@ namespace OpenWifi {
 		typedef std::list<ProvObjects::ExpandedUseEntry> ExpandedInUseList;
 		typedef std::map<std::string, ProvObjects::ExpandedUseEntryList> ExpandedListMap;
 
-		OpenWifi::EntityDB &EntityDB() { return *EntityDB_; };
-		OpenWifi::PolicyDB &PolicyDB() { return *PolicyDB_; };
-		OpenWifi::VenueDB &VenueDB() { return *VenueDB_; };
-		OpenWifi::LocationDB &LocationDB() { return *LocationDB_; };
-		OpenWifi::ContactDB &ContactDB() { return *ContactDB_; };
-		OpenWifi::InventoryDB &InventoryDB() { return *InventoryDB_; };
-		OpenWifi::ManagementRoleDB &RolesDB() { return *RolesDB_; };
-		OpenWifi::ConfigurationDB &ConfigurationDB() { return *ConfigurationDB_; };
-		OpenWifi::TagsDictionaryDB &TagsDictionaryDB() { return *TagsDictionaryDB_; };
-		OpenWifi::TagsObjectDB &TagsObjectDB() { return *TagsObjectDB_; };
-		OpenWifi::MapDB &MapDB() { return *MapDB_; };
-		OpenWifi::SignupDB &SignupDB() { return *SignupDB_; };
-		OpenWifi::VariablesDB &VariablesDB() { return *VariablesDB_; };
-		OpenWifi::OperatorDB &OperatorDB() { return *OperatorDB_; };
-		OpenWifi::ServiceClassDB &ServiceClassDB() { return *ServiceClassDB_; };
-		OpenWifi::SubscriberDeviceDB &SubscriberDeviceDB() { return *SubscriberDeviceDB_; };
-		OpenWifi::OpLocationDB &OpLocationDB() { return *OpLocationDB_; };
-		OpenWifi::OpContactDB &OpContactDB() { return *OpContactDB_; };
-		OpenWifi::OverridesDB &OverridesDB() { return *OverridesDB_; };
+		inline OpenWifi::EntityDB &EntityDB() { return *EntityDB_; };
+        inline OpenWifi::PolicyDB &PolicyDB() { return *PolicyDB_; };
+        inline OpenWifi::VenueDB &VenueDB() { return *VenueDB_; };
+        inline OpenWifi::LocationDB &LocationDB() { return *LocationDB_; };
+        inline OpenWifi::ContactDB &ContactDB() { return *ContactDB_; };
+        inline OpenWifi::InventoryDB &InventoryDB() { return *InventoryDB_; };
+        inline OpenWifi::ManagementRoleDB &RolesDB() { return *RolesDB_; };
+        inline OpenWifi::ConfigurationDB &ConfigurationDB() { return *ConfigurationDB_; };
+        inline OpenWifi::TagsDictionaryDB &TagsDictionaryDB() { return *TagsDictionaryDB_; };
+        inline OpenWifi::TagsObjectDB &TagsObjectDB() { return *TagsObjectDB_; };
+        inline OpenWifi::MapDB &MapDB() { return *MapDB_; };
+        inline OpenWifi::SignupDB &SignupDB() { return *SignupDB_; };
+        inline OpenWifi::VariablesDB &VariablesDB() { return *VariablesDB_; };
+        inline OpenWifi::OperatorDB &OperatorDB() { return *OperatorDB_; };
+        inline OpenWifi::ServiceClassDB &ServiceClassDB() { return *ServiceClassDB_; };
+        inline OpenWifi::SubscriberDeviceDB &SubscriberDeviceDB() { return *SubscriberDeviceDB_; };
+        inline OpenWifi::OpLocationDB &OpLocationDB() { return *OpLocationDB_; };
+        inline OpenWifi::OpContactDB &OpContactDB() { return *OpContactDB_; };
+        inline OpenWifi::OverridesDB &OverridesDB() { return *OverridesDB_; };
+        inline OpenWifi::GLBLRAccountInfoDB &GLBLRAccountInfoDB() { return *GLBLRAccountInfoDB_; }
+        inline OpenWifi::GLBLRCertsDB &GLBLRCertsDB() { return *GLBLRCertsDB_; }
+        inline OpenWifi::OrionAccountsDB &OrionAccountsDB() { return *OrionAccountsDB_; }
+        inline OpenWifi::RadiusEndpointDB &RadiusEndpointDB() { return *RadiusEndpointDB_; }
 
 		bool Validate(const Poco::URI::QueryParameters &P, RESTAPI::Errors::msg &Error);
 		bool Validate(const Types::StringVec &P, std::string &Error);
@@ -125,6 +133,10 @@ namespace OpenWifi {
 		std::unique_ptr<OpenWifi::OpLocationDB> OpLocationDB_;
 		std::unique_ptr<OpenWifi::OpContactDB> OpContactDB_;
 		std::unique_ptr<OpenWifi::OverridesDB> OverridesDB_;
+        std::unique_ptr<OpenWifi::GLBLRAccountInfoDB> GLBLRAccountInfoDB_;
+        std::unique_ptr<OpenWifi::GLBLRCertsDB> GLBLRCertsDB_;
+        std::unique_ptr<OpenWifi::OrionAccountsDB> OrionAccountsDB_;
+        std::unique_ptr<OpenWifi::RadiusEndpointDB> RadiusEndpointDB_;
 		std::string DefaultOperator_;
 
 		typedef std::function<bool(const char *FieldName, std::string &Value)> exist_func;

src/Tasks/VenueConfigUpdater.h

@@ -28,6 +28,42 @@ namespace OpenWifi {
 		}
 	}
 
+	[[maybe_unused]] static void ComputeAndPushConfig(const std::string &SerialNumber, const std::string &DeviceType, Poco::Logger &Logger) {
+		/*
+		Generic Helper to compute a device's config and push it down to the device.
+		*/
+		poco_information(Logger, fmt::format("Attempting to push venue config for device {}", SerialNumber));
+		auto DeviceConfig = std::make_shared<APConfig>(SerialNumber,
+														DeviceType, Logger, false);
+		auto Configuration = Poco::makeShared<Poco::JSON::Object>();
+		try {
+			if (DeviceConfig->Get(Configuration)) {
+				std::ostringstream OS;
+				Configuration->stringify(OS);
+				auto Response = Poco::makeShared<Poco::JSON::Object>();
+				poco_debug(Logger,
+							fmt::format("{}: Pushing configuration.", SerialNumber));
+				if (SDK::GW::Device::Configure(nullptr, SerialNumber, Configuration,
+												Response)) {
+					Logger.debug(
+						fmt::format("{}: Configuration pushed.", SerialNumber));
+					poco_information(Logger,
+										fmt::format("{}: Updated.", SerialNumber));
+				} else {
+					poco_information(Logger,
+										fmt::format("{}: Not updated.", SerialNumber));
+				}
+			} else {
+				poco_debug(Logger,
+							fmt::format("{}: Configuration is bad.", SerialNumber));
+			}
+		} catch (...) {
+			poco_debug(Logger,
+						fmt::format("{}: Configuration is bad (caused an exception).",
+									SerialNumber));
+		}
+	}
+
 	class VenueDeviceConfigUpdater : public Poco::Runnable {
 	  public:
 		VenueDeviceConfigUpdater(const std::string &UUID, const std::string &venue, Poco::Logger &L)
@@ -118,8 +154,9 @@ namespace OpenWifi {
 
 				Poco::ThreadPool Pool_;
 				std::list<VenueDeviceConfigUpdater *> JobList;
-
-				for (const auto &uuid : Venue.devices) {
+                std::vector<std::string> DeviceList;
+                StorageService()->InventoryDB().GetDevicesUUIDForVenue(Venue.info.id, DeviceList);
+				for (const auto &uuid : DeviceList) {
 					auto NewTask = new VenueDeviceConfigUpdater(uuid, Venue.info.name, Logger());
 					bool TaskAdded = false;
 					while (!TaskAdded) {

src/Tasks/VenueRebooter.h

@@ -68,8 +68,10 @@ namespace OpenWifi {
 
 				Poco::ThreadPool Pool_;
 				std::list<VenueDeviceRebooter *> JobList;
+                std::vector<std::string> DeviceList;
+                StorageService()->InventoryDB().GetDevicesUUIDForVenue(Venue.info.id, DeviceList);
 
-				for (const auto &uuid : Venue.devices) {
+				for (const auto &uuid : DeviceList) {
 					auto NewTask = new VenueDeviceRebooter(uuid, Venue.info.name, Logger());
 					bool TaskAdded = false;
 					while (!TaskAdded) {

src/Tasks/VenueUpgrade.h

@@ -28,7 +28,7 @@ namespace OpenWifi {
 
 				Storage::ApplyRules(rules_, Device.deviceRules);
 				if (Device.deviceRules.firmwareUpgrade == "no") {
-					poco_debug(Logger(), fmt::format("Skipped Upgrade: {}", Device.serialNumber));
+					poco_debug(Logger(), fmt::format("Skipped Upgrade: {} : Venue rules prevent upgrading", Device.serialNumber));
 					skipped_++;
 					done_ = true;
 					return;
@@ -36,10 +36,15 @@ namespace OpenWifi {
 
 				FMSObjects::Firmware F;
 				if (SDK::FMS::Firmware::GetFirmware(Device.deviceType, revision_, F)) {
-					if (SDK::GW::Device::Upgrade(nullptr, Device.serialNumber, 0, F.uri)) {
-						Logger().debug(
-							fmt::format("{}: Upgraded to {}.", Device.serialNumber, revision_));
-						upgraded_++;
+                    std::string Status;
+					if (SDK::GW::Device::Upgrade(nullptr, Device.serialNumber, 0, F.uri, Status)) {
+                        if(Status=="pending") {
+                            pending_++;
+                            poco_debug(Logger(), fmt::format("Upgrade Pending: {} : {}", Device.serialNumber, Status));
+                        } else {
+                            upgraded_++;
+                            poco_debug(Logger(), fmt::format("Upgrade Success: {} : {}", Device.serialNumber, Status));
+                        }
 					} else {
 						poco_information(Logger(), fmt::format("{}: Not Upgraded to {}.",
 															   Device.serialNumber, revision_));
@@ -53,10 +58,9 @@ namespace OpenWifi {
 				}
 			}
 			done_ = true;
-			// std::cout << "Done push for " << Device.serialNumber << std::endl;
 		}
 
-		std::uint64_t upgraded_ = 0, not_connected_ = 0, skipped_ = 0, no_firmware_ = 0;
+		std::uint64_t upgraded_ = 0, not_connected_ = 0, skipped_ = 0, no_firmware_ = 0, pending_ = 0;
 		bool started_ = false, done_ = false;
 		std::string SerialNumber;
 
@@ -85,7 +89,7 @@ namespace OpenWifi {
 			ProvWebSocketNotifications::VenueFWUpgradeList_t N;
 
 			ProvObjects::Venue Venue;
-			uint64_t upgraded_ = 0, not_connected_ = 0, skipped_ = 0, no_firmware_ = 0;
+			uint64_t upgraded_ = 0, not_connected_ = 0, skipped_ = 0, no_firmware_ = 0, pending_=0;
 			if (StorageService()->VenueDB().GetRecord("id", VenueUUID_, Venue)) {
 
 				N.content.title = fmt::format("Upgrading {} devices.", Venue.info.name);
@@ -96,8 +100,10 @@ namespace OpenWifi {
 				ProvObjects::DeviceRules Rules;
 
 				StorageService()->VenueDB().EvaluateDeviceRules(Venue.info.id, Rules);
+                std::vector<std::string> DeviceList;
+                StorageService()->InventoryDB().GetDevicesUUIDForVenue(Venue.info.id, DeviceList);
 
-				for (const auto &uuid : Venue.devices) {
+				for (const auto &uuid : DeviceList) {
 					auto NewTask =
 						new VenueDeviceUpgrade(uuid, Venue.info.name, Revision_, Rules, Logger());
 					bool TaskAdded = false;
@@ -121,10 +127,13 @@ namespace OpenWifi {
 								N.content.not_connected.push_back(current_job->SerialNumber);
 							else if (current_job->no_firmware_)
 								N.content.no_firmware.push_back(current_job->SerialNumber);
+                            else if (current_job->pending_)
+                                N.content.pending.push_back(current_job->SerialNumber);
 							upgraded_ += current_job->upgraded_;
 							skipped_ += current_job->skipped_;
 							no_firmware_ += current_job->no_firmware_;
 							not_connected_ += current_job->not_connected_;
+                            pending_ += current_job->pending_;
 							job_it = JobList.erase(job_it);
 							delete current_job;
 						} else {
@@ -146,10 +155,13 @@ namespace OpenWifi {
 							N.content.not_connected.push_back(current_job->SerialNumber);
 						else if (current_job->no_firmware_)
 							N.content.no_firmware.push_back(current_job->SerialNumber);
+                        else if (current_job->pending_)
+                            N.content.pending.push_back(current_job->SerialNumber);
 						upgraded_ += current_job->upgraded_;
 						skipped_ += current_job->skipped_;
 						no_firmware_ += current_job->no_firmware_;
 						not_connected_ += current_job->not_connected_;
+                        pending_ += current_job->pending_;
 						job_it = JobList.erase(job_it);
 						delete current_job;
 					} else {
@@ -158,8 +170,8 @@ namespace OpenWifi {
 				}
 
 				N.content.details = fmt::format(
-					"Job {} Completed: {} upgraded, {} not connected, {} skipped, {} no firmware.",
-					JobId(), upgraded_, not_connected_, skipped_, no_firmware_);
+					"Job {} Completed: {} upgraded, {} not connected, {} skipped, {} no firmware, {} pending.",
+					JobId(), upgraded_, not_connected_, skipped_, no_firmware_, pending_);
 			} else {
 				N.content.details = fmt::format("Venue {} no longer exists.", VenueUUID_);
 				Logger().warning(N.content.details);

src/UI_Prov_WebSocketNotifications.cpp

@@ -60,6 +60,7 @@ namespace OpenWifi::ProvWebSocketNotifications {
 		RESTAPI_utils::field_to_json(Obj, "success", success);
 		RESTAPI_utils::field_to_json(Obj, "notConnected", not_connected);
 		RESTAPI_utils::field_to_json(Obj, "noFirmware", no_firmware);
+        RESTAPI_utils::field_to_json(Obj, "pending", pending);
 		RESTAPI_utils::field_to_json(Obj, "skipped", skipped);
 		RESTAPI_utils::field_to_json(Obj, "timeStamp", timeStamp);
 		RESTAPI_utils::field_to_json(Obj, "details", details);
@@ -71,6 +72,7 @@ namespace OpenWifi::ProvWebSocketNotifications {
 			RESTAPI_utils::field_from_json(Obj, "jobId", jobId);
 			RESTAPI_utils::field_from_json(Obj, "success", success);
 			RESTAPI_utils::field_from_json(Obj, "notConnected", not_connected);
+            RESTAPI_utils::field_from_json(Obj, "pending", pending);
 			RESTAPI_utils::field_from_json(Obj, "noFirmware", no_firmware);
 			RESTAPI_utils::field_from_json(Obj, "skipped", skipped);
 			RESTAPI_utils::field_from_json(Obj, "timeStamp", timeStamp);

src/UI_Prov_WebSocketNotifications.h

@@ -32,7 +32,7 @@ namespace OpenWifi::ProvWebSocketNotifications {
 
 	struct FWUpgradeList {
 		std::string title, details, jobId;
-		std::vector<std::string> success, skipped, no_firmware, not_connected;
+		std::vector<std::string> success, skipped, no_firmware, not_connected, pending;
 		uint64_t timeStamp = OpenWifi::Utils::Now();
 
 		void to_json(Poco::JSON::Object &Obj) const;

src/framework/AppServiceRegistry.h

@@ -11,10 +11,12 @@
 
 #include "Poco/File.h"
 #include "Poco/StreamCopier.h"
+#include "Poco/JSON/Object.h"
+#include "Poco/JSON/Parser.h"
 
 #include "framework/MicroServiceFuncs.h"
 
-#include "nlohmann/json.hpp"
+// #include "nlohmann/json.hpp"
 
 namespace OpenWifi {
 
@@ -28,11 +30,11 @@ namespace OpenWifi {
 				if (F.exists()) {
 					std::ostringstream OS;
 					std::ifstream IF(FileName);
-					Poco::StreamCopier::copyStream(IF, OS);
-					Registry_ = nlohmann::json::parse(OS.str());
+                    Poco::JSON::Parser  P;
+					Registry_ = P.parse(IF).extract<Poco::JSON::Object::Ptr>();
 				}
 			} catch (...) {
-				Registry_ = nlohmann::json::parse("{}");
+				Registry_ = Poco::makeShared<Poco::JSON::Object>();
 			}
 		}
 
@@ -44,54 +46,47 @@ namespace OpenWifi {
 		inline ~AppServiceRegistry() { Save(); }
 
 		inline void Save() {
-			std::istringstream IS(to_string(Registry_));
 			std::ofstream OF;
 			OF.open(FileName, std::ios::binary | std::ios::trunc);
-			Poco::StreamCopier::copyStream(IS, OF);
+            Registry_->stringify(OF);
 		}
 
-		inline void Set(const char *Key, uint64_t Value) {
-			Registry_[Key] = Value;
+        void Set(const char *key, const std::vector<std::string> &V) {
+            Poco::JSON::Array   Arr;
+            for(const auto &s:V) {
+                Arr.add(s);
+            }
+            Registry_->set(key,Arr);
+            Save();
+        }
+
+        template<class T> void Set(const char *key, const T &Value) {
+            Registry_->set(key,Value);
 			Save();
 		}
 
-		inline void Set(const char *Key, const std::string &Value) {
-			Registry_[Key] = Value;
-			Save();
-		}
+        bool Get(const char *key, std::vector<std::string> &Value) {
+            if(Registry_->has(key) && !Registry_->isNull(key) && Registry_->isArray(key)) {
+                auto Arr = Registry_->get(key);
+                for(const auto &v:Arr) {
+                    Value.emplace_back(v);
+                }
+                return true;
+            }
+            return false;
+        }
 
-		inline void Set(const char *Key, bool Value) {
-			Registry_[Key] = Value;
-			Save();
-		}
-
-		inline bool Get(const char *Key, bool &Value) {
-			if (Registry_[Key].is_boolean()) {
-				Value = Registry_[Key].get<bool>();
-				return true;
-			}
-			return false;
-		}
-
-		inline bool Get(const char *Key, uint64_t &Value) {
-			if (Registry_[Key].is_number_unsigned()) {
-				Value = Registry_[Key].get<uint64_t>();
-				return true;
-			}
-			return false;
-		}
-
-		inline bool Get(const char *Key, std::string &Value) {
-			if (Registry_[Key].is_string()) {
-				Value = Registry_[Key].get<std::string>();
-				return true;
-			}
-			return false;
-		}
+        template<class T> bool Get(const char *key, T &Value) {
+            if(Registry_->has(key) && !Registry_->isNull(key)) {
+                Value = Registry_->getValue<T>(key);
+                return true;
+            }
+            return false;
+        }
 
 	  private:
 		std::string FileName;
-		nlohmann::json Registry_;
+		Poco::JSON::Object::Ptr Registry_;
 	};
 
 	inline auto AppServiceRegistry() { return AppServiceRegistry::instance(); }

src/framework/ConfigurationValidator.h

@@ -17,33 +17,42 @@
 namespace OpenWifi {
 	class ConfigurationValidator : public SubSystemServer {
 	  public:
+
+		enum class ConfigurationType { AP = 0 , SWITCH = 1};
+
 		static auto instance() {
 			static auto instance_ = new ConfigurationValidator;
 			return instance_;
 		}
 
-		bool Validate(const std::string &C, std::vector<std::string> &Errors, bool Strict);
+		bool Validate(ConfigurationType Type, const std::string &C, std::string &Errors, bool Strict);
 		int Start() override;
 		void Stop() override;
 		void reinitialize(Poco::Util::Application &self) override;
 
+		inline static ConfigurationType GetType(const std::string &type) {
+			std::string Type = Poco::toUpper(type);
+			if (Type == "AP")
+				return ConfigurationType::AP;
+			if (Type == "SWITCH")
+				return ConfigurationType::SWITCH;
+			return ConfigurationType::AP;
+		}
+
 	  private:
 		bool Initialized_ = false;
 		bool Working_ = false;
 		void Init();
-		std::unique_ptr<valijson::Schema> RootSchema_;
-		std::unique_ptr<valijson::SchemaParser> SchemaParser_;
-		std::unique_ptr<valijson::adapters::PocoJsonAdapter> PocoJsonAdapter_;
-		Poco::JSON::Object::Ptr SchemaDocPtr_;
-		bool SetSchema(const std::string &SchemaStr);
+		std::array<valijson::Schema,2> 			RootSchema_;
+		bool SetSchema(ConfigurationType Type, const std::string &SchemaStr);
 
 		ConfigurationValidator()
 			: SubSystemServer("ConfigValidator", "CFG-VALIDATOR", "config.validator") {}
 	};
 
 	inline auto ConfigurationValidator() { return ConfigurationValidator::instance(); }
-	inline bool ValidateUCentralConfiguration(const std::string &C, std::vector<std::string> &Error,
+	inline bool ValidateUCentralConfiguration(ConfigurationValidator::ConfigurationType Type, const std::string &C, std::string &Errors,
 											  bool strict) {
-		return ConfigurationValidator::instance()->Validate(C, Error, strict);
+		return ConfigurationValidator::instance()->Validate(Type, C, Errors, strict);
 	}
 } // namespace OpenWifi

src/framework/EventBusManager.cpp

@@ -9,29 +9,27 @@
 
 namespace OpenWifi {
 
-	EventBusManager::EventBusManager(Poco::Logger &L) : Logger_(L) {}
-
 	void EventBusManager::run() {
 		Running_ = true;
 		Utils::SetThreadName("fmwk:EventMgr");
-		auto Msg = std::make_shared<std::string>(MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_JOIN));
+		auto Msg = (MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_JOIN));
 		KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroServicePrivateEndPoint(), Msg,
 									false);
 		while (Running_) {
-			Poco::Thread::trySleep((unsigned long)MicroServiceDaemonBusTimer());
-			if (!Running_)
-				break;
-			Msg = std::make_shared<std::string>(MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE));
+			if(!Poco::Thread::trySleep((unsigned long)MicroServiceDaemonBusTimer())) {
+                break;
+            }
+			Msg = (MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE));
 			KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroServicePrivateEndPoint(),
 										Msg, false);
 		}
-		Msg = std::make_shared<std::string>(MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_LEAVE));
+		Msg = (MicroServiceMakeSystemEventMessage(KafkaTopics::ServiceEvents::EVENT_LEAVE));
 		KafkaManager()->PostMessage(KafkaTopics::SERVICE_EVENTS, MicroServicePrivateEndPoint(), Msg,
 									false);
 	};
 
 	void EventBusManager::Start() {
-		poco_information(Logger(), "Starting...");
+		poco_information(Logger_, "Starting...");
 		if (KafkaManager()->Enabled()) {
 			Thread_.start(*this);
 		}
@@ -39,11 +37,11 @@ namespace OpenWifi {
 
 	void EventBusManager::Stop() {
 		if (KafkaManager()->Enabled()) {
-			poco_information(Logger(), "Stopping...");
+			poco_information(Logger_, "Stopping...");
 			Running_ = false;
 			Thread_.wakeUp();
 			Thread_.join();
-			poco_information(Logger(), "Stopped...");
+			poco_information(Logger_, "Stopped...");
 		}
 	}
 

src/framework/EventBusManager.h

@@ -12,7 +12,16 @@ namespace OpenWifi {
 
 	class EventBusManager : public Poco::Runnable {
 	  public:
-		explicit EventBusManager(Poco::Logger &L);
+		EventBusManager() :
+			Logger_(Poco::Logger::create(
+				"EventBusManager", Poco::Logger::root().getChannel(), Poco::Logger::root().getLevel())) {
+		}
+
+		static auto instance() {
+			static auto instance_ = new EventBusManager;
+			return instance_;
+		}
+
 		void run() final;
 		void Start();
 		void Stop();
@@ -24,4 +33,6 @@ namespace OpenWifi {
 		Poco::Logger &Logger_;
 	};
 
+	inline auto EventBusManager() { return EventBusManager::instance(); }
+
 } // namespace OpenWifi

src/framework/KafkaManager.cpp

@@ -6,6 +6,7 @@
 
 #include "fmt/format.h"
 #include "framework/MicroServiceFuncs.h"
+#include "cppkafka/utils/consumer_dispatcher.h"
 
 namespace OpenWifi {
 
@@ -78,8 +79,10 @@ namespace OpenWifi {
 		Utils::SetThreadName("Kafka:Prod");
 		cppkafka::Configuration Config(
 			{{"client.id", MicroServiceConfigGetString("openwifi.kafka.client.id", "")},
-			 {"metadata.broker.list",
-			  MicroServiceConfigGetString("openwifi.kafka.brokerlist", "")}});
+			 {"metadata.broker.list",MicroServiceConfigGetString("openwifi.kafka.brokerlist", "")} // ,
+			 // {"send.buffer.bytes", KafkaManager()->KafkaManagerMaximumPayloadSize() }
+			}
+ 		);
 
 		AddKafkaSecurity(Config);
 
@@ -99,9 +102,21 @@ namespace OpenWifi {
 			try {
 				auto Msg = dynamic_cast<KafkaMessage *>(Note.get());
 				if (Msg != nullptr) {
-					Producer.produce(cppkafka::MessageBuilder(Msg->Topic())
-										 .key(Msg->Key())
-										 .payload(Msg->Payload()));
+					auto NewMessage = cppkafka::MessageBuilder(Msg->Topic());
+					NewMessage.key(Msg->Key());
+					NewMessage.partition(0);
+					NewMessage.payload(Msg->Payload());
+					Producer.produce(NewMessage);
+					if (Queue_.size() < 100) {
+						// use flush when internal queue is lightly loaded, i.e. flush after each
+						// message
+						Producer.flush();
+					}
+					else {
+						// use poll when internal queue is loaded to allow messages to be sent in
+						// batches
+						Producer.poll((std::chrono::milliseconds) 0);
+					}
 				}
 			} catch (const cppkafka::HandleException &E) {
 				poco_warning(Logger_,
@@ -111,8 +126,13 @@ namespace OpenWifi {
 			} catch (...) {
 				poco_error(Logger_, "std::exception");
 			}
+			if (Queue_.size() == 0) {
+				// message queue is empty, flush all previously sent messages
+				Producer.flush();
+			}
 			Note = Queue_.waitDequeueNotification();
 		}
+		Producer.flush();
 		poco_information(Logger_, "Stopped...");
 	}
 
@@ -156,43 +176,49 @@ namespace OpenWifi {
 			}
 		});
 
-		bool AutoCommit = MicroServiceConfigGetBool("openwifi.kafka.auto.commit", false);
-		auto BatchSize = MicroServiceConfigGetInt("openwifi.kafka.consumer.batchsize", 20);
+		// bool AutoCommit = MicroServiceConfigGetBool("openwifi.kafka.auto.commit", false);
+		// auto BatchSize = MicroServiceConfigGetInt("openwifi.kafka.consumer.batchsize", 100);
 
 		Types::StringVec Topics;
-		KafkaManager()->Topics(Topics);
+		std::for_each(Topics_.begin(),Topics_.end(),
+					  [&](const std::string & T) { Topics.emplace_back(T); });
 		Consumer.subscribe(Topics);
 
 		Running_ = true;
-		while (Running_) {
-			try {
-				std::vector<cppkafka::Message> MsgVec =
-					Consumer.poll_batch(BatchSize, std::chrono::milliseconds(100));
-				for (auto const &Msg : MsgVec) {
-					if (!Msg)
-						continue;
-					if (Msg.get_error()) {
-						if (!Msg.is_eof()) {
-							poco_error(Logger_,
-									   fmt::format("Error: {}", Msg.get_error().to_string()));
+		std::vector<cppkafka::Message> MsgVec;
+
+		Dispatcher_ = std::make_unique<cppkafka::ConsumerDispatcher>(Consumer);
+
+		Dispatcher_->run(
+			// Callback executed whenever a new message is consumed
+			[&](cppkafka::Message msg) {
+				// Print the key (if any)
+				std::lock_guard G(ConsumerMutex_);
+				auto It = Notifiers_.find(msg.get_topic());
+				if (It != Notifiers_.end()) {
+					const auto &FL = It->second;
+					for (const auto &[CallbackFunc, _] : FL) {
+						try {
+							CallbackFunc(msg.get_key(), msg.get_payload());
+						} catch(const Poco::Exception &E) {
+
+						} catch(...) {
+
 						}
-						if (!AutoCommit)
-							Consumer.async_commit(Msg);
-						continue;
 					}
-					KafkaManager()->Dispatch(Msg.get_topic().c_str(), Msg.get_key(), std::make_shared<std::string>(Msg.get_payload()));
-					if (!AutoCommit)
-						Consumer.async_commit(Msg);
 				}
-			} catch (const cppkafka::HandleException &E) {
-				poco_warning(Logger_,
-							 fmt::format("Caught a Kafka exception (consumer): {}", E.what()));
-			} catch (const Poco::Exception &E) {
-				Logger_.log(E);
-			} catch (...) {
-				poco_error(Logger_, "std::exception");
+				Consumer.commit(msg);
+			},
+			// Whenever there's an error (other than the EOF soft error)
+			[&Logger_](cppkafka::Error error) {
+				poco_warning(Logger_,fmt::format("Error: {}", error.to_string()));
+			},
+			// Whenever EOF is reached on a partition, print this
+			[&Logger_](cppkafka::ConsumerDispatcher::EndOfFile, const cppkafka::TopicPartition& topic_partition) {
+				poco_debug(Logger_,fmt::format("Partition {} EOF", topic_partition.get_partition()));
 			}
-		}
+		);
+
 		Consumer.unsubscribe();
 		poco_information(Logger_, "Stopped...");
 	}
@@ -213,14 +239,13 @@ namespace OpenWifi {
 	}
 
 	void KafkaProducer::Produce(const char *Topic, const std::string &Key,
-								std::shared_ptr<std::string> Payload) {
+								const std::string &Payload) {
 		std::lock_guard G(Mutex_);
 		Queue_.enqueueNotification(new KafkaMessage(Topic, Key, Payload));
 	}
 
 	void KafkaConsumer::Start() {
 		if (!Running_) {
-			Running_ = true;
 			Worker_.start(*this);
 		}
 	}
@@ -228,29 +253,16 @@ namespace OpenWifi {
 	void KafkaConsumer::Stop() {
 		if (Running_) {
 			Running_ = false;
-			Worker_.wakeUp();
+			if(Dispatcher_) {
+				Dispatcher_->stop();
+			}
 			Worker_.join();
 		}
 	}
 
-	void KafkaDispatcher::Start() {
-		if (!Running_) {
-			Running_ = true;
-			Worker_.start(*this);
-		}
-	}
-
-	void KafkaDispatcher::Stop() {
-		if (Running_) {
-			Running_ = false;
-			Queue_.wakeUpAll();
-			Worker_.join();
-		}
-	}
-
-	auto KafkaDispatcher::RegisterTopicWatcher(const std::string &Topic,
+	std::uint64_t KafkaConsumer::RegisterTopicWatcher(const std::string &Topic,
 											   Types::TopicNotifyFunction &F) {
-		std::lock_guard G(Mutex_);
+		std::lock_guard G(ConsumerMutex_);
 		auto It = Notifiers_.find(Topic);
 		if (It == Notifiers_.end()) {
 			Types::TopicNotifyFunctionList L;
@@ -259,11 +271,12 @@ namespace OpenWifi {
 		} else {
 			It->second.emplace(It->second.end(), std::make_pair(F, FunctionId_));
 		}
+		Topics_.insert(Topic);
 		return FunctionId_++;
 	}
 
-	void KafkaDispatcher::UnregisterTopicWatcher(const std::string &Topic, int Id) {
-		std::lock_guard G(Mutex_);
+	void KafkaConsumer::UnregisterTopicWatcher(const std::string &Topic, int Id) {
+		std::lock_guard G(ConsumerMutex_);
 		auto It = Notifiers_.find(Topic);
 		if (It != Notifiers_.end()) {
 			Types::TopicNotifyFunctionList &L = It->second;
@@ -275,56 +288,18 @@ namespace OpenWifi {
 		}
 	}
 
-	void KafkaDispatcher::Dispatch(const char *Topic, const std::string &Key,
-								   const std::shared_ptr<std::string> Payload) {
-		std::lock_guard G(Mutex_);
-		auto It = Notifiers_.find(Topic);
-		if (It != Notifiers_.end()) {
-			Queue_.enqueueNotification(new KafkaMessage(Topic, Key, Payload));
-		}
-	}
-
-	void KafkaDispatcher::run() {
-		Poco::Logger &Logger_ =
-			Poco::Logger::create("KAFKA-DISPATCHER", KafkaManager()->Logger().getChannel());
-		poco_information(Logger_, "Starting...");
-		Poco::AutoPtr<Poco::Notification> Note(Queue_.waitDequeueNotification());
-		Utils::SetThreadName("kafka:dispatch");
-		while (Note && Running_) {
-			auto Msg = dynamic_cast<KafkaMessage *>(Note.get());
-			if (Msg != nullptr) {
-				auto It = Notifiers_.find(Msg->Topic());
-				if (It != Notifiers_.end()) {
-					const auto &FL = It->second;
-					for (const auto &[CallbackFunc, _] : FL) {
-						CallbackFunc(Msg->Key(), Msg->Payload());
-					}
-				}
-			}
-			Note = Queue_.waitDequeueNotification();
-		}
-		poco_information(Logger_, "Stopped...");
-	}
-
-	void KafkaDispatcher::Topics(std::vector<std::string> &T) {
-		T.clear();
-		for (const auto &[TopicName, _] : Notifiers_)
-			T.push_back(TopicName);
-	}
-
 	int KafkaManager::Start() {
 		if (!KafkaEnabled_)
 			return 0;
+		MaxPayloadSize_ = MicroServiceConfigGetInt("openwifi.kafka.max.payload", 250000);
 		ConsumerThr_.Start();
 		ProducerThr_.Start();
-		Dispatcher_.Start();
 		return 0;
 	}
 
 	void KafkaManager::Stop() {
 		if (KafkaEnabled_) {
 			poco_information(Logger(), "Stopping...");
-			Dispatcher_.Stop();
 			ProducerThr_.Stop();
 			ConsumerThr_.Stop();
 			poco_information(Logger(), "Stopped...");
@@ -333,39 +308,26 @@ namespace OpenWifi {
 	}
 
 	void KafkaManager::PostMessage(const char *topic, const std::string &key,
-								   const std::shared_ptr<std::string> PayLoad, bool WrapMessage) {
+								   const std::string & PayLoad, bool WrapMessage) {
 		if (KafkaEnabled_) {
 			ProducerThr_.Produce(topic, key, WrapMessage ? WrapSystemId(PayLoad) : PayLoad);
 		}
 	}
 
-	void KafkaManager::Dispatch(const char *Topic, const std::string &Key,
-								const std::shared_ptr<std::string> Payload) {
-		Dispatcher_.Dispatch(Topic, Key, Payload);
-	}
-
-	[[nodiscard]] const std::shared_ptr<std::string> KafkaManager::WrapSystemId(const std::shared_ptr<std::string> PayLoad) {
-		*PayLoad = SystemInfoWrapper_ + *PayLoad + "}";
-		return PayLoad;
-	}
-
-	uint64_t KafkaManager::RegisterTopicWatcher(const std::string &Topic,
-												Types::TopicNotifyFunction &F) {
+	void KafkaManager::PostMessage(const char *topic, const std::string &key,
+					 const Poco::JSON::Object &Object, bool WrapMessage) {
 		if (KafkaEnabled_) {
-			return Dispatcher_.RegisterTopicWatcher(Topic, F);
-		} else {
-			return 0;
+			std::ostringstream ObjectStr;
+			Object.stringify(ObjectStr);
+			ProducerThr_.Produce(topic, key, WrapMessage ? WrapSystemId(ObjectStr.str()) : ObjectStr.str());
 		}
 	}
 
-	void KafkaManager::UnregisterTopicWatcher(const std::string &Topic, uint64_t Id) {
-		if (KafkaEnabled_) {
-			Dispatcher_.UnregisterTopicWatcher(Topic, Id);
-		}
+	[[nodiscard]] std::string KafkaManager::WrapSystemId(const std::string & PayLoad) {
+		return fmt::format(	R"lit({{ "system" : {{ "id" : {}, "host" : "{}" }}, "payload" : {} }})lit",
+						   MicroServiceID(), MicroServicePrivateEndPoint(), PayLoad ) ;
 	}
 
-	void KafkaManager::Topics(std::vector<std::string> &T) { Dispatcher_.Topics(T); }
-
 	void KafkaManager::PartitionAssignment(const cppkafka::TopicPartitionList &partitions) {
 		poco_information(
 			Logger(), fmt::format("Partition assigned: {}...", partitions.front().get_partition()));
@@ -376,4 +338,4 @@ namespace OpenWifi {
 											   partitions.front().get_partition()));
 	}
 
-} // namespace OpenWifi
+} // namespace OpenWifi

src/framework/KafkaManager.h

@@ -6,7 +6,7 @@
 
 #include "Poco/Notification.h"
 #include "Poco/NotificationQueue.h"
-
+#include "Poco/JSON/Object.h"
 #include "framework/KafkaTopics.h"
 #include "framework/OpenWifiTypes.h"
 #include "framework/SubSystemServer.h"
@@ -18,17 +18,17 @@ namespace OpenWifi {
 
 	class KafkaMessage : public Poco::Notification {
 	  public:
-		KafkaMessage(const char * Topic, const std::string &Key, std::shared_ptr<std::string> Payload)
+		KafkaMessage(const char * Topic, const std::string &Key, const std::string &Payload)
 			: Topic_(Topic), Key_(Key), Payload_(Payload) {}
 
 		inline const char * Topic() { return Topic_; }
 		inline const std::string &Key() { return Key_; }
-		inline const std::string &Payload() { return *Payload_; }
+		inline const std::string &Payload() { return Payload_; }
 
 	  private:
 		const char *Topic_;
 		std::string Key_;
-		std::shared_ptr<std::string> Payload_;
+		std::string Payload_;
 	};
 
 	class KafkaProducer : public Poco::Runnable {
@@ -36,10 +36,10 @@ namespace OpenWifi {
 		void run() override;
 		void Start();
 		void Stop();
-		void Produce(const char *Topic, const std::string &Key, std::shared_ptr<std::string> Payload);
+		void Produce(const char *Topic, const std::string &Key, const std::string & Payload);
 
 	  private:
-		std::recursive_mutex Mutex_;
+		std::mutex Mutex_;
 		Poco::Thread Worker_;
 		mutable std::atomic_bool Running_ = false;
 		Poco::NotificationQueue Queue_;
@@ -47,33 +47,22 @@ namespace OpenWifi {
 
 	class KafkaConsumer : public Poco::Runnable {
 	  public:
-		void run() override;
 		void Start();
 		void Stop();
 
 	  private:
-		std::recursive_mutex Mutex_;
-		Poco::Thread Worker_;
+		std::mutex 				ConsumerMutex_;
+		Types::NotifyTable 		Notifiers_;
+		Poco::Thread 			Worker_;
 		mutable std::atomic_bool Running_ = false;
-	};
+		uint64_t 				FunctionId_ = 1;
+		std::unique_ptr<cppkafka::ConsumerDispatcher> 	Dispatcher_;
+		std::set<std::string>	Topics_;
 
-	class KafkaDispatcher : public Poco::Runnable {
-	  public:
-		void Start();
-		void Stop();
-		auto RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F);
+		void run() override;
+		friend class KafkaManager;
+		std::uint64_t RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F);
 		void UnregisterTopicWatcher(const std::string &Topic, int Id);
-		void Dispatch(const char *Topic, const std::string &Key, const std::shared_ptr<std::string> Payload);
-		void run() override;
-		void Topics(std::vector<std::string> &T);
-
-	  private:
-		std::recursive_mutex Mutex_;
-		Types::NotifyTable Notifiers_;
-		Poco::Thread Worker_;
-		mutable std::atomic_bool Running_ = false;
-		uint64_t FunctionId_ = 1;
-		Poco::NotificationQueue Queue_;
 	};
 
 	class KafkaManager : public SubSystemServer {
@@ -92,20 +81,27 @@ namespace OpenWifi {
 		void Stop() override;
 
 		void PostMessage(const char *topic, const std::string &key,
-						 std::shared_ptr<std::string> PayLoad, bool WrapMessage = true);
-		void Dispatch(const char *Topic, const std::string &Key, std::shared_ptr<std::string> Payload);
-		[[nodiscard]] const std::shared_ptr<std::string> WrapSystemId(std::shared_ptr<std::string> PayLoad);
+						 const std::string &PayLoad, bool WrapMessage = true);
+		void PostMessage(const char *topic, const std::string &key,
+						 const Poco::JSON::Object &Object, bool WrapMessage = true);
+
+		[[nodiscard]] std::string WrapSystemId(const std::string & PayLoad);
 		[[nodiscard]] inline bool Enabled() const { return KafkaEnabled_; }
-		uint64_t RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F);
-		void UnregisterTopicWatcher(const std::string &Topic, uint64_t Id);
-		void Topics(std::vector<std::string> &T);
+		inline std::uint64_t RegisterTopicWatcher(const std::string &Topic, Types::TopicNotifyFunction &F) {
+			return ConsumerThr_.RegisterTopicWatcher(Topic,F);
+		}
+		inline void UnregisterTopicWatcher(const std::string &Topic, uint64_t Id) {
+			return ConsumerThr_.UnregisterTopicWatcher(Topic,Id);
+		}
+
+		std::uint64_t KafkaManagerMaximumPayloadSize() const { return MaxPayloadSize_; }
 
 	  private:
 		bool KafkaEnabled_ = false;
 		std::string SystemInfoWrapper_;
 		KafkaProducer ProducerThr_;
 		KafkaConsumer ConsumerThr_;
-		KafkaDispatcher Dispatcher_;
+		std::uint64_t MaxPayloadSize_ = 250000;
 
 		void PartitionAssignment(const cppkafka::TopicPartitionList &partitions);
 		void PartitionRevocation(const cppkafka::TopicPartitionList &partitions);

src/framework/KafkaTopics.h

@@ -20,6 +20,7 @@ namespace OpenWifi::KafkaTopics {
 	inline const char * DEVICE_EVENT_QUEUE = "device_event_queue";
 	inline const char * DEVICE_TELEMETRY = "device_telemetry";
 	inline const char * PROVISIONING_CHANGE = "provisioning_change";
+	inline const char * RRM = "rrm";
 
 	namespace ServiceEvents {
 		inline const char * EVENT_JOIN = "join";

src/framework/MicroService.cpp

@@ -1,4 +1,5 @@
 //
+//
 // Created by stephane bourque on 2022-10-26.
 //
 
@@ -29,13 +30,29 @@
 #include "framework/WebSocketLogger.h"
 #include "framework/utils.h"
 
+#ifdef  USE_MEDUSA_CLIENT
+#include <medusa/MedusaClient.h>
+#endif
+
 namespace OpenWifi {
 
-	void MicroService::Exit(int Reason) { std::exit(Reason); }
+	static std::string MakeServiceListString(const Types::MicroServiceMetaMap &Services) {
+        std::string SvcList;
+        for (const auto &Svc : Services) {
+            if (SvcList.empty())
+                SvcList = Svc.second.Type;
+            else
+                SvcList += ", " + Svc.second.Type;
+        }
+        return SvcList;
+    }
 
 	void MicroService::BusMessageReceived([[maybe_unused]] const std::string &Key,
 										  const std::string &Payload) {
 		std::lock_guard G(InfraMutex_);
+
+		Poco::Logger &BusLogger = EventBusManager()->Logger();
+
 		try {
 			Poco::JSON::Parser P;
 			auto Object = P.parse(Payload).extract<Poco::JSON::Object::Ptr>();
@@ -55,13 +72,10 @@ namespace OpenWifi {
 							Object->has(KafkaTopics::ServiceEvents::Fields::KEY)) {
 							auto PrivateEndPoint =
 								Object->get(KafkaTopics::ServiceEvents::Fields::PRIVATE).toString();
-							if (Event == KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE &&
-								Services_.find(PrivateEndPoint) != Services_.end()) {
-								Services_[PrivateEndPoint].LastUpdate = Utils::Now();
-							} else if (Event == KafkaTopics::ServiceEvents::EVENT_LEAVE) {
+							if (Event == KafkaTopics::ServiceEvents::EVENT_LEAVE) {
 								Services_.erase(PrivateEndPoint);
-								poco_debug(
-									logger(),
+								poco_information(
+									BusLogger,
 									fmt::format(
 										"Service {} ID={} leaving system.",
 										Object->get(KafkaTopics::ServiceEvents::Fields::PRIVATE)
@@ -69,14 +83,7 @@ namespace OpenWifi {
 										ID));
 							} else if (Event == KafkaTopics::ServiceEvents::EVENT_JOIN ||
 									   Event == KafkaTopics::ServiceEvents::EVENT_KEEP_ALIVE) {
-								poco_debug(
-									logger(),
-									fmt::format(
-										"Service {} ID={} joining system.",
-										Object->get(KafkaTopics::ServiceEvents::Fields::PRIVATE)
-											.toString(),
-										ID));
-								Services_[PrivateEndPoint] = Types::MicroServiceMeta{
+								auto ServiceInfo = Types::MicroServiceMeta{
 									.Id = ID,
 									.Type = Poco::toLower(
 										Object->get(KafkaTopics::ServiceEvents::Fields::TYPE)
@@ -94,20 +101,46 @@ namespace OpenWifi {
 												   .toString(),
 									.LastUpdate = Utils::Now()};
 
-								std::string SvcList;
-								for (const auto &Svc : Services_) {
-									if (SvcList.empty())
-										SvcList = Svc.second.Type;
-									else
-										SvcList += ", " + Svc.second.Type;
+                                auto s1 = MakeServiceListString(Services_);
+								auto PreviousSize = Services_.size();
+								Services_[PrivateEndPoint] = ServiceInfo;
+								auto CurrentSize = Services_.size();
+								if(Event == KafkaTopics::ServiceEvents::EVENT_JOIN) {
+									if(!s1.empty()) {
+										poco_information(
+											BusLogger,
+											fmt::format(
+												"Service {} ID={} is joining the system.",
+												Object
+													->get(
+														KafkaTopics::ServiceEvents::Fields::PRIVATE)
+													.toString(),
+												ID));
+									}
+									std::string SvcList;
+									for (const auto &Svc : Services_) {
+										if (SvcList.empty())
+											SvcList = Svc.second.Type;
+										else
+											SvcList += ", " + Svc.second.Type;
+									}
+									poco_information(
+										BusLogger,
+										fmt::format("Current list of microservices: {}", SvcList));
+								} else if(CurrentSize!=PreviousSize) {
+									poco_information(
+										BusLogger,
+										fmt::format(
+											"Service {} ID={} is being added back in.",
+											Object
+												->get(KafkaTopics::ServiceEvents::Fields::PRIVATE)
+												.toString(),
+											ID));
 								}
-								poco_information(
-									logger(),
-									fmt::format("Current list of microservices: {}", SvcList));
 							}
 						} else {
-							poco_error(
-								logger(),
+							poco_information(
+								BusLogger,
 								fmt::format("KAFKA-MSG: invalid event '{}', missing a field.",
 											Event));
 						}
@@ -118,32 +151,39 @@ namespace OpenWifi {
 								Object->get(KafkaTopics::ServiceEvents::Fields::TOKEN).toString());
 #endif
 						} else {
-							poco_error(
-								logger(),
+							poco_information(
+								BusLogger,
 								fmt::format("KAFKA-MSG: invalid event '{}', missing token", Event));
 						}
 					} else {
-						poco_error(logger(),
+						poco_information(BusLogger,
 								   fmt::format("Unknown Event: {} Source: {}", Event, ID));
 					}
 				}
 			} else {
-				poco_error(logger(), "Bad bus message.");
-                std::ostringstream os;
-                Object->stringify(std::cout);
+				std::ostringstream os;
+				Object->stringify(std::cout);
+				poco_error(BusLogger, fmt::format("Bad bus message: {}", os.str()));
 			}
 
-			auto i = Services_.begin();
+			auto ServiceHint = Services_.begin();
 			auto now = Utils::Now();
-			for (; i != Services_.end();) {
-				if ((now - i->second.LastUpdate) > 60) {
-					i = Services_.erase(i);
+            auto si1 = Services_.size();
+            auto ss1 = MakeServiceListString(Services_);
+			while(ServiceHint!=Services_.end()) {
+				if ((now - ServiceHint->second.LastUpdate) > 120) {
+					poco_information(BusLogger, fmt::format("ZombieService: Removing service {}, ", ServiceHint->second.PublicEndPoint));
+					ServiceHint = Services_.erase(ServiceHint);
 				} else
-					++i;
+					++ServiceHint;
 			}
+            if(Services_.size() != si1) {
+                auto ss2 = MakeServiceListString(Services_);
+                poco_information(BusLogger, fmt::format("Current list of microservices: {} -> {}", ss1, ss2));
+            }
 
 		} catch (const Poco::Exception &E) {
-			logger().log(E);
+			BusLogger.log(E);
 		}
 	}
 
@@ -167,25 +207,29 @@ namespace OpenWifi {
 			Res.push_back(ServiceRec);
 		}
 		return Res;
+
 	}
 
 	void MicroService::LoadConfigurationFile() {
-		std::string Location = Poco::Environment::get(DAEMON_CONFIG_ENV_VAR, ".");
-		ConfigFileName_ =
-			ConfigFileName_.empty() ? Location + "/" + DAEMON_PROPERTIES_FILENAME : ConfigFileName_;
-		Poco::Path ConfigFile(ConfigFileName_);
+        if(ConfigContent_.empty()) {
+            std::string Location = Poco::Environment::get(DAEMON_CONFIG_ENV_VAR, ".");
+            ConfigFileName_ =
+                ConfigFileName_.empty() ? Location + "/" + DAEMON_PROPERTIES_FILENAME : ConfigFileName_;
+            Poco::Path ConfigFile(ConfigFileName_);
 
-		if (!ConfigFile.isFile()) {
-			std::cerr << DAEMON_APP_NAME << ": Configuration " << ConfigFile.toString()
-					  << " does not seem to exist. Please set " + DAEMON_CONFIG_ENV_VAR +
-							 " env variable the path of the " + DAEMON_PROPERTIES_FILENAME +
-							 " file."
-					  << std::endl;
-			std::exit(Poco::Util::Application::EXIT_CONFIG);
-		}
-
-		// 	    loadConfiguration(ConfigFile.toString());
-		PropConfigurationFile_ = new Poco::Util::PropertyFileConfiguration(ConfigFile.toString());
+            if (!ConfigFile.isFile()) {
+                std::cerr << DAEMON_APP_NAME << ": Configuration " << ConfigFile.toString()
+                          << " does not seem to exist. Please set " + DAEMON_CONFIG_ENV_VAR +
+                                 " env variable the path of the " + DAEMON_PROPERTIES_FILENAME +
+                                 " file."
+                          << std::endl;
+                std::exit(Poco::Util::Application::EXIT_CONFIG);
+            }
+            PropConfigurationFile_ = new Poco::Util::PropertyFileConfiguration(ConfigFile.toString());
+        } else {
+            std::istringstream is(ConfigContent_);
+            PropConfigurationFile_ = new Poco::Util::PropertyFileConfiguration(is);
+        }
 		configPtr()->addWriteable(PropConfigurationFile_, PRIO_DEFAULT);
 	}
 
@@ -388,49 +432,69 @@ namespace OpenWifi {
 
 	void DaemonPostInitialization(Poco::Util::Application &self);
 
-	void MicroService::initialize(Poco::Util::Application &self) {
-		// add the default services
-		LoadConfigurationFile();
-		InitializeLoggingSystem();
+    void MicroService::StartEverything(Poco::Util::Application &self) {
+        LoadConfigurationFile();
+        InitializeLoggingSystem();
 
-		SubSystems_.push_back(KafkaManager());
-		SubSystems_.push_back(ALBHealthCheckServer());
-		SubSystems_.push_back(RESTAPI_ExtServer());
-		SubSystems_.push_back(RESTAPI_IntServer());
+        static bool InitializedBaseService=false;
+        if(!InitializedBaseService) {
+            InitializedBaseService = true;
+            SubSystems_.push_back(KafkaManager());
+            SubSystems_.push_back(ALBHealthCheckServer());
+            SubSystems_.push_back(RESTAPI_ExtServer());
+            SubSystems_.push_back(RESTAPI_IntServer());
 #ifndef TIP_SECURITY_SERVICE
-		SubSystems_.push_back(AuthClient());
+            SubSystems_.push_back(AuthClient());
 #endif
-		Poco::Net::initializeSSL();
-		Poco::Net::HTTPStreamFactory::registerFactory();
-		Poco::Net::HTTPSStreamFactory::registerFactory();
-		Poco::Net::FTPStreamFactory::registerFactory();
-		Poco::Net::FTPSStreamFactory::registerFactory();
 
-		Poco::File DataDir(ConfigPath("openwifi.system.data"));
-		DataDir_ = DataDir.path();
-		if (!DataDir.exists()) {
-			try {
-				DataDir.createDirectory();
-			} catch (const Poco::Exception &E) {
-				logger().log(E);
-			}
-		}
-		WWWAssetsDir_ = ConfigPath("openwifi.restapi.wwwassets", "");
-		if (WWWAssetsDir_.empty())
-			WWWAssetsDir_ = DataDir_;
+            Poco::Net::initializeSSL();
+            Poco::Net::HTTPStreamFactory::registerFactory();
+            Poco::Net::HTTPSStreamFactory::registerFactory();
+            Poco::Net::FTPStreamFactory::registerFactory();
+            Poco::Net::FTPSStreamFactory::registerFactory();
+        }
 
-		LoadMyConfig();
+        Poco::File DataDir(ConfigPath("openwifi.system.data"));
+        DataDir_ = DataDir.path();
+        if (!DataDir.exists()) {
+            try {
+                DataDir.createDirectory();
+            } catch (const Poco::Exception &E) {
+                Logger_.log(E);
+            }
+        }
+        WWWAssetsDir_ = ConfigPath("openwifi.restapi.wwwassets", "");
+        if (WWWAssetsDir_.empty())
+            WWWAssetsDir_ = DataDir_;
 
-		AllowExternalMicroServices_ = ConfigGetBool("allowexternalmicroservices", true);
+        LoadMyConfig();
 
-		InitializeSubSystemServers();
-		ServerApplication::initialize(self);
-		DaemonPostInitialization(self);
+        AllowExternalMicroServices_ = ConfigGetBool("allowexternalmicroservices", true);
 
-		Types::TopicNotifyFunction F = [this](const std::string &Key, const std::string &Payload) {
-			this->BusMessageReceived(Key, Payload);
-		};
-		KafkaManager()->RegisterTopicWatcher(KafkaTopics::SERVICE_EVENTS, F);
+        InitializeSubSystemServers();
+        ServerApplication::initialize(self);
+        DaemonPostInitialization(self);
+
+        Types::TopicNotifyFunction F = [this](const std::string &Key, const std::string &Payload) {
+            this->BusMessageReceived(Key, Payload);
+        };
+        KafkaManager()->RegisterTopicWatcher(KafkaTopics::SERVICE_EVENTS, F);
+    }
+
+    void MicroService::StopEverything([[maybe_unused]] Poco::Util::Application &self) {
+        LoadConfigurationFile();
+        InitializeLoggingSystem();
+
+        Types::TopicNotifyFunction F = [this](const std::string &Key, const std::string &Payload) {
+            this->BusMessageReceived(Key, Payload);
+        };
+        KafkaManager()->RegisterTopicWatcher(KafkaTopics::SERVICE_EVENTS, F);
+    }
+
+    void MicroService::initialize([[maybe_unused]] Poco::Util::Application &self) {
+#ifndef USE_MEDUSA_CLIENT
+        StartEverything(self);
+#endif
 	}
 
 	void MicroService::uninitialize() {
@@ -530,14 +594,12 @@ namespace OpenWifi {
 		for (auto i : SubSystems_) {
 			i->Start();
 		}
-		EventBusManager_ = std::make_unique<EventBusManager>(Poco::Logger::create(
-			"EventBusManager", Poco::Logger::root().getChannel(), Poco::Logger::root().getLevel()));
-		EventBusManager_->Start();
+		EventBusManager()->Start();
 	}
 
 	void MicroService::StopSubSystemServers() {
 		AddActivity("Stopping");
-		EventBusManager_->Stop();
+		EventBusManager()->Stop();
 		for (auto i = SubSystems_.rbegin(); i != SubSystems_.rend(); ++i) {
 			(*i)->Stop();
 		}
@@ -697,7 +759,7 @@ namespace OpenWifi {
 			auto APIKEY = Request.get("X-API-KEY");
 			return APIKEY == MyHash_;
 		} catch (const Poco::Exception &E) {
-			logger().log(E);
+			Logger_.log(E);
 		}
 		return false;
 	}
@@ -718,6 +780,8 @@ namespace OpenWifi {
 		MicroServiceErrorHandler ErrorHandler(*this);
 		Poco::ErrorHandler::set(&ErrorHandler);
 
+        Args_ = args;
+
 		if (!HelpRequested_) {
 			SavePID();
 
@@ -733,11 +797,18 @@ namespace OpenWifi {
 				poco_information(logger, "Starting as a daemon.");
 			}
 
+#ifdef USE_MEDUSA_CLIENT
+            MedusaClient::instance()->SetSubSystems(SubSystems_);
+            MedusaClient::instance()->Start();
+			waitForTerminationRequest();
+            MedusaClient::instance()->Stop();
+#else
 			poco_information(logger, fmt::format("System ID set to {}", ID_));
 			StartSubSystemServers();
 			waitForTerminationRequest();
 			StopSubSystemServers();
 			logger.notice(fmt::format("Stopped {}...", DAEMON_APP_NAME));
+#endif
 		}
 
 		return Application::EXIT_OK;

src/framework/MicroService.h

@@ -55,9 +55,6 @@ namespace OpenWifi {
 #include "nlohmann/json.hpp"
 #include "ow_version.h"
 
-#define _OWDEBUG_ std::cout << __FILE__ << ":" << __LINE__ << std::endl;
-// #define _OWDEBUG_ Logger().debug(Poco::format("%s: %lu",__FILE__,__LINE__));
-
 namespace OpenWifi {
 
 	class MicroService : public Poco::Util::ServerApplication {
@@ -70,7 +67,6 @@ namespace OpenWifi {
 			  SubSystems_(std::move(Subsystems)), Logger_(Poco::Logger::get("FRAMEWORK")) {
 			instance_ = this;
 			RandomEngine_.seed(std::chrono::steady_clock::now().time_since_epoch().count());
-			// Logger_ = Poco::Logger::root().get("BASE-SVC");
 		}
 
 		inline static const char *ExtraConfigurationFilename = "/configuration_override.json";
@@ -92,7 +88,7 @@ namespace OpenWifi {
 		inline uint64_t DaemonBusTimer() const { return DAEMON_BUS_TIMER; };
 		[[nodiscard]] const std::string &AppName() { return DAEMON_APP_NAME; }
 		static inline uint64_t GetPID() { return Poco::Process::id(); };
-		[[nodiscard]] inline const std::string GetPublicAPIEndPoint() {
+		[[nodiscard]] inline std::string GetPublicAPIEndPoint() const {
 			return MyPublicEndPoint_ + "/api/v1";
 		};
 		[[nodiscard]] inline const std::string &GetUIURI() const { return UIURI_; };
@@ -107,7 +103,8 @@ namespace OpenWifi {
 		}
 		static MicroService &instance() { return *instance_; }
 
-		inline void Exit(int Reason);
+		inline void Exit(int Reason) { std::exit(Reason); }
+
 		void BusMessageReceived(const std::string &Key, const std::string &Payload);
 		Types::MicroServiceMetaVec GetServices(const std::string &Type);
 		Types::MicroServiceMetaVec GetServices();
@@ -115,7 +112,9 @@ namespace OpenWifi {
 		void Reload();
 		void LoadMyConfig();
 		void initialize(Poco::Util::Application &self) override;
-		void uninitialize() override;
+        void StartEverything(Poco::Util::Application &self);
+        void StopEverything(Poco::Util::Application &self);
+        void uninitialize() override;
 		void reinitialize(Poco::Util::Application &self) override;
 		void defineOptions(Poco::Util::OptionSet &options) override;
 		void handleHelp(const std::string &name, const std::string &value);
@@ -132,7 +131,7 @@ namespace OpenWifi {
 		void Reload(const std::string &Sub);
 		Types::StringVec GetSubSystems() const;
 		Types::StringPairVec GetLogLevels();
-		const Types::StringVec &GetLogLevelNames();
+		static const Types::StringVec &GetLogLevelNames();
 		uint64_t ConfigGetInt(const std::string &Key, uint64_t Default);
 		uint64_t ConfigGetInt(const std::string &Key);
 		uint64_t ConfigGetBool(const std::string &Key, bool Default);
@@ -166,12 +165,25 @@ namespace OpenWifi {
 								const std::string &FormatterPattern,
 								const std::string &root_env_var);
 		inline bool AllowExternalMicroServices() const { return AllowExternalMicroServices_; }
+        const ArgVec &Args() const { return Args_; }
+
+        inline void SetConfigContent(const std::string &Content) { ConfigContent_ = Content; }
+
+        inline std::optional<OpenWifi::Types::MicroServiceMeta> GetPrivateEndPointServiceKey( const std::string & ServicePrivateEndPoint ) {
+            std::lock_guard   G(InfraMutex_);
+            auto K = Services_.find(ServicePrivateEndPoint);
+            if(K==end(Services_)) {
+                return std::nullopt;
+            }
+            return K->second;
+        }
 
 	  private:
 		static MicroService *instance_;
 		bool HelpRequested_ = false;
 		std::string LogDir_;
 		std::string ConfigFileName_;
+        std::string ConfigContent_;
 		uint64_t ID_ = 1;
 		Poco::SharedPtr<Poco::Crypto::RSAKey> AppKey_;
 		bool DebugMode_ = false;
@@ -201,7 +213,7 @@ namespace OpenWifi {
 		Poco::JWT::Signer Signer_;
 		Poco::Logger &Logger_;
 		Poco::ThreadPool TimerPool_{"timer:pool", 2, 32};
-		std::unique_ptr<EventBusManager> EventBusManager_;
+        ArgVec Args_;
 	};
 
 	inline MicroService *MicroService::instance_ = nullptr;

src/framework/MicroServiceFuncs.cpp

@@ -129,4 +129,12 @@ namespace OpenWifi {
 		return ALBHealthCheckServer()->RegisterExtendedHealthMessage(Callback);
 	}
 
+	std::string MicroServiceAccessKey() {
+		return MicroService::instance().Hash();
+	}
+
+    std::optional<OpenWifi::Types::MicroServiceMeta> MicroServicePrivateAccessKey(const std::string &servicePrivateEndPoint) {
+        return MicroService::instance().GetPrivateEndPointServiceKey(servicePrivateEndPoint);
+    }
+
 } // namespace OpenWifi

src/framework/MicroServiceFuncs.h

@@ -22,7 +22,10 @@ namespace OpenWifi {
 	std::string MicroServicePublicEndPoint();
 	std::string MicroServiceConfigGetString(const std::string &Key,
 											const std::string &DefaultValue);
-	bool MicroServiceConfigGetBool(const std::string &Key, bool DefaultValue);
+	std::string MicroServiceAccessKey();
+    std::optional<OpenWifi::Types::MicroServiceMeta> MicroServicePrivateAccessKey(const std::string &servicePrivateEndPoint);
+
+    bool MicroServiceConfigGetBool(const std::string &Key, bool DefaultValue);
 	std::uint64_t MicroServiceConfigGetInt(const std::string &Key, std::uint64_t DefaultValue);
 	std::string MicroServicePrivateEndPoint();
 	std::uint64_t MicroServiceID();

src/framework/RESTAPI_Handler.h

@@ -574,7 +574,37 @@ namespace OpenWifi {
 			Poco::JSON::Stringifier::stringify(Object, Answer);
 		}
 
-		inline void ReturnRawJSON(const std::string &json_doc) {
+        inline void ReturnObject(const std::vector<std::string> &Strings) {
+            Poco::JSON::Array   Arr;
+            for(const auto &String:Strings) {
+                Arr.add(String);
+            }
+            std::ostringstream os;
+            Arr.stringify(os);
+            return ReturnRawJSON(os.str());
+        }
+
+        template<class T> void ReturnObject(const std::vector<T> &Objects) {
+            Poco::JSON::Array   Arr;
+            for(const auto &Object:Objects) {
+                Poco::JSON::Object O;
+                Object.to_json(O);
+                Arr.add(O);
+            }
+            std::ostringstream os;
+            Arr.stringify(os);
+            return ReturnRawJSON(os.str());
+        }
+
+        template<class T> void ReturnObject(const T &Object) {
+            Poco::JSON::Object  O;
+            Object.to_json(O);
+            std::ostringstream os;
+            O.stringify(os);
+            return ReturnRawJSON(os.str());
+        }
+
+        inline void ReturnRawJSON(const std::string &json_doc) {
 			PrepareResponse();
 			if (Request != nullptr) {
 				//   can we compress ???

src/framework/StorageClass.h

@@ -47,6 +47,8 @@ namespace OpenWifi {
 
         }
 
+		Poco::Data::SessionPool &Pool() { return *Pool_; }
+
 	  private:
 		inline int Setup_SQLite();
 		inline int Setup_MySQL();

src/framework/SubSystemServer.cpp

@@ -37,6 +37,7 @@ namespace OpenWifi {
 		P.cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
 		P.dhUse2048Bits = true;
 		P.caLocation = cas_;
+        // P.securityLevel =
 
 		auto Context = Poco::AutoPtr<Poco::Net::Context>(
 			new Poco::Net::Context(Poco::Net::Context::TLS_SERVER_USE, P));
@@ -53,7 +54,6 @@ namespace OpenWifi {
 
 			Context->useCertificate(Cert);
 			Context->addChainCertificate(Root);
-
 			Context->addCertificateAuthority(Root);
 
 			if (level_ == Poco::Net::Context::VERIFY_STRICT) {
@@ -76,18 +76,18 @@ namespace OpenWifi {
 				L.fatal(fmt::format("Wrong Certificate({}) for Key({})", cert_file_, key_file_));
 			}
 
-			SSL_CTX_set_verify(SSLCtx, SSL_VERIFY_PEER, nullptr);
+            SSL_CTX_set_verify(SSLCtx, level_==Poco::Net::Context::VERIFY_NONE ? SSL_VERIFY_NONE : SSL_VERIFY_PEER, nullptr);
 
 			if (level_ == Poco::Net::Context::VERIFY_STRICT) {
 				SSL_CTX_set_client_CA_list(SSLCtx, SSL_load_client_CA_file(client_cas_.c_str()));
+                SSL_CTX_enable_ct(SSLCtx, SSL_CT_VALIDATION_STRICT);
 			}
-			SSL_CTX_enable_ct(SSLCtx, SSL_CT_VALIDATION_STRICT);
 			SSL_CTX_dane_enable(SSLCtx);
 
 			Context->enableSessionCache();
 			Context->setSessionCacheSize(0);
 			Context->setSessionTimeout(60);
-			Context->enableExtendedCertificateVerification(true);
+			Context->enableExtendedCertificateVerification( level_!= Poco::Net::Context::VERIFY_NONE );
 			Context->disableStatelessSessionResumption();
 		}
 

src/framework/UI_WebSocketClientServer.cpp

@@ -58,11 +58,9 @@ namespace OpenWifi {
 	void UI_WebSocketClientServer::run() {
 		Running_ = true;
 		while (Running_) {
-			Poco::Thread::trySleep(2000);
-
-			if (!Running_)
-				break;
-
+			if(!Poco::Thread::trySleep(2000)) {
+                break;
+            }
 			std::lock_guard G(LocalMutex_);
 			for (const auto i : ToBeRemoved_) {
 				// std::cout << "Erasing old WS UI connection..." << std::endl;

src/framework/orm.h

@@ -576,8 +576,8 @@ namespace ORM {
 		bool UpdateRecord(field_name_t FieldName, const T &Value, const RecordType &R) {
 			try {
 				assert(ValidFieldName(FieldName));
-
 				Poco::Data::Session Session = Pool_.get();
+                Session.begin();
 				Poco::Data::Statement Update(Session);
 
 				RecordTuple RT;
@@ -593,6 +593,7 @@ namespace ORM {
 				Update.execute();
 				if (Cache_)
 					Cache_->UpdateCache(R);
+                Session.commit();
 				return true;
 			} catch (const Poco::Exception &E) {
 				Logger_.log(E);
@@ -662,6 +663,7 @@ namespace ORM {
 				assert(ValidFieldName(FieldName));
 
 				Poco::Data::Session Session = Pool_.get();
+                Session.begin();
 				Poco::Data::Statement Delete(Session);
 
 				std::string St = "delete from " + TableName_ + " where " + FieldName + "=?";
@@ -671,6 +673,7 @@ namespace ORM {
 				Delete.execute();
 				if (Cache_)
 					Cache_->Delete(FieldName, Value);
+                Session.commit();
 				return true;
 			} catch (const Poco::Exception &E) {
 				Logger_.log(E);
@@ -682,11 +685,13 @@ namespace ORM {
 			try {
 				assert(!WhereClause.empty());
 				Poco::Data::Session Session = Pool_.get();
+                Session.begin();
 				Poco::Data::Statement Delete(Session);
 
 				std::string St = "delete from " + TableName_ + " where " + WhereClause;
 				Delete << St;
 				Delete.execute();
+                Session.commit();
 				return true;
 			} catch (const Poco::Exception &E) {
 				Logger_.log(E);

src/framework/ow_constants.h

@@ -40,6 +40,7 @@ namespace OpenWifi {
 	};
 }
 
+#define DBGLINE     std::cout << __LINE__ << ":" << __FILE__ << ", " << __func__ << std::endl;
 namespace OpenWifi::RESTAPI::Errors {
 	struct msg {
 		uint64_t err_num;
@@ -405,7 +406,32 @@ namespace OpenWifi::RESTAPI::Errors {
             1172, "The venue name already exists."
     };
 
-    static const struct msg DefFirmwareNameExists { 1172, "Firmware name already exists." };
+    static const struct msg InvalidGlobalReachAccount {
+            1173, "Invalid Global Reach account information."
+    };
+    static const struct msg CannotCreateCSR {
+            1174, "Cannot create a CSR certificate."
+    };
+
+    static const struct msg DefFirmwareNameExists { 1175, "Firmware name already exists." };
+    static const struct msg NotAValidECKey { 1176, "Not a valid Signing Key." };
+	static const struct msg NotAValidRadiusPoolType { 1177, "Not a valid RADIUS pool type." };
+    static const struct msg InvalidRadiusTypeEndpoint { 1178, "Invalid RADIUS Server Endpoint type." };
+    static const struct msg InvalidRadiusEndpointPoolStrategy { 1179, "Invalid RADIUS Server Endpoint Pool strategy." };
+    static const struct msg EndpointMustHaveOneTypeOfServers { 1180, "All servers must be either RADIUS or RADSEC." };
+    static const struct msg RadiusEndpointIndexInvalid { 1181, "Index must be an address between 0.0.1.1 and 0.0.2.254" };
+    static const struct msg RadiusEndpointIndexMustBeUnique { 1182, "Index must be unique." };
+    static const struct msg OrionAccountMustExist { 1183, "Orion account must exist." };
+    static const struct msg GlobalReachCertMustExist { 1184, "Global Reach certificate must exist." };
+    static const struct msg InvalidRadsecMainCertificate { 1185, "Invalid Radsec main certificate." };
+    static const struct msg InvalidRadsecCaCertificate { 1186, "Invalid Radsec CA certificates." };
+    static const struct msg InvalidRadsecPrivteKey { 1187, "Invalid Radsec Private key." };
+    static const struct msg InvalidRadsecIPAddress { 1188, "Invalid Radsec IP Address." };
+    static const struct msg InvalidRadsecPort { 1189, "Invalid Radsec Port." };
+    static const struct msg InvalidRadsecSecret { 1190, "Invalid Radsec Secret." };
+    static const struct msg InvalidRadiusServer { 1191, "Invalid Radius Server." };
+
+	static const struct msg InvalidRRMAction { 1192, "Invalid RRM Action." };
 
     static const struct msg SimulationDoesNotExist {
         7000, "Simulation Instance ID does not exist."
@@ -537,6 +563,11 @@ namespace OpenWifi::RESTAPI::Protocol {
 	static const char *CONTENTDISPOSITION = "Content-Disposition";
 	static const char *CONTENTTYPE = "Content-Type";
 
+	static const char *TRANSFER = "transfer";
+	static const char *CERTUPDATE = "certupdate";
+	static const char *POWERCYCLE = "powercycle";
+	static const char *RRM = "rrm";
+
 	static const char *REQUIREMENTS = "requirements";
 	static const char *PASSWORDPATTERN = "passwordPattern";
 	static const char *ACCESSPOLICY = "accessPolicy";
@@ -654,6 +685,13 @@ namespace OpenWifi::uCentralProtocol {
 	static const char *RADIUSCOA = "coa";
 	static const char *RADIUSDST = "dst";
 	static const char *IES = "ies";
+
+	static const char *TRANSFER = "transfer";
+	static const char *CERTUPDATE = "certupdate";
+	static const char *POWERCYCLE = "powercycle";
+	static const char *RRM = "rrm";
+	static const char *ACTIONS = "actions";
+
 } // namespace OpenWifi::uCentralProtocol
 
 namespace OpenWifi::uCentralProtocol::Events {
@@ -746,6 +784,10 @@ namespace OpenWifi::APCommands {
 		telemetry,
 		ping,
 		script,
+		rrm,
+		certupdate,
+		transfer,
+		powercycle,
 		unknown
 	};
 
@@ -758,7 +800,10 @@ namespace OpenWifi::APCommands {
 		RESTAPI::Protocol::LEDS,		 RESTAPI::Protocol::TRACE,
 		RESTAPI::Protocol::REQUEST,		 RESTAPI::Protocol::WIFISCAN,
 		RESTAPI::Protocol::EVENTQUEUE,	 RESTAPI::Protocol::TELEMETRY,
-		RESTAPI::Protocol::PING,		 RESTAPI::Protocol::SCRIPT};
+		RESTAPI::Protocol::PING,		 RESTAPI::Protocol::SCRIPT,
+		RESTAPI::Protocol::RRM,		 	 RESTAPI::Protocol::CERTUPDATE,
+		RESTAPI::Protocol::TRANSFER,	 RESTAPI::Protocol::POWERCYCLE
+	};
 
 	inline const char *to_string(Commands Cmd) { return uCentralAPCommands[(uint8_t)Cmd]; }
 

src/framework/utils.cpp

@@ -3,10 +3,19 @@
 //
 
 #include "Poco/Path.h"
-
+#include "Poco/TemporaryFile.h"
+#include "Poco/Crypto/ECKey.h"
 #include "framework/AppServiceRegistry.h"
 #include "framework/utils.h"
 
+#include <iostream>
+#include <cstdlib>
+#include <ctime>
+#include <string>
+#include <algorithm>
+
+#include <resolv.h>
+
 namespace OpenWifi::Utils {
 
 	bool NormalizeMac(std::string &Mac) {
@@ -608,4 +617,329 @@ namespace OpenWifi::Utils {
 		return DT.timestamp().epochTime();
 	}
 
+    static std::string FileToString(const std::string &Filename) {
+        std::ifstream   ifs(Filename.c_str(),std::ios_base::in|std::ios_base::binary);
+        std::ostringstream os;
+        Poco::StreamCopier::copyStream(ifs,os);
+        return os.str();
+    }
+
+    bool CreateX509CSR(const CSRCreationParameters & Parameters, CSRCreationResults & Results) {
+        int             ret = 0;
+        RSA             *r = nullptr;
+        BIGNUM          *bne = nullptr;
+
+        int             nVersion = 0;
+        unsigned long   e = RSA_F4;
+
+        X509_REQ        *x509_req = nullptr;
+        X509_NAME       *x509_name = nullptr;
+        EVP_PKEY        *pKey = nullptr;
+//        RSA             *tem = nullptr;
+//        BIO             *bio_err = nullptr;
+
+        const char      *szCountry = Parameters.Country.c_str();
+        const char      *szProvince = Parameters.Province.c_str();
+        const char      *szCity = Parameters.City.c_str();
+        const char      *szOrganization = Parameters.Organization.c_str();
+        const char      *szCommon = Parameters.CommonName.c_str();
+
+        Poco::TemporaryFile     CsrPath, PubKey, PrivateKey;
+        std::string             Result;
+        std::ifstream           ifs;
+        std::ostringstream      ss;
+        BIO                     *bp_public = nullptr,
+                *bp_private = nullptr,
+                *bp_csr = nullptr;
+
+        // 1. generate rsa key
+        bne = BN_new();
+        ret = BN_set_word(bne,e);
+        if(ret != 1){
+            goto free_all;
+        }
+
+        r = RSA_new();
+        ret = RSA_generate_key_ex(r, Parameters.bits, bne, nullptr);
+        if(ret != 1){
+            goto free_all;
+        }
+
+        bp_public = BIO_new_file(PubKey.path().c_str(), "w+");
+        ret = PEM_write_bio_RSAPublicKey(bp_public, r);
+        if(ret != 1) {
+            goto free_all;
+        }
+
+        bp_private = BIO_new_file(PrivateKey.path().c_str(), "w+");
+        ret = PEM_write_bio_RSAPrivateKey(bp_private, r, NULL, NULL, 0, NULL, NULL);
+        if(ret != 1) {
+            goto free_all;
+        }
+
+// 2. set version of x509 req
+        x509_req = X509_REQ_new();
+        ret = X509_REQ_set_version(x509_req, nVersion);
+        if (ret != 1){
+            goto free_all;
+        }
+
+// 3. set subject of x509 req
+        x509_name = X509_REQ_get_subject_name(x509_req);
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"C", MBSTRING_ASC, (const unsigned char*)szCountry, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"ST", MBSTRING_ASC, (const unsigned char*)szProvince, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"L", MBSTRING_ASC, (const unsigned char*)szCity, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"O", MBSTRING_ASC, (const unsigned char*)szOrganization, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+        ret = X509_NAME_add_entry_by_txt(x509_name,"CN", MBSTRING_ASC, (const unsigned char*)szCommon, -1, -1, 0);
+        if (ret != 1){
+            goto free_all;
+        }
+
+// 4. set public key of x509 req
+        pKey = EVP_PKEY_new();
+        EVP_PKEY_assign_RSA(pKey, r);
+        r = nullptr;   // will be free rsa when EVP_PKEY_free(pKey)
+
+        ret = X509_REQ_set_pubkey(x509_req, pKey);
+        if (ret != 1){
+            goto free_all;
+        }
+
+// 5. set sign key of x509 req
+        ret = X509_REQ_sign(x509_req, pKey, EVP_sha1());    // return x509_req->signature->length
+        if (ret <= 0){
+            goto free_all;
+        }
+
+        bp_csr = BIO_new_file(CsrPath.path().c_str(),"w");
+        ret = PEM_write_bio_X509_REQ(bp_csr, x509_req);
+
+// 6. free
+        free_all:
+        X509_REQ_free(x509_req);
+        BIO_free_all(bp_csr);
+        BIO_free_all(bp_public);
+        BIO_free_all(bp_private);
+
+        EVP_PKEY_free(pKey);
+        BN_free(bne);
+        if(ret==1) {
+            Results.CSR = FileToString(CsrPath.path());
+            Results.PrivateKey = FileToString(PrivateKey.path());
+            Results.PublicKey = FileToString(PubKey.path());
+        }
+
+        return ret;
+    }
+
+    bool VerifyECKey(const std::string &key) {
+        try {
+            Poco::TemporaryFile F;
+
+            std::ofstream of(F.path().c_str(), std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+            of << key;
+            of.close();
+
+            auto Key = Poco::SharedPtr<Poco::Crypto::ECKey>(
+                    new Poco::Crypto::ECKey("", F.path(),""));
+
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool VerifyRSAKey([[
+    maybe_unused]] const std::string &key) {
+        try {
+            Poco::TemporaryFile F;
+
+            std::ofstream of(F.path().c_str(), std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+            of << key;
+            of.close();
+
+            auto Key = Poco::SharedPtr<Poco::Crypto::RSAKey>(
+                    new Poco::Crypto::RSAKey("", F.path(),""));
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool VerifyPrivateKey(const std::string &key) {
+        return VerifyECKey(key) || VerifyRSAKey(key);
+    }
+
+    bool ValidX509Certificate([[
+                              maybe_unused]] const std::string &Cert) {
+        try {
+            Poco::TemporaryFile F;
+            std::ofstream of(F.path().c_str(), std::ios_base::trunc | std::ios_base::out | std::ios_base::binary);
+            of << Cert;
+            of.close();
+
+            auto Key = Poco::SharedPtr<Poco::Crypto::X509Certificate>(
+                    new Poco::Crypto::X509Certificate(F.path()));
+            return true;
+        } catch (const Poco::Exception &E) {
+
+        }
+        return false;
+    }
+
+    bool ValidX509Certificate([[
+                              maybe_unused]] const std::vector<std::string> &Certs) {
+        auto F = [](const std::string &C) -> bool { return ValidX509Certificate(C); };
+        return std::all_of(Certs.begin(),Certs.end(), F);
+    }
+
+    std::string generateStrongPassword(int minLength, int maxLength, int numDigits, int minLowercase, int minSpecial, int minUppercase) {
+        // Define character sets for each category
+        const std::string lowercaseChars = "abcdefghijklmnopqrstuvwxyz";
+        const std::string uppercaseChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+        const std::string digitChars = "0123456789";
+        const std::string specialChars = "!@#$%^&*()_+[]{}|;:,.<>?";
+
+        // Check if parameters are valid
+        if (minLength < 1 || minLength > maxLength || minLowercase + minUppercase + numDigits + minSpecial > maxLength) {
+            return "Invalid parameters";
+        }
+
+        // Initialize random seed
+        std::random_device rd;
+        std::mt19937 g(rd());
+
+        // Initialize the password string
+        std::string password;
+
+        // Generate the required number of each character type
+        for (int i = 0; i < minLowercase; ++i) {
+            password += lowercaseChars[g() % lowercaseChars.length()];
+        }
+        for (int i = 0; i < minUppercase; ++i) {
+            password += uppercaseChars[g() % uppercaseChars.length()];
+        }
+        for (int i = 0; i < numDigits; ++i) {
+            password += digitChars[g() % digitChars.length()];
+        }
+        for (int i = 0; i < minSpecial; ++i) {
+            password += specialChars[g() % specialChars.length()];
+        }
+
+        // Calculate how many more characters are needed
+        int remainingLength = maxLength - (int)password.length();
+
+        // Generate random characters to fill the remaining length
+        for (int i = 0; i < remainingLength; ++i) {
+            int category = g() % 4; // Randomly select a category
+            if (category == 0) {
+                password += lowercaseChars[g() % lowercaseChars.length()];
+            } else if (category == 1) {
+                password += uppercaseChars[g() % uppercaseChars.length()];
+            } else if (category == 2) {
+                password += digitChars[g() % digitChars.length()];
+            } else {
+                password += specialChars[g() % specialChars.length()];
+            }
+        }
+
+        // Shuffle the password to randomize the character order
+        std::shuffle(password.begin(), password.end(),g);
+
+        return password;
+    }
+
+// Function to query NAPTR records for a domain and return them in a vector
+    std::vector<NAPTRRecord> getNAPTRRecords(const std::string& domain) {
+        std::vector<NAPTRRecord> naptrRecords;
+
+        unsigned char buf[4096];
+        ns_msg handle;
+        ns_initparse(buf, NS_PACKETSZ, &handle);
+
+        // Query NAPTR records for the given domain
+        int response = res_query(domain.c_str(), ns_c_in, ns_t_naptr, buf, sizeof(buf));
+        if (response < 0) {
+            return naptrRecords;
+        }
+
+        if(ns_initparse(buf, response, &handle) < 0) {
+            return naptrRecords;
+        }
+
+        // Iterate through the DNS response and extract NAPTR records
+        int count = ns_msg_count(handle, ns_s_an);
+        for (int i = 0; i < count; ++i) {
+            ns_rr rr;
+            if (ns_parserr(&handle, ns_s_an, i, &rr) == 0) {
+                char rdata[256];
+                ns_sprintrr(&handle, &rr, nullptr, nullptr, rdata, sizeof(rdata));
+                NAPTRRecord record;
+                std::istringstream os(rdata);
+                os  >> record.name >> record.ttl >> record.rclass >> record.rtype >> record.order >> record.preference >> record.flags
+                    >> record.service >> record.regexp >>  record.replacement;
+                naptrRecords.push_back(record);
+            }
+        }
+
+        return naptrRecords;
+    }
+
+    std::vector<SrvRecord> getSRVRecords(const std::string& domain) {
+        std::vector<SrvRecord> srvRecords;
+
+        // Buffer to hold the DNS response
+        unsigned char buf[4096];
+        ns_msg handle;
+        ns_initparse(buf, NS_PACKETSZ, &handle);
+
+        // Query NAPTR records for the given domain
+        int response = res_query(domain.c_str(), ns_c_in, ns_t_srv, buf, sizeof(buf));
+        if (response < 0) {
+            std::cerr << "DNS query failed for " << domain << ": " << hstrerror(h_errno) << std::endl;
+            return srvRecords;
+        }
+
+        if(ns_initparse(buf, response, &handle) < 0) {
+            return srvRecords;
+        }
+
+        // Iterate through the DNS response and extract NAPTR records
+        int count = ns_msg_count(handle, ns_s_an);
+        for (int i = 0; i < count; ++i) {
+            ns_rr rr;
+            if (ns_parserr(&handle, ns_s_an, i, &rr) == 0) {
+                char rdata[256];
+                ns_sprintrr(&handle, &rr, nullptr, nullptr, rdata, sizeof(rdata));
+                SrvRecord record;
+                std::istringstream os(rdata);
+                os  >>  record.name >> record.ttl >> record.rclass >> record.rtype >> record.pref >> record.weight >>
+                    record.port >> record.srvname ;
+                srvRecords.push_back(record);
+            }
+        }
+
+        return srvRecords;
+    }
+
+
 } // namespace OpenWifi::Utils

src/framework/utils.h

@@ -247,4 +247,159 @@ namespace OpenWifi::Utils {
 		return count;
 	}
 
+    inline std::uint32_t IPtoInt(const std::string &A) {
+        Poco::Net::IPAddress    IP;
+        std::uint32_t Result=0;
+
+        if(Poco::Net::IPAddress::tryParse(A,IP)) {
+            for(const auto i:IP.toBytes()) {
+                Result <<= 8;
+                Result += i;
+            }
+        }
+        return Result;
+    }
+
+    inline bool ValidIP(const std::string &IPstr) {
+        Poco::Net::IPAddress    IP;
+        return Poco::Net::IPAddress::tryParse(IPstr,IP);
+    }
+
+    struct CSRCreationParameters {
+        std::string Country, Province, City,
+                    Organization, CommonName;
+        int         bits=2048;
+    };
+
+    struct CSRCreationResults {
+        std::string     CSR, PublicKey, PrivateKey;
+    };
+
+    bool CreateX509CSR(const CSRCreationParameters & Parameters, CSRCreationResults & Results);
+    std::string generateStrongPassword(int minLength, int maxLength, int numDigits, int minLowercase, int minSpecial, int minUppercase);
+    bool VerifyECKey(const std::string &key);
+    bool VerifyRSAKey(const std::string &key);
+    bool VerifyPrivateKey(const std::string &key);
+    bool ValidX509Certificate(const std::string &Cert);
+    bool ValidX509Certificate(const std::vector<std::string> &Certs);
+
+    struct NAPTRRecord {
+        std::string     name;
+        std::string     ttl;
+        std::string     rclass;
+        std::string     rtype;
+        uint32_t        order=0;
+        uint32_t        preference=0;
+        std::string     flags;
+        std::string     service;
+        std::string     regexp;
+        std::string     replacement;
+    };
+
+// Function to query NAPTR records for a domain and return them in a vector
+    std::vector<NAPTRRecord> getNAPTRRecords(const std::string& domain);
+    struct SrvRecord {
+        std::string     name;
+        std::string     ttl;
+        std::string     rclass;
+        std::string     rtype;
+        uint32_t        pref = 0;
+        uint32_t        weight = 0;
+        uint32_t        port = 0;
+        std::string     srvname;
+    };
+
+    std::vector<SrvRecord> getSRVRecords(const std::string& domain);
+
+    struct HostNameServerResult{
+        std::string     Hostname;
+        uint32_t        Port;
+    };
+
+	class CompressedString {
+	  public:
+		CompressedString() {
+			DecompressedSize_ = 0;
+		};
+
+		explicit CompressedString(const std::string &Data) : DecompressedSize_(Data.size()) {
+			CompressIt(Data);
+		}
+
+		CompressedString(const CompressedString &Data) {
+			this->DecompressedSize_ = Data.DecompressedSize_;
+			this->CompressedData_ = Data.CompressedData_;
+		}
+
+		CompressedString& operator=(const CompressedString& rhs) {
+			if (this != &rhs) {
+				this->DecompressedSize_ = rhs.DecompressedSize_;
+				this->CompressedData_ = rhs.CompressedData_;
+			}
+			return *this;
+		}
+
+		CompressedString& operator=(CompressedString&& rhs) {
+			if (this != &rhs) {
+				this->DecompressedSize_ = rhs.DecompressedSize_;
+				this->CompressedData_ = rhs.CompressedData_;
+			}
+			return *this;
+		}
+
+		~CompressedString() = default;
+
+		operator std::string() const {
+			return DecompressIt();
+		}
+
+		CompressedString &operator=(const std::string &Data) {
+			DecompressedSize_ = Data.size();
+			CompressIt(Data);
+			return *this;
+		}
+
+		auto CompressedSize() const { return CompressedData_.size(); }
+		auto DecompressedSize() const { return DecompressedSize_; }
+
+	  private:
+		std::string     CompressedData_;
+		std::size_t     DecompressedSize_;
+
+		inline void CompressIt(const std::string &Data) {
+			z_stream strm; // = {0};
+			CompressedData_.resize(Data.size());
+			strm.next_in = (Bytef *)Data.data();
+			strm.avail_in = Data.size();
+			strm.next_out = (Bytef *)CompressedData_.data();
+			strm.avail_out = Data.size();
+			strm.zalloc = Z_NULL;
+			strm.zfree = Z_NULL;
+			strm.opaque = Z_NULL;
+			deflateInit2(&strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED, 15 + 16, 8, Z_DEFAULT_STRATEGY);
+			deflate(&strm, Z_FINISH);
+			deflateEnd(&strm);
+			CompressedData_.resize(strm.total_out);
+		}
+
+		[[nodiscard]] std::string DecompressIt() const {
+			std::string Result;
+			if(DecompressedSize_!=0) {
+				Result.resize(DecompressedSize_);
+				z_stream strm ; //= {0};
+				strm.next_in = (Bytef *)CompressedData_.data();
+				strm.avail_in = CompressedData_.size();
+				strm.next_out = (Bytef *)Result.data();
+				strm.avail_out = Result.size();
+				strm.zalloc = Z_NULL;
+				strm.zfree = Z_NULL;
+				strm.opaque = Z_NULL;
+				inflateInit2(&strm, 15 + 32);
+				inflate(&strm, Z_FINISH);
+				inflateEnd(&strm);
+			}
+			return Result;
+		}
+	};
+
 } // namespace OpenWifi::Utils

src/sdks/SDK_fms.cpp

@@ -36,15 +36,18 @@ namespace OpenWifi::SDK::FMS {
 			static const std::string EndPoint{"/api/v1/firmwares"};
 
 			OpenWifi::OpenAPIRequestGet API(uSERVICE_FIRMWARE, EndPoint,
-											{{"deviceType", device_type}}, 50000);
+											{{"deviceType", device_type},
+                                             {"offset","0"},
+                                             {"limit","1000"}}, 50000);
 
 			auto CallResponse = Poco::makeShared<Poco::JSON::Object>();
 			auto StatusCode = API.Do(CallResponse);
 			if (StatusCode == Poco::Net::HTTPResponse::HTTP_OK) {
 				Poco::JSON::Array::Ptr FirmwareArr = CallResponse->getArray("firmwares");
-				for (uint64_t i = 0; i < FirmwareArr->size(); i++) {
+                for(const auto &firmware:*FirmwareArr) {
+                    auto Object = firmware.extract<Poco::JSON::Object::Ptr>();
 					FMSObjects::Firmware F;
-					F.from_json(FirmwareArr->getObject(i));
+					F.from_json(Object);
 					FirmWares.emplace_back(F);
 				}
 				return true;

src/sdks/SDK_gw.cpp

@@ -79,7 +79,7 @@ namespace OpenWifi::SDK::GW {
 		}
 
 		bool Upgrade(RESTAPIHandler *client, const std::string &SerialNumber, uint64_t When,
-					 const std::string &ImageName) {
+					 const std::string &ImageName, std::string &status) {
 			Poco::JSON::Object Body;
 
 			Body.set(RESTAPI::Protocol::SERIALNUMBER, SerialNumber);
@@ -92,6 +92,7 @@ namespace OpenWifi::SDK::GW {
 			auto ResponseStatus =
 				API.Do(CallResponse, client ? client->UserInfo_.webtoken.access_token_ : "");
 			if (ResponseStatus == Poco::Net::HTTPResponse::HTTP_OK) {
+                status = CallResponse->get("status").toString();
 				return true;
 			}
 			return false;
@@ -238,4 +239,44 @@ namespace OpenWifi::SDK::GW {
 			return false;
 		}
 	} // namespace Device
+
+    namespace RADIUS {
+
+        bool GetConfiguration(RESTAPIHandler *client, GWObjects::RadiusProxyPoolList &Pools) {
+            OpenWifi::OpenAPIRequestGet R(OpenWifi::uSERVICE_GATEWAY,
+                                           "/api/v1/radiusProxyConfig", {},
+                                           60000);
+            auto CallResponse = Poco::makeShared<Poco::JSON::Object>();
+            auto ResponseStatus =
+                    R.Do(CallResponse, client ? client->UserInfo_.webtoken.access_token_ : "");
+            if(ResponseStatus == Poco::Net::HTTPResponse::HTTP_OK) {
+                return Pools.from_json(CallResponse);
+            }
+            return false;
+        }
+
+        bool SetConfiguration(RESTAPIHandler *client, const Poco::JSON::Object &Configuration,
+                              GWObjects::RadiusProxyPoolList &NewPools, Poco::JSON::Object &ErrorObj) {
+            OpenWifi::OpenAPIRequestPut R(OpenWifi::uSERVICE_GATEWAY,
+                                          "/api/v1/radiusProxyConfig", {}, Configuration,
+                                          60000);
+            auto CallResponse = Poco::makeShared<Poco::JSON::Object>();
+            auto ResponseStatus =
+                    R.Do(CallResponse, client ? client->UserInfo_.webtoken.access_token_ : "");
+            ErrorObj = *CallResponse;
+            if(ResponseStatus == Poco::Net::HTTPResponse::HTTP_OK) {
+                return NewPools.from_json(CallResponse);
+            }
+            return false;
+        }
+
+        bool SetConfiguration(RESTAPIHandler *client, const GWObjects::RadiusProxyPoolList &Pools,
+                              GWObjects::RadiusProxyPoolList &NewPools, Poco::JSON::Object &ErrorObj) {
+            Poco::JSON::Object  Body;
+            Pools.to_json(Body);
+            return SetConfiguration(client,Body,NewPools, ErrorObj);
+        }
+
+    }
+
 } // namespace OpenWifi::SDK::GW

src/sdks/SDK_gw.h

@@ -23,7 +23,7 @@ namespace OpenWifi::SDK::GW {
 		bool Configure(RESTAPIHandler *client, const std::string &Mac,
 					   Poco::JSON::Object::Ptr &Configuration, Poco::JSON::Object::Ptr &Response);
 		bool Upgrade(RESTAPIHandler *client, const std::string &Mac, uint64_t When,
-					 const std::string &ImageName);
+					 const std::string &ImageName, std::string &status);
 
 		bool SetVenue(RESTAPIHandler *client, const std::string &SerialNumber,
 					  const std::string &uuid);
@@ -38,4 +38,11 @@ namespace OpenWifi::SDK::GW {
 						  const std::string &entity, const std::string &venue,
 						  const std::string &subscriber);
 	} // namespace Device
+    namespace RADIUS {
+        bool GetConfiguration(RESTAPIHandler *client, GWObjects::RadiusProxyPoolList &Pools);
+        bool SetConfiguration(RESTAPIHandler *client, const GWObjects::RadiusProxyPoolList &Pools,
+                              GWObjects::RadiusProxyPoolList &NewPools, Poco::JSON::Object &ErrorObj);
+        bool SetConfiguration(RESTAPIHandler *client, const Poco::JSON::Object &Configuration,
+                              GWObjects::RadiusProxyPoolList &NewPools, Poco::JSON::Object &ErrorObj);
+    }
 } // namespace OpenWifi::SDK::GW

src/storage/storage_glblraccounts.cpp

@@ -0,0 +1,97 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "storage_glblraccounts.h"
+#include <framework/orm.h>
+#include "framework/OpenWifiTypes.h"
+#include "framework/RESTAPI_utils.h"
+
+#include "RESTObjects/RESTAPI_SecurityObjects.h"
+
+namespace OpenWifi {
+
+    static ORM::FieldVec GLBLRAccountInfoDB_Fields{
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"description", ORM::FieldType::FT_TEXT},
+            ORM::Field{"notes", ORM::FieldType::FT_TEXT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"modified", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"privateKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"country", ORM::FieldType::FT_TEXT},
+            ORM::Field{"province", ORM::FieldType::FT_TEXT},
+            ORM::Field{"city", ORM::FieldType::FT_TEXT},
+            ORM::Field{"organization", ORM::FieldType::FT_TEXT},
+            ORM::Field{"commonName", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSR", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSRPrivateKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSRPublicKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"GlobalReachAcctId", ORM::FieldType::FT_TEXT}
+    };
+
+    static ORM::IndexVec GLBLRAccountInfoDB_Indexes{
+            {std::string("glblr_name_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    GLBLRAccountInfoDB::GLBLRAccountInfoDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "glblr_accts", GLBLRAccountInfoDB_Fields, GLBLRAccountInfoDB_Indexes, P, L, "glr") {}
+
+    bool GLBLRAccountInfoDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{};
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::GLBLRAccountsDBRecordType, OpenWifi::ProvObjects::GLBLRAccountInfo>::Convert(
+        const OpenWifi::GLBLRAccountsDBRecordType &In, OpenWifi::ProvObjects::GLBLRAccountInfo &Out) {
+    Out.info.id = In.get<0>();
+    Out.info.name = In.get<1>();
+    Out.info.description = In.get<2>();
+    Out.info.notes =
+            OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::SecurityObjects::NoteInfo>(In.get<3>());
+    Out.info.created = In.get<4>();
+    Out.info.modified = In.get<5>();
+    Out.privateKey =In.get<6>();
+    Out.country = In.get<7>();
+    Out.province = In.get<8>();
+    Out.city = In.get<9>();
+    Out.organization = In.get<10>();
+    Out.commonName = In.get<11>();
+    Out.CSR = In.get<12>();
+    Out.CSRPrivateKey = In.get<13>();
+    Out.CSRPublicKey = In.get<14>();
+    Out.GlobalReachAcctId = In.get<15>();
+}
+
+template <>
+void ORM::DB<OpenWifi::GLBLRAccountsDBRecordType, OpenWifi::ProvObjects::GLBLRAccountInfo>::Convert(
+        const OpenWifi::ProvObjects::GLBLRAccountInfo &In, OpenWifi::GLBLRAccountsDBRecordType &Out) {
+    Out.set<0>(In.info.id);
+    Out.set<1>(In.info.name);
+    Out.set<2>(In.info.description);
+    Out.set<3>(OpenWifi::RESTAPI_utils::to_string(In.info.notes));
+    Out.set<4>(In.info.created);
+    Out.set<5>(In.info.modified);
+    Out.set<6>(In.privateKey);
+    Out.set<7>(In.country);
+    Out.set<8>(In.province);
+    Out.set<9>(In.city);
+    Out.set<10>(In.organization);
+    Out.set<11>(In.commonName);
+    Out.set<12>(In.CSR);
+    Out.set<13>(In.CSRPrivateKey);
+    Out.set<14>(In.CSRPublicKey);
+    Out.set<15>(In.GlobalReachAcctId);
+}

src/storage/storage_glblraccounts.h

@@ -0,0 +1,35 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<std::string,
+            std::string, std::string, std::string, uint64_t, uint64_t,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string>
+        GLBLRAccountsDBRecordType;
+
+    class GLBLRAccountInfoDB : public ORM::DB<GLBLRAccountsDBRecordType, ProvObjects::GLBLRAccountInfo> {
+    public:
+        GLBLRAccountInfoDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~GLBLRAccountInfoDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+    private:
+
+    };
+} // namespace OpenWifi

src/storage/storage_glblrcerts.cpp

@@ -0,0 +1,76 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+#include "storage_glblrcerts.h"
+
+#include <framework/orm.h>
+#include "framework/OpenWifiTypes.h"
+#include "framework/RESTAPI_utils.h"
+
+#include "RESTObjects/RESTAPI_SecurityObjects.h"
+
+namespace OpenWifi {
+
+    static ORM::FieldVec GLBLRCertsDB_Fields{// object info
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"accountId", ORM::FieldType::FT_TEXT},
+            ORM::Field{"csr", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificate", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificateChain", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificateId", ORM::FieldType::FT_TEXT},
+            ORM::Field{"expiresAt", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT}
+    };
+
+    static ORM::IndexVec GLBLRCertsDB_Indexes{
+            {std::string("glblr_cert_id_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    GLBLRCertsDB::GLBLRCertsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "glblr_certs", GLBLRCertsDB_Fields, GLBLRCertsDB_Indexes, P, L, "glc") {}
+
+    bool GLBLRCertsDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{};
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::GLBLRCertsDBRecordType, OpenWifi::ProvObjects::GLBLRCertificateInfo>::Convert(
+        const OpenWifi::GLBLRCertsDBRecordType &In, OpenWifi::ProvObjects::GLBLRCertificateInfo &Out) {
+    Out.id = In.get<0>();
+    Out.name = In.get<1>();
+    Out.accountId = In.get<2>();
+    Out.csr = In.get<3>();
+    Out.certificate = In.get<4>();
+    Out.certificateChain = In.get<5>();
+    Out.certificateId = In.get<6>();
+    Out.expiresAt = In.get<7>();
+    Out.created = In.get<8>();
+}
+
+template <>
+void ORM::DB<OpenWifi::GLBLRCertsDBRecordType, OpenWifi::ProvObjects::GLBLRCertificateInfo>::Convert(
+        const OpenWifi::ProvObjects::GLBLRCertificateInfo &In, OpenWifi::GLBLRCertsDBRecordType &Out) {
+    Out.set<0>(In.id);
+    Out.set<1>(In.name);
+    Out.set<2>(In.accountId);
+    Out.set<3>(In.csr);
+    Out.set<4>(In.certificate);
+    Out.set<5>(In.certificateChain);
+    Out.set<6>(In.certificateId);
+    Out.set<7>(In.expiresAt);
+    Out.set<8>(In.created);
+}

src/storage/storage_glblrcerts.h

@@ -0,0 +1,37 @@
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+//
+// Created by stephane bourque on 2023-09-11.
+//
+
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            uint64_t,
+            uint64_t>
+            GLBLRCertsDBRecordType;
+
+    class GLBLRCertsDB : public ORM::DB<GLBLRCertsDBRecordType, ProvObjects::GLBLRCertificateInfo> {
+    public:
+        GLBLRCertsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~GLBLRCertsDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+    private:
+
+    };
+} // namespace OpenWifi

src/storage/storage_inventory.cpp

@@ -44,7 +44,10 @@ namespace OpenWifi {
 		ORM::Field{"devClass", ORM::FieldType::FT_TEXT},
 		ORM::Field{"locale", ORM::FieldType::FT_TEXT},
 		ORM::Field{"realMacAddress", ORM::FieldType::FT_TEXT},
-		ORM::Field{"doNotAllowOverrides", ORM::FieldType::FT_BOOLEAN}};
+		ORM::Field{"doNotAllowOverrides", ORM::FieldType::FT_BOOLEAN},
+        ORM::Field{"imported", ORM::FieldType::FT_BIGINT},
+        ORM::Field{"connected", ORM::FieldType::FT_BIGINT},
+        ORM::Field{"platform", ORM::FieldType::FT_TEXT}};
 
 	static ORM::IndexVec InventoryDB_Indexes{
 		{std::string("inventory_name_index"),
@@ -60,6 +63,9 @@ namespace OpenWifi {
 			"alter table " + TableName_ + " add column realMacAddress text",
 			"alter table " + TableName_ + " add column devClass text",
 			"alter table " + TableName_ + " add column deviceRules text",
+            "alter table " + TableName_ + " add column platform text default 'AP'",
+            "alter table " + TableName_ + " add column imported bigint",
+            "alter table " + TableName_ + " add column connected bigint",
 			"alter table " + TableName_ + " add column doNotAllowOverrides boolean"};
 
 		for (const auto &i : Script) {
@@ -80,7 +86,8 @@ namespace OpenWifi {
 	bool InventoryDB::CreateFromConnection(const std::string &SerialNumberRaw,
 										   const std::string &ConnectionInfo,
 										   const std::string &DeviceType,
-										   const std::string &Locale) {
+										   const std::string &Locale,
+										   const bool isConnection) {
 
 		ProvObjects::InventoryTag ExistingDevice;
 		auto SerialNumber = Poco::toLower(SerialNumberRaw);
@@ -106,6 +113,8 @@ namespace OpenWifi {
 			StateDoc["date"] = Utils::Now();
 			NewDevice.state = to_string(StateDoc);
 			NewDevice.devClass = "any";
+            NewDevice.connected = Now;
+            NewDevice.imported = 0;
 			if (!IP.empty()) {
 				StorageService()->VenueDB().GetByIP(IP, NewDevice.venue);
 				if (NewDevice.venue.empty()) {
@@ -176,9 +185,32 @@ namespace OpenWifi {
 
 			if (modified) {
 				ExistingDevice.info.modified = Utils::Now();
+                ExistingDevice.connected = Utils::Now();
 				StorageService()->InventoryDB().UpdateRecord("id", ExistingDevice.info.id,
 															 ExistingDevice);
 			}
+
+			// Push entity and venue down to GW but only on connect (not ping)
+			if (isConnection && !ExistingDevice.venue.empty()) {
+				if (SDK::GW::Device::SetVenue(nullptr, ExistingDevice.serialNumber, ExistingDevice.venue)) {
+						Logger().information(Poco::format("%s: GW set venue property.",
+														  ExistingDevice.serialNumber));
+				} else {
+					Logger().information(Poco::format(
+						"%s: could not set GW venue property.", ExistingDevice.serialNumber));
+				}
+			}
+
+			if (isConnection && !ExistingDevice.entity.empty()) {
+				if (SDK::GW::Device::SetEntity(nullptr, ExistingDevice.serialNumber, ExistingDevice.entity)) {
+						Logger().information(Poco::format("%s: GW set entity property.",
+														  ExistingDevice.serialNumber));
+				} else {
+					Logger().information(Poco::format(
+						"%s: could not set GW entity property.", ExistingDevice.serialNumber));
+				}
+			}
+
 		}
 		return false;
 	}
@@ -232,6 +264,69 @@ namespace OpenWifi {
 		}
 		return true;
 	}
+
+    bool InventoryDB::GetDevicesForVenue(const std::string &venue_uuid, std::vector<std::string> &devices) {
+        try {
+            std::vector<ProvObjects::InventoryTag> device_list;
+            if(GetRecords(0, 1000, device_list, fmt::format(" venue='{}' ", venue_uuid))) {
+                for(auto &i:device_list) {
+                    devices.push_back(i.serialNumber);
+                }
+                return true;
+            }
+        } catch(const Poco::Exception &E) {
+            Logger().log(E);
+            return false;
+        } catch(const std::exception &E) {
+            Logger().error(fmt::format("std::exception: {}",E.what()));
+            return false;
+        } catch(...) {
+            Logger().error("Unknown exception");
+            return false;
+        }
+        return false;
+    }
+
+    bool InventoryDB::GetDevicesUUIDForVenue(const std::string &venue_uuid, std::vector<std::string> &devices) {
+        try {
+            std::vector<ProvObjects::InventoryTag> device_list;
+            if(GetRecords(0, 1000, device_list, fmt::format(" venue='{}' ", venue_uuid))) {
+                for(auto &i:device_list) {
+                    devices.push_back(i.info.id);
+                }
+                return true;
+            }
+        } catch(const Poco::Exception &E) {
+            Logger().log(E);
+            return false;
+        } catch(const std::exception &E) {
+            Logger().error(fmt::format("std::exception: {}",E.what()));
+            return false;
+        } catch(...) {
+            Logger().error("Unknown exception");
+            return false;
+        }
+        return false;
+    }
+
+    bool InventoryDB::GetDevicesForVenue(const std::string &venue_uuid, std::vector<ProvObjects::InventoryTag> &devices) {
+        try {
+            return GetRecords(0, 1000, devices, fmt::format(" venue='{}' ", venue_uuid));
+        } catch(const Poco::Exception &E) {
+            Logger().log(E);
+            return false;
+        } catch(const std::exception &E) {
+            Logger().error(fmt::format("std::exception: {}",E.what()));
+            return false;
+        } catch(...) {
+            Logger().error("Unknown exception");
+            return false;
+        }
+
+        return false;
+    }
+
+
 } // namespace OpenWifi
 
 template <>
@@ -263,6 +358,9 @@ void ORM::DB<OpenWifi::InventoryDBRecordType, OpenWifi::ProvObjects::InventoryTa
 	Out.locale = In.get<21>();
 	Out.realMacAddress = In.get<22>();
 	Out.doNotAllowOverrides = In.get<23>();
+    Out.imported = In.get<24>();
+    Out.connected = In.get<25>();
+    Out.platform = In.get<26>();
 }
 
 template <>
@@ -292,4 +390,7 @@ void ORM::DB<OpenWifi::InventoryDBRecordType, OpenWifi::ProvObjects::InventoryTa
 	Out.set<21>(In.locale);
 	Out.set<22>(In.realMacAddress);
 	Out.set<23>(In.doNotAllowOverrides);
+    Out.set<24>(In.imported);
+    Out.set<25>(In.connected);
+    Out.set<26>(In.platform);
 }

src/storage/storage_inventory.h

@@ -16,7 +16,7 @@ namespace OpenWifi {
 						std::string, std::string, std::string, std::string, std::string,
 						std::string, std::string, std::string, std::string, std::string,
 						std::string, std::string, std::string, std::string, std::string,
-						std::string, std::string, bool>
+						std::string, std::string, bool, uint64_t, uint64_t, std::string>
 		InventoryDBRecordType;
 
 	class InventoryDB : public ORM::DB<InventoryDBRecordType, ProvObjects::InventoryTag> {
@@ -25,7 +25,8 @@ namespace OpenWifi {
 		virtual ~InventoryDB(){};
 		bool CreateFromConnection(const std::string &SerialNumber,
 								  const std::string &ConnectionInfo, const std::string &DeviceType,
-								  const std::string &Locale);
+								  const std::string &Locale,
+								  const bool isConnection);
 
 		void InitializeSerialCache();
 		bool GetRRMDeviceList(Types::UUIDvec_t &DeviceList);
@@ -38,6 +39,10 @@ namespace OpenWifi {
 
 		bool Upgrade(uint32_t from, uint32_t &to) override;
 
+        bool GetDevicesForVenue(const std::string &uuid, std::vector<std::string> &devices);
+        bool GetDevicesUUIDForVenue(const std::string &uuid, std::vector<std::string> &devices);
+        bool GetDevicesForVenue(const std::string &uuid, std::vector<ProvObjects::InventoryTag> &devices);
+
 	  private:
 		bool EvaluateDeviceRules(const ProvObjects::InventoryTag &T,
 								 ProvObjects::DeviceRules &Rules);

src/storage/storage_orion_accounts.cpp

@@ -0,0 +1,76 @@
+//
+// Created by stephane bourque on 2023-09-17.
+//
+
+#include "storage_orion_accounts.h"
+#include <framework/orm.h>
+#include "framework/OpenWifiTypes.h"
+#include "framework/RESTAPI_utils.h"
+
+#include "RESTObjects/RESTAPI_SecurityObjects.h"
+
+namespace OpenWifi {
+
+    static ORM::FieldVec OrionAccountsDB_Fields{
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"description", ORM::FieldType::FT_TEXT},
+            ORM::Field{"notes", ORM::FieldType::FT_TEXT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"modified", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"privateKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"certificate", ORM::FieldType::FT_TEXT},
+            ORM::Field{"cacerts", ORM::FieldType::FT_TEXT}
+    };
+
+    static ORM::IndexVec OrionAccountsDB_Indexes{
+            {std::string("orion_name_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    OrionAccountsDB::OrionAccountsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "orion_accts", OrionAccountsDB_Fields, OrionAccountsDB_Indexes, P, L, "oat") {}
+
+    bool OrionAccountsDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{};
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::OrionAccountsDBRecordType, OpenWifi::ProvObjects::GooglOrionAccountInfo>::Convert(
+        const OpenWifi::OrionAccountsDBRecordType &In, OpenWifi::ProvObjects::GooglOrionAccountInfo &Out) {
+    Out.info.id = In.get<0>();
+    Out.info.name = In.get<1>();
+    Out.info.description = In.get<2>();
+    Out.info.notes =
+            OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::SecurityObjects::NoteInfo>(In.get<3>());
+    Out.info.created = In.get<4>();
+    Out.info.modified = In.get<5>();
+    Out.privateKey =In.get<6>();
+    Out.certificate = In.get<7>();
+    Out.cacerts = OpenWifi::RESTAPI_utils::to_object_array(In.get<8>());
+}
+
+template <>
+void ORM::DB<OpenWifi::OrionAccountsDBRecordType, OpenWifi::ProvObjects::GooglOrionAccountInfo>::Convert(
+        const OpenWifi::ProvObjects::GooglOrionAccountInfo &In, OpenWifi::OrionAccountsDBRecordType &Out) {
+    Out.set<0>(In.info.id);
+    Out.set<1>(In.info.name);
+    Out.set<2>(In.info.description);
+    Out.set<3>(OpenWifi::RESTAPI_utils::to_string(In.info.notes));
+    Out.set<4>(In.info.created);
+    Out.set<5>(In.info.modified);
+    Out.set<6>(In.privateKey);
+    Out.set<7>(In.certificate);
+    Out.set<8>(OpenWifi::RESTAPI_utils::to_string(In.cacerts));
+}

src/storage/storage_orion_accounts.h

@@ -0,0 +1,32 @@
+//
+// Created by stephane bourque on 2023-09-17.
+//
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<std::string,
+            std::string,
+            std::string,
+            std::string,
+            uint64_t,
+            uint64_t,
+            std::string,
+            std::string,
+            std::string>
+            OrionAccountsDBRecordType;
+
+    class OrionAccountsDB : public ORM::DB<OrionAccountsDBRecordType, ProvObjects::GooglOrionAccountInfo> {
+    public:
+        OrionAccountsDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~OrionAccountsDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+    private:
+
+    };
+
+} // namespace OpenWifi

src/storage/storage_radius_endpoints.cpp

@@ -0,0 +1,92 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#include "storage_radius_endpoints.h"
+#include <framework/RESTAPI_utils.h>
+namespace OpenWifi {
+
+    static ORM::FieldVec RadiusEndpointDB_Fields{// object info
+            ORM::Field{"id", 64, true},
+            ORM::Field{"name", ORM::FieldType::FT_TEXT},
+            ORM::Field{"description", ORM::FieldType::FT_TEXT},
+            ORM::Field{"notes", ORM::FieldType::FT_TEXT},
+            ORM::Field{"created", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"modified", ORM::FieldType::FT_BIGINT},
+            ORM::Field{"Type", ORM::FieldType::FT_TEXT},
+            ORM::Field{"RadsecServers", ORM::FieldType::FT_TEXT},
+            ORM::Field{"RadiusServers", ORM::FieldType::FT_TEXT},
+            ORM::Field{"PoolStrategy", ORM::FieldType::FT_TEXT},
+            ORM::Field{"Index", ORM::FieldType::FT_TEXT},
+            ORM::Field{"UsedBy", ORM::FieldType::FT_TEXT},
+            ORM::Field{"UseGWProxy", ORM::FieldType::FT_BOOLEAN},
+            ORM::Field{"NasIdentifier", ORM::FieldType::FT_TEXT},
+            ORM::Field{"AccountingInterval", ORM::FieldType::FT_BIGINT}
+    };
+
+    static ORM::IndexVec RadiusEndpointDB_Indexes{
+            {std::string("radius_ep_name_index"),
+             ORM::IndexEntryVec{{std::string("name"), ORM::Indextype::ASC}}}};
+
+    RadiusEndpointDB::RadiusEndpointDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L)
+            : DB(T, "radius_endpoints", RadiusEndpointDB_Fields, RadiusEndpointDB_Indexes, P, L, "rep") {}
+
+    bool RadiusEndpointDB::Upgrade([[maybe_unused]] uint32_t from, uint32_t &to) {
+        to = Version();
+        std::vector<std::string> Script{
+            "alter table " + TableName_ + " add column NasIdentifier TEXT;",
+            "alter table " + TableName_ + " add column AccountingInterval BIGINT;"
+        };
+
+        for (const auto &i : Script) {
+            try {
+                auto Session = Pool_.get();
+                Session << i, Poco::Data::Keywords::now;
+            } catch (...) {
+            }
+        }
+        return true;
+    }
+
+} // namespace OpenWifi
+
+template <>
+void ORM::DB<OpenWifi::RadiusEndpointDbRecordType, OpenWifi::ProvObjects::RADIUSEndPoint>::Convert(
+        const OpenWifi::RadiusEndpointDbRecordType &In, OpenWifi::ProvObjects::RADIUSEndPoint &Out) {
+    Out.info.id = In.get<0>();
+    Out.info.name = In.get<1>();
+    Out.info.description = In.get<2>();
+    Out.info.notes =
+            OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::SecurityObjects::NoteInfo>(In.get<3>());
+    Out.info.created = In.get<4>();
+    Out.info.modified = In.get<5>();
+    Out.Type = In.get<6>();
+    Out.RadsecServers = OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::ProvObjects::RADIUSEndPointRadsecType>(In.get<7>());
+    Out.RadiusServers = OpenWifi::RESTAPI_utils::to_object_array<OpenWifi::ProvObjects::RADIUSEndPointRadiusType>(In.get<8>());
+    Out.PoolStrategy = In.get<9>();
+    Out.Index = In.get<10>();
+    Out.UsedBy = OpenWifi::RESTAPI_utils::to_object_array(In.get<11>());
+    Out.UseGWProxy = In.get<12>();
+    Out.NasIdentifier = In.get<13>();
+    Out.AccountingInterval = In.get<14>();
+}
+
+template <>
+void ORM::DB<OpenWifi::RadiusEndpointDbRecordType, OpenWifi::ProvObjects::RADIUSEndPoint>::Convert(
+        const OpenWifi::ProvObjects::RADIUSEndPoint &In, OpenWifi::RadiusEndpointDbRecordType &Out) {
+    Out.set<0>(In.info.id);
+    Out.set<1>(In.info.name);
+    Out.set<2>(In.info.description);
+    Out.set<3>(OpenWifi::RESTAPI_utils::to_string(In.info.notes));
+    Out.set<4>(In.info.created);
+    Out.set<5>(In.info.modified);
+    Out.set<6>(In.Type);
+    Out.set<7>(OpenWifi::RESTAPI_utils::to_string(In.RadsecServers));
+    Out.set<8>(OpenWifi::RESTAPI_utils::to_string(In.RadiusServers));
+    Out.set<9>(In.PoolStrategy);
+    Out.set<10>(In.Index);
+    Out.set<11>(OpenWifi::RESTAPI_utils::to_string(In.UsedBy));
+    Out.set<12>(In.UseGWProxy);
+    Out.set<13>(In.NasIdentifier);
+    Out.set<14>(In.AccountingInterval);
+}

src/storage/storage_radius_endpoints.h

@@ -0,0 +1,46 @@
+//
+// Created by stephane bourque on 2023-09-27.
+//
+
+#pragma once
+
+#include "RESTObjects/RESTAPI_ProvObjects.h"
+#include "framework/orm.h"
+
+namespace OpenWifi {
+
+    typedef Poco::Tuple<
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            uint64_t,
+            uint64_t,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            std::string,
+            bool,
+            std::string,
+            std::uint64_t
+    >   RadiusEndpointDbRecordType;
+
+    class RadiusEndpointDB : public ORM::DB<RadiusEndpointDbRecordType, ProvObjects::RADIUSEndPoint> {
+    public:
+        RadiusEndpointDB(OpenWifi::DBType T, Poco::Data::SessionPool &P, Poco::Logger &L);
+        virtual ~RadiusEndpointDB(){};
+        bool Upgrade(uint32_t from, uint32_t &to) override;
+
+        static inline bool ValidIndex(const std::string &I) {
+            static uint32_t Low = Utils::IPtoInt("0.0.1.1");
+            static uint32_t High = Utils::IPtoInt("0.0.2.254");
+            auto IP = Utils::IPtoInt(I);
+            return (IP>=Low) && (IP<=High);
+        }
+
+    private:
+
+    };
+} // namespace OpenWifi

test_scripts/curl/cli

@@ -617,6 +617,51 @@ getsystemconfiguration() {
     jq < ${result_file}
 }
 
+creategraccount() {
+    payload="{ \"name\" : \"Test account\" , \"country\" : \"CA\", \"province\" : \"BC\" , \"city\" : \"Vancouver\", \"organization\" : \"Arilia Wireless Inc.\", \"commonName\" : \"arilia.com\", \"GlobalReachAcctId\" : \"bd63aaa7-b14d-4cdb-85ae-8de6cf2cfa31\", \"privateKey\" : \"-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgl1FpARtuOtw1F9sR2DD82jh6sZFGRn619IY0rmNIFEuhRANCAATB7ji6OF/+heGRCocgVNhw4QGvaL9Kp8F6ZqqZ3aMewRMOfzi3TQaXN12FNBsvXnptx5vk8GAzZk6UAzzvMBVK\n-----END PRIVATE KEY-----\" }"
+    curl    ${FLAGS} -X POST "https://${OWPROV}/api/v1/openroaming/globalreach/account/0" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" \
+        -d "$payload"  > ${result_file}
+    jq < ${result_file}
+}
+
+getgraccount() {
+    curl    ${FLAGS} -X GET "https://${OWPROV}/api/v1/openroaming/globalreach/account/$1" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" > ${result_file}
+    jq < ${result_file}
+}
+
+deletegraccount() {
+    curl    ${FLAGS} -X DELETE "https://${OWPROV}/api/v1/openroaming/globalreach/account/$1" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" > ${result_file}
+    jq < ${result_file}
+}
+
+getgraccounts() {
+    curl    ${FLAGS} -X GET "https://${OWPROV}/api/v1/openroaming/globalreach/accounts" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" > ${result_file}
+    jq < ${result_file}
+}
+
+creategrcert() {
+    payload="{ \"name\" : \"$2\" }"
+    curl    ${FLAGS} -X POST "https://${OWPROV}/api/v1/openroaming/globalreach/certificate/$1/0" \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer ${token}" \
+        -H "Accept: application/json" \
+        -d "$payload"  > ${result_file}
+    jq < ${result_file}
+
+}
+
 shopt -s nocasematch
 case "$1" in
     "login") login; echo "You are logged in..."  ; logout ;;
@@ -673,6 +718,11 @@ case "$1" in
     "deleteoverride") login; deleteoverride "$2"; logout;;
     "venueupgraderevisions") login; venueupgraderevisions "$2"; logout;;
     "getsystemconfiguration") login; getsystemconfiguration "$2"; logout;;
+    "creategraccount") login; creategraccount ; logout;;
+    "getgraccount") login; getgraccount "$2"; logout;;
+    "getgraccounts") login; getgraccounts ; logout;;
+    "creategrcert") login; creategrcert "$2" "$3"; logout;;
+    "deletegraccount") login; deletegraccount "$2"; logout;;
     "getvenuesperrrm") login; getvenuesperrrm "$2"; logout;;
     *) help ;;
 esac