feat: Added reenroll to openapi.

Signed-off-by: Ivan Chvets <ivan.chvets@kinarasystems.com>

.github/workflows/ci.yml

@@ -21,7 +21,7 @@ defaults:
 
 jobs:
   docker:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     env:
       DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
       DOCKER_REGISTRY_USERNAME: ucentral

.github/workflows/release.yml

@@ -11,7 +11,7 @@ defaults:
 
 jobs:
   helm-package:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     env:
       HELM_REPO_URL: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
       HELM_REPO_USERNAME: ucentral

BUILDING.md

@@ -1,5 +1,5 @@
 # Building from source
-In order to build the OWGW, you will need to install its dependencies, which includes the following:
+In order to build OWGW, you will need to install its dependencies, which includes the following:
 - cmake
 - boost
 - POCO 1.10.1 or later
@@ -12,43 +12,43 @@ In order to build the OWGW, you will need to install its dependencies, which inc
 
 The build is done in 2 parts. The first part is to build a local copy of the framework tailored to your environment. This
 framework is called [Poco](https://github.com/pocoproject/poco). The version used in this project has a couple of fixes
-from the master copy needed for cmake. Please use the version of this [Poco fix](https://github.com/AriliaWireless/poco). Building
+from the master copy needed for cmake. Please use the version of this [Poco fix](https://github.com/Telecominfraproject/wlan-cloud-lib-poco). Building
 Poco may take several minutes depending on the platform you are building on.
 
 ## Ubuntu
 These instructions have proven to work on Ubuntu 20.4.
 ```bash
-sudo apt install git cmake g++ libssl-dev libmariadb-dev 
-sudo apt install libpq-dev libaprutil1-dev apache2-dev libboost-all-dev
-sudo apt install librdkafka-dev // default-libmysqlclient-dev
-sudo apt install nlohmann-json-dev
+sudo apt install git cmake g++ libssl-dev libmariadb-dev \
+    libpq-dev libaprutil1-dev apache2-dev libboost-all-dev \
+    librdkafka-dev // default-libmysqlclient-dev \
+    nlohmann-json-dev
 
-cd ~
-git clone https://github.com/AriliaWireless/poco --branch poco-tip-v2
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-poco --branch poco-tip-v1 poco
 cd poco
 mkdir cmake-build
 cd cmake-build
 cmake ..
 cmake --build . --config Release
 sudo cmake --build . --target install
+cd ../..
 
-cd ~
-git clone https://github.com/AriliaWireless/cppkafka --branch tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-cppkafka --branch tip-v1 cppkafka
 cd cppkafka
 mkdir cmake-build
 cd cmake-build
 cmake ..
 cmake --build . --config Release
 sudo cmake --build . --target install
+cd ../..
 
-cd ~
-git clone https://github.com/AriliaWireless/valijson --branch tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-valijson --branch tip-v1 valijson
 cd valijson
 mkdir cmake-build
 cd cmake-build
 cmake ..
 cmake --build . --config Release
 sudo cmake --build . --target install
+cd ../..
 
 git clone https://github.com/fmtlib/fmt --branch 9.0.0 /fmtlib
 cd fmtlib
@@ -57,56 +57,59 @@ cd cmake-build
 cmake ..
 make
 make install
+cd ../..
 
-cd ~
 git clone https://github.com/Telecominfraproject/wlan-cloud-ucentralgw
 cd wlan-cloud-ucentralgw
 mkdir cmake-build
 cd cmake-build
 cmake ..
 make -j 8
+cd ../..
 ```
 
 ## Fedora
 The following instructions have proven to work on Fedora 33
 ```bash
-sudo yum install cmake g++ openssl-devel mysql-devel mysql apr-util-devel boost boost-devel
-sudo yum install yaml-cpp-devel lua-devel 
+sudo yum install cmake g++ openssl-devel mysql-devel mysql apr-util-devel boost boost-devel \
+    yaml-cpp-devel lua-devel
 sudo dnf install postgresql.x86_64 librdkafka-devel
 sudo dnf install postgresql-devel json-devel
 
-git clone https://github.com/AriliaWireless/poco --branch poco-tip-v2
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-poco --branch poco-tip-v1 poco
 cd poco
 mkdir cmake-build
 cd cmake-build
 cmake ..
 cmake --build . --config Release
 sudo cmake --build . --target install
+cd ../..
 
-git clone https://github.com/AriliaWireless/cppkafka --branch tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-cppkafka --branch tip-v1 cppkafka
 cd cppkafka
 mkdir cmake-build
 cd cmake-build
 cmake ..
 cmake --build . --config Release
 sudo cmake --build . --target install
+cd ../..
 
-cd ~
-git clone https://github.com/AriliaWireless/valijson --branch tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-valijson --branch tip-v1 valijson
 cd valijson
 mkdir cmake-build
 cd cmake-build
 cmake ..
 cmake --build . --config Release
 sudo cmake --build . --target install
+cd ../..
 
-cd ~
 git clone https://github.com/Telecominfraproject/wlan-cloud-ucentralgw
 cd wlan-cloud-ucentralgw
 mkdir cmake-build
 cd cmake-build
 cmake ..
 make
+cd ../..
 ```
 
 ## macOS Build
@@ -125,7 +128,7 @@ brew install openssl \
 	nlohmann-json \
 	fmt
 
-git clone https://github.com/AriliaWireless/poco --branch poco-tip-v2
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-poco --branch poco-tip-v1 poco
 pushd poco
 mkdir cmake-build
 push cmake-build
@@ -135,7 +138,7 @@ sudo cmake --build . --target install
 popd
 popd
 
-git clone https://github.com/AriliaWireless/cppkafka --branch tip-v1
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-cppkafka --branch tip-v1 cppkafka
 pushd cppkafka
 mkdir cmake-build
 pushd cmake-build
@@ -145,10 +148,10 @@ sudo cmake --build . --target install
 popd
 popd
 
-git clone https://github.com/AriliaWireless/valijson --branch tip-v1
-cd valijson
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-valijson --branch tip-v1 valijson
+pushd valijson
 mkdir cmake-build
-cd cmake-build
+pushd cmake-build
 cmake ..
 cmake --build . --config Release
 sudo cmake --build . --target install
@@ -171,20 +174,23 @@ support. You can build with only SQLite support by not installing the packages f
 adding -DSMALL_BUILD=1 on the cmake build line.
 
 ```bash
-sudo apt install git cmake g++ libssl-dev libaprutil1-dev apache2-dev libboost-all-dev libyaml-cpp-dev
-git clone https://github.com/stephb9959/poco
+sudo apt install git cmake g++ libssl-dev libaprutil1-dev apache2-dev \
+    libboost-all-dev libyaml-cpp-dev
+
+git clone https://github.com/Telecominfraproject/wlan-cloud-lib-poco --branch poco-tip-v1 poco
 cd poco
 mkdir cmake-build
 cd cmake-build
 cmake ..
 cmake --build . --config Release
 sudo cmake --build . --target install
+cd ../..
 
-cd ~
 git clone https://github.com/Telecominfraproject/wlan-cloud-ucentralgw
 cd wlan-cloud-ucentralgw
 mkdir cmake-build
 cd cmake-build
 cmake -DSMALL_BUILD=1 ..
 make
+cd ../..
 ```

CMakeLists.txt

@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.13)
-project(owgw VERSION 3.0.2)
+project(owgw VERSION 4.1.0)
 
 set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED True)

Dockerfile

@@ -1,7 +1,7 @@
 ARG DEBIAN_VERSION=11.5-slim
 ARG POCO_VERSION=poco-tip-v2
 ARG CPPKAFKA_VERSION=tip-v1
-ARG VALIJASON_VERSION=tip-v1
+ARG VALIJASON_VERSION=tip-v1.0.2
 ARG APP_NAME=owgw
 ARG APP_HOME_DIR=/openwifi
 
@@ -17,8 +17,8 @@ FROM build-base AS poco-build
 
 ARG POCO_VERSION
 
-ADD https://api.github.com/repos/AriliaWireless/poco/git/refs/tags/${POCO_VERSION} version.json
-RUN git clone https://github.com/AriliaWireless/poco --branch ${POCO_VERSION} /poco
+ADD https://api.github.com/repos/Telecominfraproject/wlan-cloud-lib-poco/git/refs/tags/${POCO_VERSION} version.json
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-lib-poco --branch ${POCO_VERSION} /poco
 
 WORKDIR /poco
 RUN mkdir cmake-build
@@ -31,8 +31,8 @@ FROM build-base AS cppkafka-build
 
 ARG CPPKAFKA_VERSION
 
-ADD https://api.github.com/repos/AriliaWireless/cppkafka/git/refs/tags/${CPPKAFKA_VERSION} version.json
-RUN git clone https://github.com/AriliaWireless/cppkafka --branch ${CPPKAFKA_VERSION} /cppkafka
+ADD https://api.github.com/repos/Telecominfraproject/wlan-cloud-lib-cppkafka/git/refs/tags/${CPPKAFKA_VERSION} version.json
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-lib-cppkafka --branch ${CPPKAFKA_VERSION} /cppkafka
 
 WORKDIR /cppkafka
 RUN mkdir cmake-build
@@ -45,8 +45,8 @@ FROM build-base AS valijson-build
 
 ARG VALIJASON_VERSION
 
-ADD https://api.github.com/repos/AriliaWireless/valijson/git/refs/tags/${VALIJASON_VERSION} version.json
-RUN git clone https://github.com/AriliaWireless/valijson --branch ${VALIJASON_VERSION} /valijson
+ADD https://api.github.com/repos/Telecominfraproject/wlan-cloud-lib-valijson/git/refs/tags/${VALIJASON_VERSION} version.json
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-lib-valijson --branch ${VALIJASON_VERSION} /valijson
 
 WORKDIR /valijson
 RUN mkdir cmake-build

PROTOCOL.md

@@ -306,8 +306,54 @@ The device should answer:
          },
      "id" : <same number>
 }
+```
+
+#### Controller wants the device to apply a given fixed configuration
+
+Controller sends this command when it requires the device to apply fixed configuration, eg. country code. The device
+should respond with message indicating failure or success.
+
+```json
+{   "jsonrpc" : "2.0",
+    "method" : "fixedconfig",
+    "params" : {
+        "serial" : <serial number>,
+        "when" : Optional - <UTC time when to apply this config, 0 means immediate, this is a suggestion>
+        "country" : "<country-code>"
+     },
+}
+```
+
+If AP supports compressed configuration feature by inidcating `compress_cmd=true` in its capabilities, controller
+will send a compressed configuration message where configuration payload (i.e. contents of `params`) is compressed
+and encoded in base64 format:
+```json
+{   "jsonrpc" : "2.0",
+    "method" : "configure",
+    "params" : {
+        "compress_64" : "<b64 encoded zlib compressed payload>",
+        "compress_sz" : "<size of uncompressed data in bytes>"
+     },
+     "id" : <some number>
+}
+```
+
+The device should answer:
+```json
+{   "jsonrpc" : "2.0",
+    "result" : {
+        "serial": <serial number>,
+        "status": {
+            "error": 0 or an error number,
+            "text": <description of the error or success, eg. "Applied fixed config, rebooting">
+        },
+        "uuid": <UUID>
+    }
+}
 
 ```
+
+
 ##### The Answer
 The device can answer and tell the controller it has rejected certain parts of the config and potentially replaced them with
 appropriate values. This could be used to allow a device to replace frequencies for the regions it is located in. The device 
@@ -834,6 +880,32 @@ The device should answer:
 }
 ```
 
+#### Controller wants the device to perform re-enrollment
+Controller sends this command to trigger re-enrollment, i.e. update of operational certificate. Extreme care must be taken.
+```json
+{    "jsonrpc" : "2.0" , 
+     "method" : "reenroll" , 
+     "params" : {
+        "serial" : <serial number>,
+        "when" : Optional - <UTC time when to apply this config, 0 mean immediate, this is a suggestion>
+     },
+     "id" : <some number>
+}
+```
+
+The device should answer:
+```json
+{     "jsonrpc" : "2.0" , 
+      "result" : {
+          "serial" : <serial number> ,
+          "status" : {
+            "error" : <0 or the value of $? from the shell running the command, 255 signifies a timeout>,
+            "txt" : <text describing the error or success>
+      },
+  "id" : <same number as request>
+}
+```
+
 #### Controller wants the device to switch to another controller
 Controller sends this when the device should change the controller it connects to without looking up a new redirector.
 

build

@@ -1 +1 @@
-91
+3

openapi/owgw.yaml

@@ -12,7 +12,7 @@ info:
     url: https://www.ucentral.info/support
 
 servers:
-  - url: 'https://localhost:16001/api/v1'
+  - url: 'https://localhost:16002/api/v1'
 
 security:
   - bearerAuth: []
@@ -42,12 +42,10 @@ components:
   schemas:
     DeviceType:
       type: string
-      default: AP
+      default: ap
       enum:
-        - AP
-        - SWITCH
-        - IOT
-        - MESH
+        - ap
+        - switch
 
     DeviceRestrictionsKeyInfo:
       type: object
@@ -554,9 +552,9 @@ components:
         platform:
           type: string
           enum:
-            - AP
-            - SWITCH
-          default: AP
+            - ap
+            - switch
+          default: ap
 
     DefaultConfigurationList:
       properties:
@@ -1578,6 +1576,15 @@ components:
           format: base64
           description: This is a base64 encoded string of the certificate bundle (the current bundle .tar.gz file from the PKI portal)
 
+    ReenrollRequest:
+      type: object
+      properties:
+        serialNumber:
+          type: string
+        when:
+          type: integer
+          format: int64
+
     PowerCycleRequest:
       type: object
       properties:
@@ -1700,10 +1707,15 @@ paths:
             type: string
             default: ALL
             enum:
-              - ALL
-              - AP
-              - SWITCH
+              - all
+              - ap
+              - switch
           required: false
+        - in: query
+          description: only devices which are not provisioned
+          name: includeProvisioned
+          schema:
+            type: boolean
       responses:
         200:
           description: List devices
@@ -3053,6 +3065,32 @@ paths:
         404:
           $ref: '#/components/responses/NotFound'
 
+  /device/{serialNumber}/reenroll:
+    post:
+      tags:
+        - Commands
+      summary: Reenroll operational certificate for the device.
+      operationId: reenrollCertificate
+      parameters:
+        - in: path
+          name: serialNumber
+          schema:
+            type: string
+          required: true
+      requestBody:
+        description: Reenroll operational certificate for the device
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ReenrollRequest'
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        403:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+
   /device/{serialNumber}/powercycle:
     post:
       tags:

src/AP_WS_Connection.cpp

@@ -213,6 +213,7 @@ namespace OpenWifi {
 			}
 
 			State_.certificateExpiryDate = PeerCert.expiresOn().timestamp().epochTime();
+			State_.certificateIssuerName = PeerCert.issuerName();
 
 			poco_trace(Logger_,
 					   fmt::format("TLS-CONNECTION({}): Session={} CN={} Completed. (t={})", CId_,

src/AP_WS_LookForUpgrade.cpp

@@ -12,7 +12,6 @@ namespace OpenWifi {
 			return false;
 
 		uint64_t GoodConfig = GetCurrentConfigurationID(SerialNumberInt_);
-// 		std::cout << __LINE__ << ": " << SerialNumber_ << "  INT:" << SerialNumberInt_ << "  GoodConfig: " << GoodConfig << "   UUID:" << UUID << "  Pending:" << State_.PendingUUID << std::endl;
 		if (GoodConfig && (GoodConfig == UUID || GoodConfig == State_.PendingUUID)) {
 			UpgradedUUID = UUID;
 			State_.PendingUUID = 0;
@@ -24,16 +23,18 @@ namespace OpenWifi {
 			return false;
 		}
 
-//		std::cout << "D.pendingUUID: " << D.pendingUUID << "  UUID: " << D.UUID << " SerialNumber: " << D.SerialNumber << std::endl;
 		if(State_.PendingUUID!=0 && UUID==State_.PendingUUID) {
-//			std::cout << __LINE__ << ": " << SerialNumber_  << "  GoodConfig: " << GoodConfig << "   UUID:" << UUID << "  Pending:" << State_.PendingUUID << std::endl;
 			//	so we sent an upgrade to a device, and now it is completing now...
 			UpgradedUUID = UUID;
 			StorageService()->CompleteDeviceConfigurationChange(Session, SerialNumber_);
 			State_.PendingUUID = 0;
 			return true;
 		}
-//		std::cout << __LINE__ << ": " << SerialNumber_ << "  GoodConfig: " << GoodConfig << "   UUID:" << UUID << "  Pending:" << State_.PendingUUID << " Device:" << D.UUID << std::endl;
+
+		// dont upgrade a switch if it does not have a real config. Config will always be more than 20 characters
+		if (D.DeviceType==Platforms::SWITCH && D.Configuration.size()<20) {
+			return false;
+		}
 
 		Config::Config Cfg(D.Configuration);
 		//	if this is a broken device (UUID==0) just fix it

src/AP_WS_Process_connect.cpp

@@ -83,7 +83,7 @@ namespace OpenWifi {
 			State_.Address = Utils::FormatIPv6(WS_->peerAddress().toString());
 			CId_ = SerialNumber_ + "@" + CId_;
 
-			auto &Platform = Caps.Platform();
+			auto Platform = Poco::toLower(Caps.Platform());
 
 			if(ParamsObj->has("reason")) {
 				State_.connectReason = ParamsObj->get("reason").toString();
@@ -234,10 +234,11 @@ namespace OpenWifi {
 				if (Updated) {
 					StorageService()->UpdateDevice(DbSession_->Session(), DeviceInfo);
 				}
+			}
 
-				if(!Simulated_) {
-					uint64_t UpgradedUUID = 0;
-					LookForUpgrade(DbSession_->Session(), UUID, UpgradedUUID);
+			if(!Simulated_) {
+				uint64_t UpgradedUUID = 0;
+				if (LookForUpgrade(DbSession_->Session(), UUID, UpgradedUUID)) {
 					State_.UUID = UpgradedUUID;
 				}
 			}

src/AP_WS_Server.cpp

@@ -71,14 +71,18 @@ namespace OpenWifi {
 	bool AP_WS_Server::ValidateCertificate(const std::string &ConnectionId,
 										   const Poco::Crypto::X509Certificate &Certificate) {
 		if (IsCertOk()) {
-			if (!Certificate.issuedBy(*IssuerCert_)) {
-				poco_warning(
-					Logger(),
-					fmt::format("CERTIFICATE({}): issuer mismatch. Local='{}' Incoming='{}'",
-								ConnectionId, IssuerCert_->issuerName(), Certificate.issuerName()));
-				return false;
+			// validate certificate agains trusted chain
+			for (const auto &cert : ClientCasCerts_) {
+				if (Certificate.issuedBy(cert)) {
+					return true;
+				}
 			}
-			return true;
+			poco_warning(
+					Logger(),
+					fmt::format(
+						"CERTIFICATE({}): issuer mismatch. Certificate not issued by any trusted CA",
+						ConnectionId)
+					);
 		}
 		return false;
 	}
@@ -133,6 +137,13 @@ namespace OpenWifi {
 			Context->addChainCertificate(Issuing);
 			Context->addCertificateAuthority(Issuing);
 
+			// add certificates from clientcas to trust chain
+			ClientCasCerts_ = Poco::Net::X509Certificate::readPEM(Svr.ClientCas());
+			for (const auto &cert : ClientCasCerts_) {
+				Context->addChainCertificate(cert);
+				Context->addCertificateAuthority(cert);
+			}
+
 			Poco::Crypto::RSAKey Key("", Svr.KeyFile(), Svr.KeyFilePassword());
 			Context->usePrivateKey(Key);
 
@@ -207,6 +218,28 @@ namespace OpenWifi {
 		return 0;
 	}
 
+	bool AP_WS_Server::Disconnect(uint64_t SerialNumber) {
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto hashIndex = MACHash::Hash(SerialNumber);
+			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (DeviceHint == SerialNumbers_[hashIndex].end() || DeviceHint->second == nullptr) {
+				return false;
+			}
+			Connection = DeviceHint->second;
+			SerialNumbers_[hashIndex].erase(DeviceHint);
+		}
+
+		{
+			auto H = SessionHash::Hash(Connection->State_.sessionId);
+			std::lock_guard SessionLock(SessionMutex_[H]);
+			Sessions_[H].erase(Connection->State_.sessionId);
+		}
+
+		return true;
+	}
+
 	void AP_WS_Server::CleanupSessions() {
 
 		while(Running_) {
@@ -219,7 +252,7 @@ namespace OpenWifi {
 					Session = CleanupSessions_.front();
 					CleanupSessions_.pop_front();
 				}
-				this->Logger().information(fmt::format("Cleaning up session: {} for device: {}", Session.first, Utils::IntToSerialNumber(Session.second)));
+				poco_trace(this->Logger(),fmt::format("Cleaning up session: {} for device: {}", Session.first, Utils::IntToSerialNumber(Session.second)));
 				EndSession(Session.first, Session.second);
 			}
 		}
@@ -433,15 +466,17 @@ namespace OpenWifi {
 	}
 
 	bool AP_WS_Server::GetStatistics(uint64_t SerialNumber, std::string &Statistics) const {
-
-		auto hashIndex = MACHash::Hash(SerialNumber);
-		std::lock_guard Lock(SerialNumbersMutex_[hashIndex]);
-		auto Device = SerialNumbers_[hashIndex].find(SerialNumber);
-		if (Device == SerialNumbers_[hashIndex].end() || Device->second == nullptr) {
-			return false;
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto hashIndex = MACHash::Hash(SerialNumber);
+			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (DeviceHint == SerialNumbers_[hashIndex].end() || DeviceHint->second == nullptr) {
+				return false;
+			}
+			Connection = DeviceHint->second;
 		}
-		Device->second->GetLastStats(Statistics);
-
+		Connection->GetLastStats(Statistics);
 		return true;
 	}
 
@@ -463,14 +498,17 @@ namespace OpenWifi {
 
 	bool AP_WS_Server::GetHealthcheck(uint64_t SerialNumber,
 									  GWObjects::HealthCheck &CheckData) const {
-
-		auto hashIndex = MACHash::Hash(SerialNumber);
-		std::lock_guard Lock(SerialNumbersMutex_[hashIndex]);
-		auto Device = SerialNumbers_[hashIndex].find(SerialNumber);
-		if (Device == SerialNumbers_[hashIndex].end() || Device->second == nullptr) {
-			return false;
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto hashIndex = MACHash::Hash(SerialNumber);
+			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			auto Device = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (Device == SerialNumbers_[hashIndex].end() || Device->second == nullptr) {
+				return false;
+			}
+			Connection = Device->second;
 		}
-		Device->second->GetLastHealthCheck(CheckData);
+		Connection->GetLastHealthCheck(CheckData);
 		return true;
 
 	}
@@ -489,27 +527,34 @@ namespace OpenWifi {
 		}
 
 		auto deviceHash = MACHash::Hash(SerialNumber);
-		std::lock_guard Lock(SerialNumbersMutex_[deviceHash]);
+		std::lock_guard DeviceLock(SerialNumbersMutex_[deviceHash]);
 		SerialNumbers_[deviceHash][SerialNumber] = Connection;
 	}
 
 	bool AP_WS_Server::EndSession(uint64_t session_id, uint64_t SerialNumber) {
 		{
+			poco_trace(Logger(), fmt::format("Ending session 1: {} for device: {}", session_id, Utils::IntToSerialNumber(SerialNumber)));
 			auto sessionHash = SessionHash::Hash(session_id);
 			std::lock_guard SessionLock(SessionMutex_[sessionHash]);
 			Sessions_[sessionHash].erase(session_id);
+			poco_trace(Logger(), fmt::format("Ended session 1: {} for device: {}", session_id, Utils::IntToSerialNumber(SerialNumber)));
 		}
 
 		{
 			auto hashIndex = MACHash::Hash(SerialNumber);
+			poco_trace(Logger(), fmt::format("Ending session 2.0: {} for device: {} hi:{}", session_id, Utils::IntToSerialNumber(SerialNumber), hashIndex));
 			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			poco_trace(Logger(), fmt::format("Ending session 2.1: {} for device: {} hi:{}", session_id, Utils::IntToSerialNumber(SerialNumber), hashIndex));
 			auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
+			poco_trace(Logger(), fmt::format("Ending session 2.2: {} for device: {} hi:{}", session_id, Utils::IntToSerialNumber(SerialNumber), hashIndex));
 			if (DeviceHint == SerialNumbers_[hashIndex].end()
 				|| DeviceHint->second == nullptr
 				|| DeviceHint->second->State_.sessionId != session_id) {
+				poco_trace(Logger(), fmt::format("Did not end session 2: {} for device: {}", session_id, Utils::IntToSerialNumber(SerialNumber)));
 				return false;
 			}
 			SerialNumbers_[hashIndex].erase(DeviceHint);
+			poco_trace(Logger(), fmt::format("Ended session 2: {} for device: {}", session_id, Utils::IntToSerialNumber(SerialNumber)));
 		}
 		return true;
 	}
@@ -517,47 +562,62 @@ namespace OpenWifi {
 
 	bool AP_WS_Server::Connected(uint64_t SerialNumber,
 								 GWObjects::DeviceRestrictions &Restrictions) const {
-		auto hashIndex = MACHash::Hash(SerialNumber);
-		std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
-		auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
-		if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto hashIndex = MACHash::Hash(SerialNumber);
+			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+				return false;
+			}
+			Connection = DeviceHint->second;
+		}
+
+		if(Connection->Dead_) {
 			return false;
 		}
-		if(!DeviceHint->second->Dead_) {
-			Restrictions = DeviceHint->second->GetRestrictions();
-			return DeviceHint->second->State_.Connected;
-		}
-		return false;
+		Restrictions = Connection->GetRestrictions();
+		return Connection->State_.Connected;
 	}
 
 
 	bool AP_WS_Server::Connected(uint64_t SerialNumber) const {
-		auto hashIndex = MACHash::Hash(SerialNumber);
-		std::lock_guard Lock(SerialNumbersMutex_[hashIndex]);
-		auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
-		if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto hashIndex = MACHash::Hash(SerialNumber);
+			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+				return false;
+			}
+			Connection = DeviceHint->second;
+		}
+
+		if(Connection->Dead_) {
 			return false;
 		}
-		if(!DeviceHint->second->Dead_) {
-			return DeviceHint->second->State_.Connected;
-		}
-		return false;
+		return Connection->State_.Connected;
 	}
 
 	bool AP_WS_Server::SendFrame(uint64_t SerialNumber, const std::string &Payload) const {
 		auto hashIndex = MACHash::Hash(SerialNumber);
-		std::lock_guard Lock(SerialNumbersMutex_[hashIndex]);
-		auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
-		if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
-			return false;
+
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+				return false;
+			}
+			Connection = DeviceHint->second;
 		}
 
-		if(DeviceHint->second->Dead_) {
+		if(Connection->Dead_) {
 			return false;
 		}
 
 		try {
-			return DeviceHint->second->Send(Payload);
+			return Connection->Send(Payload);
 		} catch (...) {
 			poco_debug(Logger(), fmt::format(": SendFrame: Could not send data to device '{}'",
 											 Utils::IntToSerialNumber(SerialNumber)));
@@ -566,48 +626,64 @@ namespace OpenWifi {
 	}
 
 	void AP_WS_Server::StopWebSocketTelemetry(uint64_t RPCID, uint64_t SerialNumber) {
-		auto hashIndex = MACHash::Hash(SerialNumber);
-		std::lock_guard Lock(SerialNumbersMutex_[hashIndex]);
-		auto Device = SerialNumbers_[hashIndex].find(SerialNumber);
-		if (Device == end(SerialNumbers_[hashIndex]) || Device->second == nullptr) {
-			return;
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto hashIndex = MACHash::Hash(SerialNumber);
+			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			auto Device = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (Device == end(SerialNumbers_[hashIndex]) || Device->second == nullptr) {
+				return;
+			}
+			Connection = Device->second;
 		}
-		Device->second->StopWebSocketTelemetry(RPCID);
+		Connection->StopWebSocketTelemetry(RPCID);
 	}
 
 	void
 	AP_WS_Server::SetWebSocketTelemetryReporting(uint64_t RPCID, uint64_t SerialNumber,
 												 uint64_t Interval, uint64_t Lifetime,
 												 const std::vector<std::string> &TelemetryTypes) {
-		auto hashIndex = MACHash::Hash(SerialNumber);
-		std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
-		auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
-		if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
-			return;
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto hashIndex = MACHash::Hash(SerialNumber);
+			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+				return;
+			}
+			Connection = DeviceHint->second;
 		}
-		DeviceHint->second->SetWebSocketTelemetryReporting(RPCID, Interval, Lifetime, TelemetryTypes);
+		Connection->SetWebSocketTelemetryReporting(RPCID, Interval, Lifetime, TelemetryTypes);
 	}
 
 	void AP_WS_Server::SetKafkaTelemetryReporting(uint64_t RPCID, uint64_t SerialNumber,
 												  uint64_t Interval, uint64_t Lifetime,
 												  const std::vector<std::string> &TelemetryTypes) {
-		auto hashIndex = MACHash::Hash(SerialNumber);
-		std::lock_guard Lock(SerialNumbersMutex_[hashIndex]);
-		auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
-		if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
-			return;
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto hashIndex = MACHash::Hash(SerialNumber);
+			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+				return;
+			}
+			Connection = DeviceHint->second;
 		}
-		DeviceHint->second->SetKafkaTelemetryReporting(RPCID, Interval, Lifetime, TelemetryTypes);
+		Connection->SetKafkaTelemetryReporting(RPCID, Interval, Lifetime, TelemetryTypes);
 	}
 
 	void AP_WS_Server::StopKafkaTelemetry(uint64_t RPCID, uint64_t SerialNumber) {
-		auto hashIndex = MACHash::Hash(SerialNumber);
-		std::lock_guard DevicesLock(SerialNumbersMutex_[hashIndex]);
-		auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
-		if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
-			return;
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto hashIndex = MACHash::Hash(SerialNumber);
+			std::lock_guard DevicesLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+				return;
+			}
+			Connection = DeviceHint->second;
 		}
-		DeviceHint->second->StopKafkaTelemetry(RPCID);
+		Connection->StopKafkaTelemetry(RPCID);
 	}
 
 	void AP_WS_Server::GetTelemetryParameters(
@@ -616,14 +692,18 @@ namespace OpenWifi {
 		uint64_t &TelemetryWebSocketCount, uint64_t &TelemetryKafkaCount,
 		uint64_t &TelemetryWebSocketPackets, uint64_t &TelemetryKafkaPackets) {
 
-		auto hashIndex = MACHash::Hash(SerialNumber);
-		std::lock_guard DevicesLock(SerialNumbersMutex_[hashIndex]);
-		auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
-		if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
-			return;
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto hashIndex = MACHash::Hash(SerialNumber);
+			std::lock_guard DevicesLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(SerialNumber);
+			if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+				return;
+			}
+			Connection = DeviceHint->second;
 		}
 
-		DeviceHint->second->GetTelemetryParameters(TelemetryRunning, TelemetryInterval,
+		Connection->GetTelemetryParameters(TelemetryRunning, TelemetryInterval,
 										  TelemetryWebSocketTimer, TelemetryKafkaTimer,
 										  TelemetryWebSocketCount, TelemetryKafkaCount,
 										  TelemetryWebSocketPackets, TelemetryKafkaPackets);
@@ -632,20 +712,24 @@ namespace OpenWifi {
 	bool AP_WS_Server::SendRadiusAccountingData(const std::string &SerialNumber,
 												const unsigned char *buffer, std::size_t size) {
 
-		auto IntSerialNumber = Utils::SerialNumberToInt(SerialNumber);
-		auto hashIndex = MACHash::Hash(IntSerialNumber);
-		std::lock_guard DevicesLock(SerialNumbersMutex_[hashIndex]);
-		auto DeviceHint = SerialNumbers_[hashIndex].find(IntSerialNumber);
-		if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
-			return false;
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto IntSerialNumber = Utils::SerialNumberToInt(SerialNumber);
+			auto hashIndex = MACHash::Hash(IntSerialNumber);
+			std::lock_guard DevicesLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(IntSerialNumber);
+			if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+				return false;
+			}
+			Connection = DeviceHint->second;
 		}
 
-		if(DeviceHint->second->Dead_) {
+		if(Connection->Dead_) {
 			return false;
 		}
 
 		try {
-			return DeviceHint->second->SendRadiusAccountingData(buffer, size);
+			return Connection->SendRadiusAccountingData(buffer, size);
 		} catch (...) {
 			poco_debug(
 				Logger(),
@@ -657,20 +741,24 @@ namespace OpenWifi {
 
 	bool AP_WS_Server::SendRadiusAuthenticationData(const std::string &SerialNumber,
 													const unsigned char *buffer, std::size_t size) {
-		auto IntSerialNumber = Utils::SerialNumberToInt(SerialNumber);
-		auto hashIndex = MACHash::Hash(IntSerialNumber);
-		std::lock_guard DevicesLock(SerialNumbersMutex_[hashIndex]);
-		auto DeviceHint = SerialNumbers_[hashIndex].find(IntSerialNumber);
-		if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
-			return false;
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto IntSerialNumber = Utils::SerialNumberToInt(SerialNumber);
+			auto hashIndex = MACHash::Hash(IntSerialNumber);
+			std::lock_guard DevicesLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(IntSerialNumber);
+			if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+				return false;
+			}
+			Connection = DeviceHint->second;
 		}
 
-		if(DeviceHint->second->Dead_) {
+		if(Connection->Dead_) {
 			return false;
 		}
 
 		try {
-			return DeviceHint->second->SendRadiusAuthenticationData(buffer, size);
+			return Connection->SendRadiusAuthenticationData(buffer, size);
 		} catch (...) {
 			poco_debug(
 				Logger(),
@@ -682,19 +770,23 @@ namespace OpenWifi {
 
 	bool AP_WS_Server::SendRadiusCoAData(const std::string &SerialNumber,
 										 const unsigned char *buffer, std::size_t size) {
-		auto IntSerialNumber = Utils::SerialNumberToInt(SerialNumber);
-		auto hashIndex = MACHash::Hash(IntSerialNumber);
-		std::lock_guard DevicesGuard(SerialNumbersMutex_[hashIndex]);
-		auto DeviceHint = SerialNumbers_[hashIndex].find(IntSerialNumber);
-		if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
-			return false;
+		std::shared_ptr<AP_WS_Connection> Connection;
+		{
+			auto IntSerialNumber = Utils::SerialNumberToInt(SerialNumber);
+			auto hashIndex = MACHash::Hash(IntSerialNumber);
+			std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+			auto DeviceHint = SerialNumbers_[hashIndex].find(IntSerialNumber);
+			if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr) {
+				return false;
+			}
+			Connection = DeviceHint->second;
 		}
 
-		if(DeviceHint->second->Dead_) {
+		if(Connection->Dead_) {
 			return false;
 		}
 		try {
-			return DeviceHint->second->SendRadiusCoAData(buffer, size);
+			return Connection->SendRadiusCoAData(buffer, size);
 		} catch (...) {
 			poco_debug(Logger(),
 					   fmt::format(": SendRadiusCoAData: Could not send data to device '{}'",
@@ -703,4 +795,4 @@ namespace OpenWifi {
 		return false;
 	}
 
-} // namespace OpenWifi
+} // namespace OpenWifi

src/AP_WS_Server.h

@@ -103,20 +103,23 @@ namespace OpenWifi {
 
 		inline void AddConnection(std::shared_ptr<AP_WS_Connection> Connection) {
 			std::uint64_t sessionHash = SessionHash::Hash(Connection->State_.sessionId);
-			std::lock_guard Lock(SessionMutex_[sessionHash]);
+			std::lock_guard SessionLock(SessionMutex_[sessionHash]);
 			if(Sessions_[sessionHash].find(Connection->State_.sessionId)==end(Sessions_[sessionHash])) {
 				Sessions_[sessionHash][Connection->State_.sessionId] = std::move(Connection);
 			}
 		}
 
 		[[nodiscard]] inline bool DeviceRequiresSecureRTTY(uint64_t serialNumber) const {
-			auto hashIndex = MACHash::Hash(serialNumber);
-			std::lock_guard	G(SerialNumbersMutex_[hashIndex]);
-
-			auto Connection = SerialNumbers_[hashIndex].find(serialNumber);
-			if (Connection==end(SerialNumbers_[hashIndex]) || Connection->second==nullptr)
-				return false;
-			return Connection->second->RTTYMustBeSecure_;
+			std::shared_ptr<AP_WS_Connection> Connection;
+			{
+				auto hashIndex = MACHash::Hash(serialNumber);
+				std::lock_guard DeviceLock(SerialNumbersMutex_[hashIndex]);
+				auto DeviceHint = SerialNumbers_[hashIndex].find(serialNumber);
+				if (DeviceHint == end(SerialNumbers_[hashIndex]) || DeviceHint->second == nullptr)
+					return false;
+				Connection = DeviceHint->second;
+			}
+			return Connection->RTTYMustBeSecure_;
 		}
 
 		inline bool GetStatistics(const std::string &SerialNumber, std::string &Statistics) const {
@@ -138,6 +141,7 @@ namespace OpenWifi {
 
 		bool Connected(uint64_t SerialNumber, GWObjects::DeviceRestrictions &Restrictions) const;
 		bool Connected(uint64_t SerialNumber) const;
+		bool Disconnect(uint64_t SerialNumber);
 		bool SendFrame(uint64_t SerialNumber, const std::string &Payload) const;
 		bool SendRadiusAuthenticationData(const std::string &SerialNumber,
 										  const unsigned char *buffer, std::size_t size);
@@ -219,6 +223,7 @@ namespace OpenWifi {
 		mutable std::array<std::mutex,MACHashMax>		SerialNumbersMutex_;
 
 		std::unique_ptr<Poco::Crypto::X509Certificate> IssuerCert_;
+		std::vector<Poco::Crypto::X509Certificate> ClientCasCerts_;
 		std::list<std::unique_ptr<Poco::Net::HTTPServer>> WebServers_;
 		Poco::ThreadPool DeviceConnectionPool_{"ws:dev-pool", 4, 256};
 		Poco::Net::SocketReactor Reactor_;

src/CapabilitiesCache.h

@@ -10,6 +10,7 @@
 #include <string>
 
 #include "framework/MicroServiceFuncs.h"
+#include "framework/ow_constants.h"
 
 #include "CentralConfig.h"
 #include "nlohmann/json.hpp"
@@ -34,7 +35,7 @@ namespace OpenWifi {
 			std::lock_guard G(Mutex_);
 			if (!PlatformsLoaded_)
 				LoadPlatforms();
-			auto P = Poco::toUpper(Caps.Platform());
+			auto P = Poco::toLower(Caps.Platform());
 			auto Hint = Platforms_.find(Caps.Compatible());
 			if (Hint == Platforms_.end()) {
 				Platforms_.insert(std::make_pair(Caps.Compatible(), P));
@@ -68,7 +69,7 @@ namespace OpenWifi {
 
 			auto Hint = Platforms_.find(DeviceType);
 			if (Hint == Platforms_.end())
-				return "AP";
+				return Platforms::AP;
 			return Hint->second;
 		}
 
@@ -110,7 +111,7 @@ namespace OpenWifi {
 				i >> cache;
 
 				for (const auto &[Type, Platform] : cache.items()) {
-					Platforms_[Type] = Platform;
+					Platforms_[Type] = Poco::toLower(Platform.get<std::string>());
 				}
 			} catch (...) {
 			}

src/CentralConfig.cpp

@@ -265,7 +265,11 @@ namespace OpenWifi::Config {
 				Model_ = Caps->get("model").toString();
 
 			if (Caps->has("platform"))
-				Platform_ = Caps->get("platform").toString();
+				Platform_ = Poco::toLower(Caps->get("platform").toString());
+
+			if(Compatible_.empty()) {
+				Compatible_ = Model_;
+			}
 
 			std::ostringstream OS;
 			Caps->stringify(OS);

src/Daemon.cpp

@@ -78,7 +78,7 @@ namespace OpenWifi {
 			if (Id == DeviceType)
 				return Type;
 		}
-		return "AP";
+		return Platforms::AP;
 	}
 
 	void DaemonPostInitialization(Poco::Util::Application &self) {

src/RESTAPI/RESTAPI_RPC.cpp

@@ -25,9 +25,23 @@ namespace OpenWifi::RESTAPI_RPC {
 		if (StorageService()->AddCommand(Cmd.SerialNumber, Cmd, Status)) {
 			Poco::JSON::Object RetObj;
 			Cmd.to_json(RetObj);
-			if (Handler != nullptr)
-				return Handler->ReturnObject(RetObj);
-			return;
+			if (Handler == nullptr) {
+				// nothing to process/return
+				return;
+			}
+			Poco::Net::HTTPResponse::HTTPStatus cmd_status = Poco::Net::HTTPResponse::HTTP_OK;
+            if (Cmd.ErrorCode > 0) {
+				// command returned error
+				cmd_status = Poco::Net::HTTPResponse::HTTP_BAD_REQUEST;
+				if (Cmd.Command == uCentralProtocol::CONFIGURE) {
+					// special handling for configure command
+					if (!Handler->GetBoolParameter("strict", false)) {
+						// in non-strict mode return success for failed configure command
+						cmd_status = Poco::Net::HTTPResponse::HTTP_OK;
+					}
+				}
+			}
+			return Handler->ReturnObject(RetObj, cmd_status);
 		}
 		if (Handler != nullptr)
 			return Handler->ReturnStatus(Poco::Net::HTTPResponse::HTTP_INTERNAL_SERVER_ERROR);
@@ -40,8 +54,8 @@ namespace OpenWifi::RESTAPI_RPC {
 						std::chrono::milliseconds WaitTimeInMs, Poco::JSON::Object *ObjectToReturn,
 						RESTAPIHandler *Handler, Poco::Logger &Logger, bool Deferred) {
 
-		Logger.information(fmt::format("{},{}: New {} command. User={} Serial={}. ", Cmd.UUID,
-									   RPCID, Cmd.Command, Cmd.SubmittedBy, Cmd.SerialNumber));
+		Logger.information(fmt::format("{},{}: New {} command. User={} Serial={} Details={}. ", Cmd.UUID,
+									   RPCID, Cmd.Command, Cmd.SubmittedBy, Cmd.SerialNumber, Cmd.Details));
 		Cmd.Submitted = Utils::Now();
 		Cmd.Executed = 0;
 
@@ -167,6 +181,20 @@ namespace OpenWifi::RESTAPI_RPC {
 				Cmd.AttachType = "";
 			}
 
+			// If the command fails on the device we should show it as failed and not return 200 OK
+			// exception is configure command which only reported failed in strict validation mode
+			if (Cmd.ErrorCode &&
+				(Cmd.Command != uCentralProtocol::CONFIGURE ||
+					(Cmd.Command == uCentralProtocol::CONFIGURE && Handler->GetBoolParameter("strict", false))
+				))
+			{
+				Logger.information(fmt::format(
+				"Command failed with error on device: {}  Reason: {}.",
+				Cmd.ErrorCode, Cmd.ErrorText));
+				return SetCommandStatus(Cmd, Request, Response, Handler,
+								Storage::CommandExecutionType::COMMAND_FAILED, Logger);
+			}
+
 			if (Cmd.ErrorCode == 0 && Cmd.Command == uCentralProtocol::CONFIGURE) {
 				//	we need to post a kafka event for this.
 				if (Params.has(uCentralProtocol::CONFIG) && Params.isObject(uCentralProtocol::CONFIG)) {
@@ -175,6 +203,7 @@ namespace OpenWifi::RESTAPI_RPC {
 					DeviceConfigurationChangeKafkaEvent KEvent(
 						Utils::SerialNumberToInt(Cmd.SerialNumber), Utils::Now(),
 						Config);
+						
 				}
 			}
 

src/RESTAPI/RESTAPI_default_configuration.cpp

@@ -56,23 +56,27 @@ namespace OpenWifi {
 			return BadRequest(RESTAPI::Errors::InvalidJSONDocument);
 		}
 
-		if (DefConfig.Models.empty()) {
+		if (DefConfig.models.empty()) {
 			return BadRequest(RESTAPI::Errors::ModelIDListCannotBeEmpty);
 		}
 
-		DefConfig.Platform = DefConfig.Platform.empty() ? "AP" : DefConfig.Platform;
-		if(DefConfig.Platform != "AP" && DefConfig.Platform != "SWITCH") {
+		DefConfig.platform = DefConfig.platform.empty() ? Platforms::AP : DefConfig.platform;
+		if(DefConfig.platform != Platforms::AP && DefConfig.platform != Platforms::SWITCH) {
+			return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+		}
+
+		if(DefConfig.configuration.empty()) {
 			return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
 		}
 
 		std::string Error;
-		if (!ValidateUCentralConfiguration(ConfigurationValidator::GetType(DefConfig.Platform),
-										   DefConfig.Configuration, Error,
+		if (!ValidateUCentralConfiguration(ConfigurationValidator::GetType(DefConfig.platform),
+										   DefConfig.configuration, Error,
 										   GetBoolParameter("strict", false))) {
 			return BadRequest(RESTAPI::Errors::ConfigBlockInvalid, Error);
 		}
 
-		DefConfig.Created = DefConfig.LastModified = Utils::Now();
+		DefConfig.created = DefConfig.lastModified = Utils::Now();
 		if (StorageService()->CreateDefaultConfiguration(Name, DefConfig)) {
 			return OK();
 		}
@@ -94,31 +98,31 @@ namespace OpenWifi {
 			return NotFound();
 		}
 
-		if(Existing.Platform.empty()) {
-			Existing.Platform = "AP";
+		if(Existing.platform.empty()) {
+			Existing.platform = Platforms::AP;
 		}
 
 		if(ParsedBody_->has("platform")) {
-			if(NewConfig.Platform.empty() || (NewConfig.Platform != "AP" && NewConfig.Platform != "SWITCH")) {
+			if(NewConfig.platform.empty() || (NewConfig.platform != Platforms::AP && NewConfig.platform != Platforms::SWITCH)) {
 				return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
 			}
-			Existing.Platform = NewConfig.Platform;
+			Existing.platform = NewConfig.platform;
 		}
 
-		if (!NewConfig.Configuration.empty()) {
+		if (!NewConfig.configuration.empty()) {
 			std::string Error;
-			if (!ValidateUCentralConfiguration(ConfigurationValidator::GetType(Existing.Platform),
-											   NewConfig.Configuration, Error,
+			if (!ValidateUCentralConfiguration(ConfigurationValidator::GetType(Existing.platform),
+											   NewConfig.configuration, Error,
 											   GetBoolParameter("strict", false))) {
 				return BadRequest(RESTAPI::Errors::ConfigBlockInvalid, Error);
 			}
-			Existing.Configuration = NewConfig.Configuration;
+			Existing.configuration = NewConfig.configuration;
 		}
 
-		Existing.LastModified = Utils::Now();
-		AssignIfPresent(Obj, "description", Existing.Description);
+		Existing.lastModified = Utils::Now();
+		AssignIfPresent(Obj, "description", Existing.description);
 		if (Obj->has("modelIds"))
-			Existing.Models = NewConfig.Models;
+			Existing.models = NewConfig.models;
 
 		if (StorageService()->UpdateDefaultConfiguration(Name, Existing)) {
 			GWObjects::DefaultConfiguration ModifiedConfig;

src/RESTAPI/RESTAPI_device_commandHandler.cpp

@@ -167,7 +167,11 @@ namespace OpenWifi {
 		{APCommands::Commands::certupdate, false, true, &RESTAPI_device_commandHandler::CertUpdate, 60000ms},
 		{APCommands::Commands::transfer, false, true, &RESTAPI_device_commandHandler::Transfer, 60000ms},
 		{APCommands::Commands::script, false, true, &RESTAPI_device_commandHandler::Script, 60000ms},
-		{APCommands::Commands::powercycle, false, true, &RESTAPI_device_commandHandler::PowerCycle, 60000ms}
+		{APCommands::Commands::powercycle, false, true, &RESTAPI_device_commandHandler::PowerCycle, 60000ms},
+		{APCommands::Commands::fixedconfig, false, true, &RESTAPI_device_commandHandler::FixedConfig, 120000ms},
+		{APCommands::Commands::cablediagnostics, false, true, &RESTAPI_device_commandHandler::CableDiagnostics, 120000ms},
+		{APCommands::Commands::reenroll, false, true, &RESTAPI_device_commandHandler::ReEnroll, 120000ms},
+
 	};
 
 	void RESTAPI_device_commandHandler::DoPost() {
@@ -691,9 +695,31 @@ namespace OpenWifi {
 				Params.stringify(ParamStream);
 				Cmd.Details = ParamStream.str();
 
+				// retrieve capabilities and encode/compress parameters, if required
+				Poco::JSON::Object ConfigParams = Params;
+				GWObjects::Capabilities Caps;
+				if (StorageService()->GetDeviceCapabilities(SerialNumber_, Caps)) {
+					Poco::JSON::Object CapsJson;
+					Caps.to_json(CapsJson);
+					auto DeviceCaps = CapsJson.getObject(uCentralProtocol::CAPABILITIES);
+					if (DeviceCaps->has("compress_cmd") && DeviceCaps->get("compress_cmd")) {
+						// compressed command capability present and it is set, compress parameters
+						Poco::JSON::Object CompressedParams;
+						std::string CompressedBase64Data;
+						std::uint64_t UncompressedDataLen = ParamStream.str().length();
+						if (Utils::CompressAndEncodeBase64(ParamStream.str(), CompressedBase64Data)) {
+							// set compressed, base 64 encoded data and length of uncompressed data
+							CompressedParams.set(uCentralProtocol::COMPRESS_64, CompressedBase64Data);
+							CompressedParams.set(uCentralProtocol::COMPRESS_SZ, UncompressedDataLen);
+							ConfigParams = CompressedParams;
+						}
+					}
+				}
+
+
 				// AP_WS_Server()->SetPendingUUID(SerialNumber_, NewUUID);
 				RESTAPI_RPC::WaitForCommand(CMD_RPC, APCommands::Commands::configure, true,
-												   Cmd, Params, *Request, *Response, timeout,
+												   Cmd, ConfigParams, *Request, *Response, timeout,
 												   nullptr, this, Logger_);
 
 				if(!Cmd.Executed) {
@@ -1548,4 +1574,123 @@ namespace OpenWifi {
 										   Logger_);
 	}
 
+	// `fixedconfig` command is used set country propery on AP
+	// This handler uses `fixedconfig` command definitions
+	void RESTAPI_device_commandHandler::FixedConfig(
+		const std::string &CMD_UUID, uint64_t CMD_RPC, std::chrono::milliseconds timeout,
+		[[maybe_unused]] const GWObjects::DeviceRestrictions &Restrictions) {
+		poco_debug(Logger_, fmt::format("FIXEDCONFIG({},{}): TID={} user={} serial={}", CMD_UUID, CMD_RPC,
+										TransactionId_, Requester(), SerialNumber_));
+		// do not allow `fixedconfig` command for simulated devices
+		if(IsDeviceSimulated(SerialNumber_)) {
+			CallCanceled("FIXEDCONFIG", CMD_UUID, CMD_RPC, RESTAPI::Errors::SimulatedDeviceNotSupported);
+			return BadRequest(RESTAPI::Errors::SimulatedDeviceNotSupported);
+		}
+
+		// setup and validate fixedconfig object
+		GWObjects::FixedConfig fixed_config;
+		if(!fixed_config.from_json(ParsedBody_)) {
+			return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+		}
+
+		// setup command message
+		GWObjects::CommandDetails Cmd;
+		Cmd.SerialNumber = SerialNumber_;
+		Cmd.SubmittedBy = Requester();
+		Cmd.UUID = CMD_UUID;
+		Cmd.Command = uCentralProtocol::FIXEDCONFIG;
+		std::ostringstream os;
+		ParsedBody_->stringify(os);
+		Cmd.Details = os.str();
+		Cmd.RunAt = 0;
+		Cmd.ErrorCode = 0;
+		Cmd.WaitingForFile = 0;
+
+		// send fixedconfig command to device and return status
+		return RESTAPI_RPC::WaitForCommand(CMD_RPC, APCommands::Commands::fixedconfig, false, Cmd,
+										   *ParsedBody_, *Request, *Response, timeout, nullptr, this,
+										   Logger_);
+	}
+
+	void RESTAPI_device_commandHandler::CableDiagnostics(
+		const std::string &CMD_UUID, uint64_t CMD_RPC,
+		[[maybe_unused]] std::chrono::milliseconds timeout,
+		[[maybe_unused]] const GWObjects::DeviceRestrictions &Restrictions) {
+
+		if(UserInfo_.userinfo.userRole != SecurityObjects::ROOT &&
+			UserInfo_.userinfo.userRole != SecurityObjects::ADMIN) {
+			CallCanceled("CABLEDIAGNOSTICS", CMD_UUID, CMD_RPC, RESTAPI::Errors::ACCESS_DENIED);
+			return UnAuthorized(RESTAPI::Errors::ACCESS_DENIED);
+		}
+
+		poco_debug(Logger_, fmt::format("CABLEDIAGNOSTICS({},{}): TID={} user={} serial={}", CMD_UUID,
+										CMD_RPC, TransactionId_, Requester(), SerialNumber_));
+
+		if(IsDeviceSimulated(SerialNumber_)) {
+			CallCanceled("CABLEDIAGNOSTICS", CMD_UUID, CMD_RPC, RESTAPI::Errors::SimulatedDeviceNotSupported);
+			return BadRequest(RESTAPI::Errors::SimulatedDeviceNotSupported);
+		}
+
+		GWObjects::CableDiagnostics	PR;
+		if(!PR.from_json(ParsedBody_)) {
+			return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+		}
+
+		GWObjects::CommandDetails Cmd;
+		Cmd.SerialNumber = SerialNumber_;
+		Cmd.SubmittedBy = Requester();
+		Cmd.UUID = CMD_UUID;
+		Cmd.Command = uCentralProtocol::CABLEDIAGNOSTICS;
+		std::ostringstream os;
+		ParsedBody_->stringify(os);
+		Cmd.Details = os.str();
+		Cmd.RunAt = PR.when;
+		Cmd.ErrorCode = 0;
+		Cmd.WaitingForFile = 0;
+
+		return RESTAPI_RPC::WaitForCommand(CMD_RPC, APCommands::Commands::cablediagnostics, false, Cmd,
+										   *ParsedBody_, *Request, *Response, timeout, nullptr, this,
+										   Logger_);
+	}
+
+	void RESTAPI_device_commandHandler::ReEnroll(
+		const std::string &CMD_UUID, uint64_t CMD_RPC,
+		[[maybe_unused]] std::chrono::milliseconds timeout,
+		[[maybe_unused]] const GWObjects::DeviceRestrictions &Restrictions) {
+
+		if(UserInfo_.userinfo.userRole != SecurityObjects::ROOT &&
+			UserInfo_.userinfo.userRole != SecurityObjects::ADMIN) {
+			CallCanceled("REENROLL", CMD_UUID, CMD_RPC, RESTAPI::Errors::ACCESS_DENIED);
+			return UnAuthorized(RESTAPI::Errors::ACCESS_DENIED);
+		}
+
+		poco_debug(Logger_, fmt::format("REENROLL({},{}): TID={} user={} serial={}", CMD_UUID,
+										CMD_RPC, TransactionId_, Requester(), SerialNumber_));
+
+		if(IsDeviceSimulated(SerialNumber_)) {
+			CallCanceled("REENROLL", CMD_UUID, CMD_RPC, RESTAPI::Errors::SimulatedDeviceNotSupported);
+			return BadRequest(RESTAPI::Errors::SimulatedDeviceNotSupported);
+		}
+
+		GWObjects::ReEnroll PR;
+		if(!PR.from_json(ParsedBody_)) {
+			return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
+		}
+
+		GWObjects::CommandDetails Cmd;
+		Cmd.SerialNumber = SerialNumber_;
+		Cmd.SubmittedBy = Requester();
+		Cmd.UUID = CMD_UUID;
+		Cmd.Command = uCentralProtocol::REENROLL;
+		std::ostringstream os;
+		ParsedBody_->stringify(os);
+		Cmd.Details = os.str();
+		Cmd.RunAt = PR.when;
+		Cmd.ErrorCode = 0;
+		Cmd.WaitingForFile = 0;
+
+		return RESTAPI_RPC::WaitForCommand(CMD_RPC, APCommands::Commands::reenroll, false, Cmd,
+										   *ParsedBody_, *Request, *Response, timeout, nullptr, this,
+										   Logger_);
+	}
 } // namespace OpenWifi

src/RESTAPI/RESTAPI_device_commandHandler.h

@@ -70,6 +70,12 @@ namespace OpenWifi {
 					const GWObjects::DeviceRestrictions &R);
 		void PowerCycle(const std::string &UUID, uint64_t RPC, std::chrono::milliseconds timeout,
 					  const GWObjects::DeviceRestrictions &R);
+		void FixedConfig(const std::string &UUID, uint64_t RPC, std::chrono::milliseconds timeout,
+					  const GWObjects::DeviceRestrictions &R);
+		void CableDiagnostics(const std::string &UUID, uint64_t RPC, std::chrono::milliseconds timeout,
+					  const GWObjects::DeviceRestrictions &R);
+		void ReEnroll(const std::string &UUID, uint64_t RPC, std::chrono::milliseconds timeout,
+					  const GWObjects::DeviceRestrictions &R);
 
 		static auto PathName() {
 			return std::list<std::string>{"/api/v1/device/{serialNumber}/{command}"};

src/RESTAPI/RESTAPI_device_handler.cpp

@@ -17,6 +17,8 @@
 
 #include "RESTAPI_device_helper.h"
 
+#include "AP_WS_Server.h"
+
 namespace OpenWifi {
 	void RESTAPI_device_handler::DoGet() {
 		std::string SerialNumber = GetBinding(RESTAPI::Protocol::SERIALNUMBER, "");
@@ -80,6 +82,9 @@ namespace OpenWifi {
 			return OK();
 
 		} else if (StorageService()->DeleteDevice(SerialNumber)) {
+			if(AP_WS_Server()->Connected(Utils::SerialNumberToInt(SerialNumber))) {
+				AP_WS_Server()->Disconnect(Utils::SerialNumberToInt(SerialNumber));
+			}
 			return OK();
 		}
 
@@ -102,7 +107,7 @@ namespace OpenWifi {
 			auto Config = Obj->get("configuration").toString();
 			Poco::JSON::Object Answer;
 			std::string Error;
-			auto DeviceType = GetParameter("deviceType", "AP");
+			auto DeviceType = Poco::toLower(GetParameter("deviceType", Platforms::AP));
 			auto Res =
 				ValidateUCentralConfiguration(ConfigurationValidator::GetType(DeviceType),Config, Error, GetBoolParameter("strict", false));
 			Answer.set("valid", Res);

src/RESTAPI/RESTAPI_devices_handler.cpp

@@ -86,8 +86,9 @@ namespace OpenWifi {
 		auto serialOnly = GetBoolParameter(RESTAPI::Protocol::SERIALONLY, false);
 		auto deviceWithStatus = GetBoolParameter(RESTAPI::Protocol::DEVICEWITHSTATUS, false);
 		auto completeInfo = GetBoolParameter("completeInfo", false);
+		auto includeProvisioned = GetBoolParameter("includeProvisioned", true);
 
-		if(!platform.empty() && (platform!="ap" && platform!="switch" && platform!="all")) {
+		if(!platform.empty() && (platform!=Platforms::AP && platform!=Platforms::SWITCH && platform!="all")) {
 			return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
 		}
 
@@ -131,7 +132,7 @@ namespace OpenWifi {
 			}
 		} else if (serialOnly) {
 			std::vector<std::string> SerialNumbers;
-			StorageService()->GetDeviceSerialNumbers(QB_.Offset, QB_.Limit, SerialNumbers, OrderBy, platform);
+			StorageService()->GetDeviceSerialNumbers(QB_.Offset, QB_.Limit, SerialNumbers, OrderBy, platform, includeProvisioned);
 			Poco::JSON::Array Objects;
 			for (const auto &i : SerialNumbers) {
 				Objects.add(i);
@@ -149,7 +150,7 @@ namespace OpenWifi {
 			RetObj.set("serialNumbers", Objects);
 		} else {
 			std::vector<GWObjects::Device> Devices;
-			StorageService()->GetDevices(QB_.Offset, QB_.Limit, Devices, OrderBy, platform);
+			StorageService()->GetDevices(QB_.Offset, QB_.Limit, Devices, OrderBy, platform, includeProvisioned);
 			Poco::JSON::Array Objects;
 			for (const auto &i : Devices) {
 				Poco::JSON::Object Obj;

src/RESTAPI/RESTAPI_file.cpp

@@ -22,9 +22,15 @@ namespace OpenWifi {
 
 		std::string FileType;
 		std::string FileContent;
-		if (!StorageService()->GetAttachedFileContent(UUID, SerialNumber, FileContent, FileType) || FileContent.empty()) {
+		int WaitingForFile = 0;
+		if (!StorageService()->GetAttachedFileContent(UUID, SerialNumber, FileContent, FileType, WaitingForFile) && !WaitingForFile) {
 			return NotFound();
 		}
+		else if (WaitingForFile) {
+			// waiting for file to be uploaded, return Accepted
+			return Accepted();
+		}
+
 		if (FileType == "pcap") {
 			SendFileContent(FileContent, "application/vnd.tcpdump.pcap", UUID + ".pcap");
 		}

src/RESTObjects/RESTAPI_AnalyticsObjects.h

@@ -7,6 +7,7 @@
 #include "RESTAPI_ProvObjects.h"
 #include "framework/utils.h"
 #include <vector>
+#include "framework/ow_constants.h"
 
 namespace OpenWifi {
 

src/RESTObjects/RESTAPI_GWobjects.cpp

@@ -30,7 +30,7 @@ namespace OpenWifi::GWObjects {
 	void Device::to_json(Poco::JSON::Object &Obj) const {
 		field_to_json(Obj, "serialNumber", SerialNumber);
 #ifdef TIP_GATEWAY_SERVICE
-		field_to_json(Obj, "deviceType", CapabilitiesCache::instance()->GetPlatform(Compatible));
+		field_to_json(Obj, "deviceType", StorageService()->GetPlatform(SerialNumber));
 		field_to_json(Obj, "blackListed", StorageService()->IsBlackListed(Utils::MACToInt(SerialNumber)));
 #endif
 		field_to_json(Obj, "macAddress", MACAddress);
@@ -232,24 +232,24 @@ namespace OpenWifi::GWObjects {
 	}
 
 	void DefaultConfiguration::to_json(Poco::JSON::Object &Obj) const {
-		EmbedDocument("configuration", Obj, Configuration);
-		field_to_json(Obj, "name", Name);
-		field_to_json(Obj, "modelIds", Models);
-		field_to_json(Obj, "description", Description);
-		field_to_json(Obj, "created", Created);
-		field_to_json(Obj, "lastModified", LastModified);
-		field_to_json(Obj, "Platform", Platform);
+		EmbedDocument("configuration", Obj, configuration);
+		field_to_json(Obj, "name", name);
+		field_to_json(Obj, "modelIds", models);
+		field_to_json(Obj, "description", description);
+		field_to_json(Obj, "created", created);
+		field_to_json(Obj, "lastModified", lastModified);
+		field_to_json(Obj, "platform", platform);
 	}
 
 	bool DefaultConfiguration::from_json(const Poco::JSON::Object::Ptr &Obj) {
 		try {
-			field_from_json(Obj, "configuration", Configuration);
-			field_from_json(Obj, "name", Name);
-			field_from_json(Obj, "modelIds", Models);
-			field_from_json(Obj, "description", Description);
-			field_from_json(Obj, "created", Created);
-			field_from_json(Obj, "lastModified", LastModified);
-			field_from_json(Obj, "Platform", Platform);
+			field_from_json(Obj, "configuration", configuration);
+			field_from_json(Obj, "name", name);
+			field_from_json(Obj, "modelIds", models);
+			field_from_json(Obj, "description", description);
+			field_from_json(Obj, "created", created);
+			field_from_json(Obj, "lastModified", lastModified);
+			field_from_json(Obj, "platform", platform);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}
@@ -297,6 +297,7 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "connectionCompletionTime", connectionCompletionTime);
 		field_to_json(Obj, "totalConnectionTime", Utils::Now() - started);
 		field_to_json(Obj, "certificateExpiryDate", certificateExpiryDate);
+		field_to_json(Obj, "certificateIssuerName", certificateIssuerName);
 		field_to_json(Obj, "connectReason", connectReason);
 		field_to_json(Obj, "uptime", uptime);
         field_to_json(Obj, "compatible", Compatible);
@@ -358,6 +359,7 @@ namespace OpenWifi::GWObjects {
             field_from_json(Obj, "connectionCompletionTime", connectionCompletionTime);
             field_from_json(Obj, "totalConnectionTime", totalConnectionTime);
             field_from_json(Obj, "certificateExpiryDate", certificateExpiryDate);
+			field_from_json(Obj, "certificateIssuerName", certificateIssuerName);
             field_from_json(Obj, "connectReason", connectReason);
             field_from_json(Obj, "uptime", uptime);
             field_from_json(Obj, "hasRADIUSSessions", hasRADIUSSessions );
@@ -799,4 +801,34 @@ namespace OpenWifi::GWObjects {
 		return false;
 	}
 
+	bool FixedConfig::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj, "serial", serialNumber);
+			field_from_json(Obj, "country", country);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
+	bool CableDiagnostics::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj, "serial", serialNumber);
+			field_from_json(Obj, "when", when);
+			field_from_json(Obj, "ports", ports);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
+
+	bool ReEnroll::from_json(const Poco::JSON::Object::Ptr &Obj) {
+		try {
+			field_from_json(Obj, "serial", serialNumber);
+			field_from_json(Obj, "when", when);
+			return true;
+		} catch (const Poco::Exception &E) {
+		}
+		return false;
+	}
 } // namespace OpenWifi::GWObjects

src/RESTObjects/RESTAPI_GWobjects.h

@@ -42,6 +42,7 @@ namespace OpenWifi::GWObjects {
 		uint64_t sessionId = 0;
 		double connectionCompletionTime = 0.0;
 		std::uint64_t certificateExpiryDate = 0;
+		std::string certificateIssuerName;
 		std::uint64_t hasRADIUSSessions = 0;
 		bool hasGPS = false;
 		std::uint64_t sanity=0;
@@ -180,13 +181,13 @@ namespace OpenWifi::GWObjects {
 	};
 
 	struct DefaultConfiguration {
-		std::string Name;
-		std::string Configuration;
-		Types::StringVec Models;
-		std::string Description;
-		uint64_t Created;
-		uint64_t LastModified;
-		std::string Platform;
+		std::string name;
+		std::string configuration;
+		Types::StringVec models;
+		std::string description;
+		uint64_t created;
+		uint64_t lastModified;
+		std::string platform;
 		void to_json(Poco::JSON::Object &Obj) const;
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
 	};
@@ -532,6 +533,25 @@ namespace OpenWifi::GWObjects {
 		std::uint64_t 	when;
 		std::vector<PowerCyclePort> ports;
 
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+	struct FixedConfig {
+		std::string 	serialNumber;
+		std::string 	country;
+
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+	struct CableDiagnostics {
+		std::string 	serialNumber;
+		std::uint64_t 	when;
+		std::vector<std::string> ports;
+
+		bool from_json(const Poco::JSON::Object::Ptr &Obj);
+	};
+	struct ReEnroll {
+		std::string 	serialNumber;
+		std::uint64_t 	when;
+
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
 	};
 } // namespace OpenWifi::GWObjects

src/RESTObjects/RESTAPI_ProvObjects.h

@@ -492,7 +492,7 @@ namespace OpenWifi::ProvObjects {
         bool doNotAllowOverrides = false;
         std::uint64_t imported=0;
         std::uint64_t connected=0;
-        std::string platform{"AP"};
+        std::string platform{Platforms::AP};
 
         void to_json(Poco::JSON::Object &Obj) const;
         bool from_json(const Poco::JSON::Object::Ptr &Obj);

src/StorageService.cpp

@@ -22,6 +22,8 @@ namespace OpenWifi {
 		ScriptDB_->Create();
 		ScriptDB_->Initialize();
 
+		FixDeviceTypeBug();
+
 		return 0;
 	}
 

src/StorageService.h

@@ -148,12 +148,14 @@ namespace OpenWifi {
 		bool GetDevice(const std::string &SerialNumber, GWObjects::Device &);
 		bool GetDevices(uint64_t From, uint64_t HowMany, std::vector<GWObjects::Device> &Devices,
 						const std::string &orderBy = "",
-						const std::string &platform = "");
+						const std::string &platform = "",
+						bool includeProvisioned = true);
 		//		bool GetDevices(uint64_t From, uint64_t HowMany, const std::string & Select,
 		// std::vector<GWObjects::Device> &Devices, const std::string & orderBy="");
 		bool DeleteDevice(std::string &SerialNumber);
 		bool DeleteDevices(std::string &SerialPattern, bool SimulatedOnly);
 		bool DeleteDevices(std::uint64_t OlderContact, bool SimulatedOnly);
+		std::string GetPlatform(const std::string &SerialNumber);
 
 		bool UpdateDevice(GWObjects::Device &);
 		bool UpdateDevice(LockedDbSession &Session, GWObjects::Device &);
@@ -164,7 +166,8 @@ namespace OpenWifi {
 		bool GetDeviceSerialNumbers(uint64_t From, uint64_t HowMany,
 									std::vector<std::string> &SerialNumbers,
 									const std::string &orderBy = "",
-									const std::string &platform = "");
+									const std::string &platform = "",
+									bool includeProvisioned = true);									
 		bool GetDeviceFWUpdatePolicy(std::string &SerialNumber, std::string &Policy);
 		bool SetDevicePassword(LockedDbSession &Session, std::string &SerialNumber, std::string &Password);
 		bool UpdateSerialNumberCache();
@@ -240,7 +243,7 @@ namespace OpenWifi {
 									 const std::string &Type);
 		bool CancelWaitFile(std::string &UUID, std::string &ErrorText);
 		bool GetAttachedFileContent(std::string &UUID, const std::string &SerialNumber,
-									std::string &FileContent, std::string &Type);
+									std::string &FileContent, std::string &Type, int& WaitingForFile);
 		bool RemoveAttachedFile(std::string &UUID);
 		bool SetCommandResult(std::string &UUID, std::string &Result);
 		bool GetNewestCommands(std::string &SerialNumber, uint64_t HowMany,
@@ -294,6 +297,8 @@ namespace OpenWifi {
 		bool AnalyzeCommands(Types::CountedMap &R);
 		bool AnalyzeDevices(GWObjects::Dashboard &D);
 
+		void FixDeviceTypeBug();
+
 		int Start() override;
 		void Stop() override;
 

src/framework/ConfigurationValidator.cpp

@@ -28,7 +28,6 @@ static const std::vector<std::string> GitJSONSchemaURLs = {
 };
 
 static std::string DefaultAPSchema = R"foo(
-
 {
     "$id": "https://openwrt.org/ucentral.schema.json",
     "$schema": "http://json-schema.org/draft-07/schema#",
@@ -354,14 +353,6 @@ static std::string DefaultAPSchema = R"foo(
                         10000
                     ]
                 },
-                "duplex": {
-                    "description": "The duplex mode that shall be forced.",
-                    "type": "string",
-                    "enum": [
-                        "half",
-                        "full"
-                    ]
-                },
                 "enabled": {
                     "description": "This allows forcing the port to down state by default.",
                     "type": "boolean",
@@ -385,18 +376,21 @@ static std::string DefaultAPSchema = R"foo(
             "properties": {
                 "port-mirror": {
                     "description": "Enable mirror of traffic from multiple minotor ports to a single analysis port.",
-                    "type": "object",
-                    "properties": {
-                        "monitor-ports": {
-                            "description": "The list of ports that we want to mirror.",
-                            "type": "array",
-                            "items": {
+                    "type": "array",
+                    "items": {
+                        "type": "object",
+                        "properties": {
+                            "monitor-ports": {
+                                "description": "The list of ports that we want to mirror.",
+                                "type": "array",
+                                "items": {
+                                    "type": "string"
+                                }
+                            },
+                            "analysis-port": {
+                                "description": "The port that mirror'ed packets should be sent to.",
                                 "type": "string"
                             }
-                        },
-                        "analysis-port": {
-                            "description": "The port that mirror'ed packets should be sent to.",
-                            "type": "string"
                         }
                     }
                 },
@@ -490,7 +484,59 @@ static std::string DefaultAPSchema = R"foo(
                 "bss-color": {
                     "description": "This enables BSS Coloring on the PHY. setting it to 0 disables the feature 1-63 sets the color and 64 will make hostapd pick a random color.",
                     "type": "integer",
-                    "default": 64
+                    "minimum": 0,
+                    "maximum": 64,
+                    "default": 0
+                }
+            }
+        },
+        "radio.he-6ghz": {
+            "type": "object",
+            "properties": {
+                "power-type": {
+                    "description": "This config is to set the 6 GHz Access Point type",
+                    "type": "string",
+                    "enum": [
+                        "indoor-power-indoor",
+                        "standard-power",
+                        "very-low-power"
+                    ],
+                    "default": "very-low-power"
+                },
+                "controller": {
+                    "description": "The URL of the AFC controller that the AP shall connect to.",
+                    "type": "string"
+                },
+                "ca-certificate": {
+                    "description": "The CA of the server. This enables mTLS.",
+                    "type": "string",
+                    "format": "uc-base64"
+                },
+                "serial-number": {
+                    "description": "The serial number that the AP shall send to the AFC controller.",
+                    "type": "string"
+                },
+                "certificate-ids": {
+                    "description": "The certificate IDs that the AP shall send to the AFC controller.",
+                    "type": "string"
+                },
+                "minimum-power": {
+                    "description": "The minimum power that the AP shall request from to the AFC controller.",
+                    "type": "number"
+                },
+                "frequency-ranges": {
+                    "description": "The list of frequency ranges that the AP shall request from to the AFC controller.",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "operating-classes": {
+                    "description": "The list of frequency ranges that the AP shall request from to the AFC controller.",
+                    "type": "array",
+                    "items": {
+                        "type": "number"
+                    }
                 }
             }
         },
@@ -635,6 +681,9 @@ static std::string DefaultAPSchema = R"foo(
                 "he-settings": {
                     "$ref": "#/$defs/radio.he"
                 },
+                "he-6ghz-settings": {
+                    "$ref": "#/$defs/radio.he-6ghz"
+                },
                 "hostapd-iface-raw": {
                     "description": "This array allows passing raw hostapd.conf lines.",
                     "type": "array",
@@ -784,8 +833,19 @@ static std::string DefaultAPSchema = R"foo(
                 },
                 "use-dns": {
                     "description": "The DNS server sent to clients as DHCP option 6.",
-                    "type": "string",
-                    "format": "uc-ip"
+                    "anyOf": [
+                        {
+                            "type": "string",
+                            "format": "ipv4"
+                        },
+                        {
+                            "type": "array",
+                            "items": {
+                                "type": "string",
+                                "format": "ipv4"
+                            }
+                        }
+                    ]
                 }
             }
         },
@@ -1313,8 +1373,7 @@ static std::string DefaultAPSchema = R"foo(
                 "domain-identifier": {
                     "description": "Mobility Domain identifier (dot11FTMobilityDomainID, MDID).",
                     "type": "string",
-                    "maxLength": 4,
-                    "minLength": 4,
+                    "format": "uc-mobility",
                     "examples": [
                         "abcd"
                     ]
@@ -2355,11 +2414,18 @@ static std::string DefaultAPSchema = R"foo(
                     "$ref": "#/$defs/interface.ssid.encryption"
                 },
                 "multi-psk": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/$defs/interface.ssid.multi-psk"
-                    }
-                },
+                    "anyOf": [
+                        {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/$defs/interface.ssid.multi-psk"
+                            }
+                        },
+                        {
+                            "type": "boolean"
+                        }
+                    ]
+		},
                 "rrm": {
                     "$ref": "#/$defs/interface.ssid.rrm"
                 },
@@ -3701,6 +3767,42 @@ static std::string DefaultAPSchema = R"foo(
                 }
             }
         },
+        "service.fingerprint": {
+            "description": "This section can be used to configure device fingerprinting.",
+            "type": "object",
+            "properties": {
+                "mode": {
+                    "description": "Enable this option if you would like to enable the MDNS server on the unit.",
+                    "type": "string",
+                    "enum": [
+                        "polled",
+                        "final",
+                        "raw-data"
+                    ],
+                    "default": "final"
+                },
+                "minimum-age": {
+                    "description": "The minimum age a fingerprint must have before it is reported.",
+                    "type": "number",
+                    "default": 60
+                },
+                "maximum-age": {
+                    "description": "The age at which fingerprints get flushed from the local state.",
+                    "type": "number",
+                    "default": 60
+                },
+                "periodicity": {
+                    "description": "This value defines the period at which entries get reported.",
+                    "type": "number",
+                    "default": 600
+                },
+                "allow-wan": {
+                    "description": "Allow fingerprinting devices found on the WAN port.",
+                    "type": "boolean",
+                    "default": false
+                }
+            }
+        },
         "service": {
             "description": "This section describes all of the services that may be present on the AP. Each service is then referenced via its name inside an interface, ssid, ...",
             "type": "object",
@@ -3770,6 +3872,9 @@ static std::string DefaultAPSchema = R"foo(
                 },
                 "rrm": {
                     "$ref": "#/$defs/service.rrm"
+                },
+                "fingerprint": {
+                    "$ref": "#/$defs/service.fingerprint"
                 }
             }
         },
@@ -3847,8 +3952,10 @@ static std::string DefaultAPSchema = R"foo(
                             "inactive-deauth",
                             "key-mismatch",
                             "beacon-report",
-                            "radar-detected"
-                        ]
+                            "radar-detected",
+                            "ft-finish",
+                            "sta-authorized"
+			 ]
                     }
                 }
             }
@@ -4550,16 +4657,22 @@ static std::string DefaultSWITCHSchema = R"foo(
             "type": "object",
             "properties": {
                 "port-mirror": {
-                    "type": "object",
-                    "properties": {
-                        "monitor-ports": {
-                            "type": "array",
-                            "items": {
+                    "description": "Enable mirror of traffic from multiple minotor ports to a single analysis port.",
+                    "type": "array",
+                    "items": {
+                        "type": "object",
+                        "properties": {
+                            "monitor-ports": {
+                                "description": "The list of ports that we want to mirror.",
+                                "type": "array",
+                                "items": {
+                                    "type": "string"
+                                }
+                            },
+                            "analysis-port": {
+                                "description": "The port that mirror'ed packets should be sent to.",
                                 "type": "string"
                             }
-                        },
-                        "analysis-port": {
-                            "type": "string"
                         }
                     }
                 },
@@ -6508,10 +6621,17 @@ static std::string DefaultSWITCHSchema = R"foo(
                     "$ref": "#/$defs/interface.ssid.encryption"
                 },
                 "multi-psk": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/$defs/interface.ssid.multi-psk"
-                    }
+                    "anyOf": [
+                        {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/$defs/interface.ssid.multi-psk"
+                            }
+                        },
+                        {
+                            "type": "boolean"
+                        }
+                    ]
                 },
                 "rrm": {
                     "$ref": "#/$defs/interface.ssid.rrm"
@@ -7802,7 +7922,9 @@ static std::string DefaultSWITCHSchema = R"foo(
                             "inactive-deauth",
                             "key-mismatch",
                             "beacon-report",
-                            "radar-detected"
+                            "radar-detected",
+                            "ft-finish",
+                            "sta-authorized"
                         ]
                     }
                 }

src/framework/ConfigurationValidator.h

@@ -5,7 +5,7 @@
 #pragma once
 
 #include "framework/SubSystemServer.h"
-
+#include "framework/ow_constants.h"
 #include <valijson/adapters/poco_json_adapter.hpp>
 #include <valijson/constraints/constraint.hpp>
 #include <valijson/constraints/constraint_visitor.hpp>
@@ -31,10 +31,10 @@ namespace OpenWifi {
 		void reinitialize(Poco::Util::Application &self) override;
 
 		inline static ConfigurationType GetType(const std::string &type) {
-			std::string Type = Poco::toUpper(type);
-			if (Type == "AP")
+                       std::string Type = Poco::toLower(type);
+			if (Type == Platforms::AP)
 				return ConfigurationType::AP;
-			if (Type == "SWITCH")
+			if (Type == Platforms::SWITCH)
 				return ConfigurationType::SWITCH;
 			return ConfigurationType::AP;
 		}

src/framework/KafkaManager.cpp

@@ -107,6 +107,19 @@ namespace OpenWifi {
 					NewMessage.partition(0);
 					NewMessage.payload(Msg->Payload());
 					Producer.produce(NewMessage);
+					if (Queue_.size() < 100) {
+						// use flush when internal queue is lightly loaded, i.e. flush after each
+						// message
+						Producer.flush();
+					}
+					else {
+						// use poll when internal queue is loaded to allow messages to be sent in
+						// batches
+						Producer.poll((std::chrono::milliseconds) 0);
+					}
+				}
+				if (Queue_.size() == 0) {
+					// message queue is empty, flush all previously sent messages
 					Producer.flush();
 				}
 			} catch (const cppkafka::HandleException &E) {
@@ -119,6 +132,7 @@ namespace OpenWifi {
 			}
 			Note = Queue_.waitDequeueNotification();
 		}
+		Producer.flush();
 		poco_information(Logger_, "Stopped...");
 	}
 
@@ -324,4 +338,4 @@ namespace OpenWifi {
 											   partitions.front().get_partition()));
 	}
 
-} // namespace OpenWifi
+} // namespace OpenWifi

src/framework/RESTAPI_Handler.h

@@ -431,6 +431,11 @@ namespace OpenWifi {
 			}
 		}
 
+		inline void Accepted() {
+			PrepareResponse(Poco::Net::HTTPResponse::HTTP_ACCEPTED);
+			Response->send();
+		}
+
 		inline void SendCompressedTarFile(const std::string &FileName, const std::string &Content) {
 			Response->setStatus(Poco::Net::HTTPResponse::HTTPStatus::HTTP_OK);
 			SetCommonHeaders();
@@ -552,8 +557,8 @@ namespace OpenWifi {
 
 		inline bool IsAuthorized(bool &Expired, bool &Contacted, bool SubOnly = false);
 
-		inline void ReturnObject(Poco::JSON::Object &Object) {
-			PrepareResponse();
+		inline void ReturnObject(Poco::JSON::Object &Object, Poco::Net::HTTPResponse::HTTPStatus Status = Poco::Net::HTTPResponse::HTTP_OK) {
+			PrepareResponse(Status);
 			if (Request != nullptr) {
 				//   can we compress ???
 				auto AcceptedEncoding = Request->find("Accept-Encoding");

src/framework/SubSystemServer.cpp

@@ -68,6 +68,16 @@ namespace OpenWifi {
 				Context->addCertificateAuthority(Issuing);
 			}
 
+			if (!client_cas_.empty()) {
+				// add certificates specified in clientcas
+				std::vector<Poco::Crypto::X509Certificate> Certs =
+					Poco::Net::X509Certificate::readPEM(client_cas_);
+				for (const auto &cert : Certs) {
+					Context->addChainCertificate(cert);
+					Context->addCertificateAuthority(cert);
+				}
+			}
+
 			Poco::Crypto::RSAKey Key("", key_file_, key_file_password_);
 			Context->usePrivateKey(Key);
 

src/framework/SubSystemServer.h

@@ -45,6 +45,7 @@ namespace OpenWifi {
 		[[nodiscard]] inline auto KeyFile() const { return key_file_; };
 		[[nodiscard]] inline auto CertFile() const { return cert_file_; };
 		[[nodiscard]] inline auto RootCA() const { return root_ca_; };
+		[[nodiscard]] inline auto ClientCas() const { return client_cas_; };
 		[[nodiscard]] inline auto KeyFilePassword() const { return key_file_password_; };
 		[[nodiscard]] inline auto IssuerCertFile() const { return issuer_cert_file_; };
 		[[nodiscard]] inline auto Name() const { return name_; };

src/framework/default_device_types.h

@@ -7,57 +7,59 @@
 #include <vector>
 #include <string>
 
+#include "ow_constants.h"
+
 namespace OpenWifi {
 	inline  const std::vector<std::pair<std::string, std::string>> DefaultDeviceTypeList{
-		{"actiontec_web7200", "AP"},
-		{"cig_wf186w", "AP"},
-		{"cig_wf188n", "AP"},
-		{"cig_wf194c4", "AP"},
-		{"cig_wf196", "AP"},
-		{"cig_wf196-ca", "AP"},
-		{"cig_wf196-ca-ath12", "AP"},
-		{"cig_wf196-us", "AP"},
-		{"cig_wf610d", "AP"},
-		{"cig_wf660a", "AP"},
-		{"cig_wf808", "AP"},
-		{"cybertan_eww622-a1", "AP"},
-		{"edgecore_eap101", "AP"},
-		{"edgecore_eap101-ath12", "AP"},
-		{"edgecore_eap102", "AP"},
-		{"edgecore_eap104", "AP"},
-		{"edgecore_eap104-ath12", "AP"},
-		{"edgecore_ecs4100-12ph", "AP"},
-		{"edgecore_ecw5211", "AP"},
-		{"edgecore_ecw5410", "AP"},
-		{"edgecore_oap100", "AP"},
-		{"edgecore_spw2ac1200", "SWITCH"},
-		{"edgecore_spw2ac1200-lan-poe", "SWITCH"},
-		{"edgecore_ssw2ac2600", "SWITCH"},
-		{"hfcl_ion4", "AP"},
-		{"hfcl_ion4x", "AP"},
-		{"hfcl_ion4x_2", "AP"},
-		{"hfcl_ion4xe", "AP"},
-		{"hfcl_ion4xi", "AP"},
-		{"indio_um-305ac", "AP"},
-		{"indio_um-305ax", "AP"},
-		{"indio_um-310ax-v1", "AP"},
-		{"indio_um-325ac", "AP"},
-		{"indio_um-510ac-v3", "AP"},
-		{"indio_um-510axm-v1", "AP"},
-		{"indio_um-510axp-v1", "AP"},
-		{"indio_um-550ac", "AP"},
-		{"linksys_e8450-ubi", "AP"},
-		{"linksys_ea6350-v4", "AP"},
-		{"linksys_ea8300", "AP"},
-		{"liteon_wpx8324", "AP"},
-		{"meshpp_s618_cp01", "AP"},
-		{"meshpp_s618_cp03", "AP"},
-		{"udaya_a5-id2", "AP"},
-		{"wallys_dr40x9", "AP"},
-		{"wallys_dr6018", "AP"},
-		{"wallys_dr6018_v4", "AP"},
-		{"x64_vm", "AP"},
-		{"yuncore_ax840", "AP"},
-		{"yuncore_fap640", "AP"},
-		{"yuncore_fap650", "AP"}};
+		{"actiontec_web7200", Platforms::AP},
+		{"cig_wf186w", Platforms::AP},
+		{"cig_wf188n", Platforms::AP},
+		{"cig_wf194c4", Platforms::AP},
+		{"cig_wf196", Platforms::AP},
+		{"cig_wf196-ca", Platforms::AP},
+		{"cig_wf196-ca-ath12", Platforms::AP},
+		{"cig_wf196-us", Platforms::AP},
+		{"cig_wf610d", Platforms::AP},
+		{"cig_wf660a", Platforms::AP},
+		{"cig_wf808", Platforms::AP},
+		{"cybertan_eww622-a1", Platforms::AP},
+		{"edgecore_eap101", Platforms::AP},
+		{"edgecore_eap101-ath12", Platforms::AP},
+		{"edgecore_eap102", Platforms::AP},
+		{"edgecore_eap104", Platforms::AP},
+		{"edgecore_eap104-ath12", Platforms::AP},
+		{"edgecore_ecs4100-12ph", Platforms::AP},
+		{"edgecore_ecw5211", Platforms::AP},
+		{"edgecore_ecw5410", Platforms::AP},
+		{"edgecore_oap100", Platforms::AP},
+		{"edgecore_spw2ac1200", Platforms::SWITCH},
+		{"edgecore_spw2ac1200-lan-poe", Platforms::SWITCH},
+		{"edgecore_ssw2ac2600", Platforms::SWITCH},
+		{"hfcl_ion4", Platforms::AP},
+		{"hfcl_ion4x", Platforms::AP},
+		{"hfcl_ion4x_2", Platforms::AP},
+		{"hfcl_ion4xe", Platforms::AP},
+		{"hfcl_ion4xi", Platforms::AP},
+		{"indio_um-305ac", Platforms::AP},
+		{"indio_um-305ax", Platforms::AP},
+		{"indio_um-310ax-v1", Platforms::AP},
+		{"indio_um-325ac", Platforms::AP},
+		{"indio_um-510ac-v3", Platforms::AP},
+		{"indio_um-510axm-v1", Platforms::AP},
+		{"indio_um-510axp-v1", Platforms::AP},
+		{"indio_um-550ac", Platforms::AP},
+		{"linksys_e8450-ubi", Platforms::AP},
+		{"linksys_ea6350-v4", Platforms::AP},
+		{"linksys_ea8300", Platforms::AP},
+		{"liteon_wpx8324", Platforms::AP},
+		{"meshpp_s618_cp01", Platforms::AP},
+		{"meshpp_s618_cp03", Platforms::AP},
+		{"udaya_a5-id2", Platforms::AP},
+		{"wallys_dr40x9", Platforms::AP},
+		{"wallys_dr6018", Platforms::AP},
+		{"wallys_dr6018_v4", Platforms::AP},
+		{"x64_vm", Platforms::AP},
+		{"yuncore_ax840", Platforms::AP},
+		{"yuncore_fap640", Platforms::AP},
+		{"yuncore_fap650", Platforms::AP}};
 }

src/framework/ow_constants.h

@@ -580,6 +580,10 @@ namespace OpenWifi::RESTAPI::Protocol {
 	static const char *INTERVAL = "interval";
 	static const char *UI = "UI";
 	static const char *BANDWIDTH = "bandwidth";
+
+	static const char *FIXEDCONFIG = "fixedconfig";
+	static const char *CABLEDIAGNOSTICS = "cable-diagnostics";
+	static const char *REENROLL = "reenroll";
 } // namespace OpenWifi::RESTAPI::Protocol
 
 namespace OpenWifi::uCentralProtocol {
@@ -608,6 +612,7 @@ namespace OpenWifi::uCentralProtocol {
 	static const char *CFGPENDING = "cfgpending";
 	static const char *RECOVERY = "recovery";
 	static const char *COMPRESS_64 = "compress_64";
+	static const char *COMPRESS_SZ = "compress_sz";
 	static const char *CAPABILITIES = "capabilities";
 	static const char *REQUEST_UUID = "request_uuid";
 	static const char *SANITY = "sanity";
@@ -692,6 +697,11 @@ namespace OpenWifi::uCentralProtocol {
 	static const char *RRM = "rrm";
 	static const char *ACTIONS = "actions";
 
+	static const char *FIXEDCONFIG = "fixedconfig";
+	static const char *CABLEDIAGNOSTICS = "cable-diagnostics";
+	static const char *REENROLL = "reenroll";
+
+
 } // namespace OpenWifi::uCentralProtocol
 
 namespace OpenWifi::uCentralProtocol::Events {
@@ -788,6 +798,9 @@ namespace OpenWifi::APCommands {
 		certupdate,
 		transfer,
 		powercycle,
+		fixedconfig,
+		cablediagnostics,
+		reenroll,
 		unknown
 	};
 
@@ -802,7 +815,9 @@ namespace OpenWifi::APCommands {
 		RESTAPI::Protocol::EVENTQUEUE,	 RESTAPI::Protocol::TELEMETRY,
 		RESTAPI::Protocol::PING,		 RESTAPI::Protocol::SCRIPT,
 		RESTAPI::Protocol::RRM,		 	 RESTAPI::Protocol::CERTUPDATE,
-		RESTAPI::Protocol::TRANSFER,	 RESTAPI::Protocol::POWERCYCLE
+		RESTAPI::Protocol::TRANSFER,	 RESTAPI::Protocol::POWERCYCLE,
+		RESTAPI::Protocol::FIXEDCONFIG,  RESTAPI::Protocol::CABLEDIAGNOSTICS,
+		RESTAPI::Protocol::REENROLL
 	};
 
 	inline const char *to_string(Commands Cmd) { return uCentralAPCommands[(uint8_t)Cmd]; }
@@ -831,6 +846,11 @@ namespace OpenWifi::Provisioning::DeviceClass {
 
 } // namespace OpenWifi::Provisioning::DeviceClass
 
+namespace OpenWifi::Platforms {
+	static const std::string AP = "ap";
+	static const std::string SWITCH = "switch";
+}
+
 #if defined(__GNUC__)
 #pragma GCC diagnostic pop
 #endif

src/framework/utils.cpp

@@ -590,6 +590,26 @@ namespace OpenWifi::Utils {
 		return false;
 	}
 
+	//
+	// Compress given data using utility function and encode it in base64 format.
+	//
+	bool CompressAndEncodeBase64(const std::string& UnCompressedData, std::string& CompressedBase64Data) {
+
+		unsigned long CompressedDataSize = UnCompressedData.size();
+		std::vector<Bytef> CompressedData(CompressedDataSize);
+		auto status = compress(&CompressedData[0], &CompressedDataSize,
+								(Bytef*) UnCompressedData.c_str(), UnCompressedData.size());
+		if (status == Z_OK) {
+			CompressedBase64Data = OpenWifi::Utils::base64encode(&CompressedData[0], CompressedDataSize);
+		}
+		else {
+			// failed to compress data
+			return false;
+		}
+
+		return true;
+	}
+
 	bool IsAlphaNumeric(const std::string &s) {
 		return std::all_of(s.begin(), s.end(), [](char c) -> bool { return isalnum(c); });
 	}

src/framework/utils.h

@@ -151,6 +151,8 @@ namespace OpenWifi::Utils {
 	bool ExtractBase64CompressedData(const std::string &CompressedData,
 									 std::string &UnCompressedData, uint64_t compress_sz);
 
+	bool CompressAndEncodeBase64(const std::string& UnCompressedData, std::string& CompressedData);
+
 	inline bool match(const char* first, const char* second)
 	{
 		// If we reach at the end of both strings, we are done

src/rttys/RTTYS_server.cpp

@@ -14,6 +14,7 @@
 #include "nlohmann/json.hpp"
 
 #include "Poco/NObserver.h"
+#include <Poco/Net/Context.h>
 #include "Poco/Net/SocketNotification.h"
 #include "Poco/Net/NetException.h"
 #include "Poco/Net/WebSocketImpl.h"
@@ -71,6 +72,7 @@ namespace OpenWifi {
 				const auto &RootCas =
 					MicroServiceConfigPath("ucentral.websocket.host.0.rootca", "");
 				const auto &Cas = MicroServiceConfigPath("ucentral.websocket.host.0.cas", "");
+				const auto &ClientCasFile = MicroServiceConfigPath("ucentral.websocket.host.0.clientcas", "");
 
 				Poco::Net::Context::Params P;
 
@@ -86,6 +88,7 @@ namespace OpenWifi {
 				Poco::Crypto::X509Certificate Cert(CertFileName);
 				Poco::Crypto::X509Certificate Root(RootCaFileName);
 				Poco::Crypto::X509Certificate Issuing(IssuerFileName);
+                std::vector<Poco::Crypto::X509Certificate> ClientCasCerts;
 				Poco::Crypto::RSAKey Key("", KeyFileName, KeyPassword);
 
 				DeviceSecureContext->useCertificate(Cert);
@@ -93,7 +96,11 @@ namespace OpenWifi {
 				DeviceSecureContext->addCertificateAuthority(Root);
 				DeviceSecureContext->addChainCertificate(Issuing);
 				DeviceSecureContext->addCertificateAuthority(Issuing);
-				DeviceSecureContext->addCertificateAuthority(Root);
+                ClientCasCerts = Poco::Net::X509Certificate::readPEM(ClientCasFile);
+                for (const auto &cert : ClientCasCerts) {
+                    DeviceSecureContext->addChainCertificate(cert);
+                    DeviceSecureContext->addCertificateAuthority(cert);
+                }
 				DeviceSecureContext->enableSessionCache(true);
 				DeviceSecureContext->setSessionCacheSize(0);
 				DeviceSecureContext->setSessionTimeout(120);
@@ -1117,4 +1124,4 @@ namespace OpenWifi {
 	RTTYS_EndPoint::~RTTYS_EndPoint() {
 	}
 
-} // namespace OpenWifi
+} // namespace OpenWifi

src/storage/storage_command.cpp

@@ -644,21 +644,7 @@ namespace OpenWifi {
 			uint64_t Size = FileContent.str().size();
 
 			Poco::Data::Session Sess = Pool_->get();
-			Sess.begin();
-			Poco::Data::Statement Statement(Sess);
 
-			std::string StatementStr;
-
-			//	Get the existing command
-
-			StatementStr =
-				"UPDATE CommandList SET WaitingForFile=?, AttachDate=?, AttachSize=? WHERE UUID=?";
-
-			Statement << ConvertParams(StatementStr), Poco::Data::Keywords::use(WaitForFile),
-				Poco::Data::Keywords::use(Now), Poco::Data::Keywords::use(Size),
-				Poco::Data::Keywords::use(UUID);
-			Statement.execute();
-			Sess.commit();
 			if (Size < FileUploader()->MaxSize()) {
 
 				Poco::Data::BLOB TheBlob;
@@ -680,7 +666,20 @@ namespace OpenWifi {
 			} else {
 				poco_warning(Logger(), fmt::format("File {} is too large.", UUID));
 			}
+
+			// update CommandList here to ensure that file us uploaded
+                        Sess.begin();
+                        Poco::Data::Statement Statement(Sess);
+			std::string StatementStr;
+			StatementStr =
+				"UPDATE CommandList SET WaitingForFile=?, AttachDate=?, AttachSize=? WHERE UUID=?";
+
+			Statement << ConvertParams(StatementStr), Poco::Data::Keywords::use(WaitForFile),
+				Poco::Data::Keywords::use(Now), Poco::Data::Keywords::use(Size),
+				Poco::Data::Keywords::use(UUID);
+			Statement.execute();
 			Sess.commit();
+
 			return true;
 		} catch (const Poco::Exception &E) {
 			Logger().log(E);
@@ -689,7 +688,7 @@ namespace OpenWifi {
 	}
 
 	bool Storage::GetAttachedFileContent(std::string &UUID, const std::string &SerialNumber,
-										 std::string &FileContent, std::string &Type) {
+										 std::string &FileContent, std::string &Type, int &WaitingForFile) {
 		try {
 			Poco::Data::BLOB L;
 			/*
@@ -702,10 +701,10 @@ namespace OpenWifi {
 			Poco::Data::Statement Select1(Sess);
 
 			std::string TmpSerialNumber;
-			std::string st1{"SELECT SerialNumber, Command FROM CommandList WHERE UUID=?"};
+			std::string st1{"SELECT SerialNumber, Command , WaitingForFile FROM CommandList WHERE UUID=?"};
 			std::string Command;
 			Select1 << ConvertParams(st1), Poco::Data::Keywords::into(TmpSerialNumber),
-				Poco::Data::Keywords::into(Command), Poco::Data::Keywords::use(UUID);
+				Poco::Data::Keywords::into(Command), Poco::Data::Keywords::into(WaitingForFile), Poco::Data::Keywords::use(UUID);
 			Select1.execute();
 
 			if (TmpSerialNumber != SerialNumber) {
@@ -825,4 +824,4 @@ namespace OpenWifi {
 		return false;
 	}
 
-} // namespace OpenWifi
+} // namespace OpenWifi

src/storage/storage_defconfig.cpp

@@ -35,23 +35,23 @@ namespace OpenWifi {
 	typedef std::vector<DefConfigRecordTuple> DefConfigRecordList;
 
 	void Convert(const DefConfigRecordTuple &R, GWObjects::DefaultConfiguration &T) {
-		T.Name = R.get<0>();
-		T.Configuration = R.get<1>();
-		T.Models = RESTAPI_utils::to_object_array(R.get<2>());
-		T.Description = R.get<3>();
-		T.Created = R.get<4>();
-		T.LastModified = R.get<5>();
-		T.Platform = R.get<6>();
+		T.name = R.get<0>();
+		T.configuration = R.get<1>();
+		T.models = RESTAPI_utils::to_object_array(R.get<2>());
+		T.description = R.get<3>();
+		T.created = R.get<4>();
+		T.lastModified = R.get<5>();
+		T.platform = R.get<6>();
 	}
 
 	void Convert(const GWObjects::DefaultConfiguration &R, DefConfigRecordTuple &T) {
-		T.set<0>(R.Name);
-		T.set<1>(R.Configuration);
-		T.set<2>(RESTAPI_utils::to_string(R.Models));
-		T.set<3>(R.Description);
-		T.set<4>(R.Created);
-		T.set<5>(R.LastModified);
-		T.set<6>(R.Platform);
+		T.set<0>(R.name);
+		T.set<1>(R.configuration);
+		T.set<2>(RESTAPI_utils::to_string(R.models));
+		T.set<3>(R.description);
+		T.set<4>(R.created);
+		T.set<5>(R.lastModified);
+		T.set<6>(R.platform);
 	}
 
 	bool Storage::CreateDefaultConfiguration(std::string &Name,
@@ -71,7 +71,7 @@ namespace OpenWifi {
 			if (!TmpName.empty())
 				return false;
 
-			Config::Config Cfg(DefConfig.Configuration);
+			Config::Config Cfg(DefConfig.configuration);
 
 			if (Cfg.Valid()) {
 				Sess.begin();
@@ -126,7 +126,7 @@ namespace OpenWifi {
 			Poco::Data::Session Sess = Pool_->get();
 			Sess.begin();
 			Poco::Data::Statement Update(Sess);
-			DefConfig.LastModified = Now;
+			DefConfig.lastModified = Now;
 
 			std::string St{"UPDATE DefaultConfigs SET Name=?, Configuration=?,  Models=?,  "
 						   "Description=?,  Created=? , LastModified=? , Platform=?  WHERE Name=?"};
@@ -221,31 +221,30 @@ namespace OpenWifi {
 		return false;
 	}
 
-	bool Storage::FindDefaultConfigurationForModel(const std::string &Model, const std::string &Platform,
-												   GWObjects::DefaultConfiguration &DefConfig) {
+	bool Storage::FindDefaultConfigurationForModel(const std::string &DeviceModel, const std::string &Platform,
+												   GWObjects::DefaultConfiguration &Config) {
 		try {
-			DefConfigRecordList Records;
+			DefConfigRecordList DefConfigs;
 
 			Poco::Data::Session Sess = Pool_->get();
 			Poco::Data::Statement Select(Sess);
 
 			Select << "SELECT " + DB_DefConfig_SelectFields + " FROM DefaultConfigs",
-				Poco::Data::Keywords::into(Records);
+				Poco::Data::Keywords::into(DefConfigs);
 			Select.execute();
 
-			for (const auto &i : Records) {
-				GWObjects::DefaultConfiguration Config;
-				Convert(i, Config);
-				for (const auto &j : Config.Models) {
-					if ((j == "*" || j == Model) && (Poco::toUpper(Config.Platform) == Poco::toUpper(Platform))){
-						DefConfig = Config;
+			for (const auto &DefConfig : DefConfigs) {
+				GWObjects::DefaultConfiguration C;
+				Convert(DefConfig, C);
+				for (const auto &Model : C.models) {
+					if ((Model == "*" || Model == DeviceModel) && (Config.platform == Platform)){
+						Config = C;
 						return true;
 					}
 				}
 			}
 			Logger().information(
-				fmt::format("AUTO-PROVISIONING: no default configuration for model:{}", Model));
-			return false;
+				fmt::format("AUTO-PROVISIONING: no default configuration for model:{}", DeviceModel));
 		} catch (const Poco::Exception &E) {
 			poco_warning(Logger(), fmt::format("{}: Failed with: {}", std::string(__func__),
 											   E.displayText()));

src/storage/storage_device.cpp

@@ -195,17 +195,32 @@ namespace OpenWifi {
 	bool Storage::GetDeviceSerialNumbers(uint64_t From, uint64_t HowMany,
 										 std::vector<std::string> &SerialNumbers,
 										 const std::string &orderBy,
-										 const std::string &platform) {
+										 const std::string &platform, bool includeProvisioned) {
 		try {
 			Poco::Data::Session Sess = Pool_->get();
 			Poco::Data::Statement Select(Sess);
 
 			std::string st;
+			std::string whereClause = "";
 			if(!platform.empty()) {
-				st = "SELECT SerialNumber From Devices WHERE DeviceType='" + platform + "' ";
+				if (includeProvisioned == false) {
+
+					whereClause = fmt::format("WHERE entity='' and venue='' and DeviceType='" + platform + "'");
+				} else {
+					whereClause = fmt::format("WHERE DeviceType='" + platform + "'");
+				}
+			
+
+				//st = "SELECT SerialNumber From Devices WHERE DeviceType='" + platform + "' ";
 			} else {
-				st = "SELECT SerialNumber From Devices ";
+				if (includeProvisioned == false) {
+					whereClause = fmt::format("WHERE entity='' and venue=''");
+				}
+				//st = "SELECT SerialNumber From Devices ";
 			}
+			
+			st = fmt::format("SELECT SerialNumber From Devices {}", whereClause);
+
 			if (orderBy.empty())
 				st += " ORDER BY SerialNumber ASC ";
 			else
@@ -579,20 +594,30 @@ namespace OpenWifi {
 
 		if (!Found && AP_WS_Server()->UseDefaults() &&
 			FindDefaultConfigurationForModel(Caps.Compatible(), Caps.Platform(), DefConfig)) {
-			Config::Config NewConfig(DefConfig.Configuration);
-			NewConfig.SetUUID(Now);
-			D.Configuration = NewConfig.get();
-		} else if (!Found && Caps.Platform()=="AP") {
-			Config::Config NewConfig;
+			Config::Config NewConfig(DefConfig.configuration);
 			NewConfig.SetUUID(Now);
 			D.Configuration = NewConfig.get();
+		} else if (!Found) {
+			if(Caps.Platform()==Platforms::AP) {
+				Config::Config NewConfig;
+				NewConfig.SetUUID(Now);
+				D.Configuration = NewConfig.get();
+			} else {
+				Poco::JSON::Object Obj;
+				Obj.set("uuid", Now);
+				std::ostringstream os;
+				Obj.stringify(os);
+				D.Configuration = os.str();
+			}
 		}
 
 		//	We need to insert the country code according to the IP in the radios section...
 		D.locale = InsertRadiosCountyRegulation(D.Configuration, IPAddress);
 		D.SerialNumber = Poco::toLower(SerialNumber);
 		D.Compatible = Caps.Compatible();
-		D.DeviceType = Caps.Platform();
+		if(D.Compatible.empty())
+			D.Compatible = Caps.Model();
+		D.DeviceType = Poco::toLower(Caps.Platform());
 		D.MACAddress = Utils::SerialToMAC(SerialNumber);
 		D.Manufacturer = Caps.Model();
 		D.Firmware = Firmware;
@@ -641,6 +666,22 @@ namespace OpenWifi {
 		return false;
 	}
 
+	std::string Storage::GetPlatform(const std::string &SerialNumber) {
+		try {
+			Poco::Data::Session Sess = Pool_->get();
+			Poco::Data::Statement Select(Sess);
+
+			std::string St = fmt::format("SELECT DeviceType FROM Devices WHERE SerialNumber='{}'", SerialNumber);
+			std::string Platform;
+			Select << ConvertParams(St), Poco::Data::Keywords::into(Platform);
+			Select.execute();
+			return Platform;
+		} catch (const Poco::Exception &E) {
+			Logger().log(E);
+		}
+		return "";
+	}
+
 	bool Storage::DeleteDevice(std::string &SerialNumber) {
 		try {
 			std::vector<std::string> TableNames{"Devices",		"Statistics",	"CommandList",
@@ -835,25 +876,38 @@ namespace OpenWifi {
 	}
 
 	bool Storage::GetDevices(uint64_t From, uint64_t HowMany,
-							 std::vector<GWObjects::Device> &Devices, const std::string &orderBy, const std::string &platform) {
+							 std::vector<GWObjects::Device> &Devices, const std::string &orderBy, const std::string &platform,
+							 bool includeProvisioned) {
 		DeviceRecordList Records;
 		try {
 			Poco::Data::Session Sess = Pool_->get();
 			Poco::Data::Statement Select(Sess);
 
 			std::string st;
+			std::string whereClause = "";
 			if(platform.empty()) {
-				st =
-					fmt::format("SELECT {} FROM Devices {} {}", DB_DeviceSelectFields,
-								orderBy.empty() ? " ORDER BY SerialNumber ASC " : orderBy,
-								ComputeRange(From, HowMany));
+
+				if (includeProvisioned == false) {
+					whereClause = fmt::format("WHERE entity='' and venue=''");
+				}
+
 			} else {
-				st =
-					fmt::format("SELECT {} FROM Devices WHERE DeviceType='{}' {} {}", DB_DeviceSelectFields, platform,
-								orderBy.empty() ? " ORDER BY SerialNumber ASC " : orderBy,
-								ComputeRange(From, HowMany));
+
+				if (includeProvisioned == false) {
+					whereClause = fmt::format("WHERE DeviceType='{}' and entity='' and venue=''",platform);
+				} else {
+					whereClause = fmt::format("WHERE DeviceType='{}'", platform);				
+				}
+		
 			}
 
+			st =
+				fmt::format("SELECT {} FROM Devices {} {} {}", DB_DeviceSelectFields, whereClause,
+							orderBy.empty() ? " ORDER BY SerialNumber ASC " : orderBy,
+							ComputeRange(From, HowMany));
+
+			//Logger().information(fmt::format(" GetDevices st is {} ", st));
+			
 			Select << ConvertParams(st), Poco::Data::Keywords::into(Records);
 			Select.execute();
 
@@ -1107,4 +1161,25 @@ namespace OpenWifi {
 			FieldList.push_back(field);
 	}
 
+	void Storage::FixDeviceTypeBug() {
+		try {
+			std::vector<std::string> ScriptLines{
+				"update devices set devicetype='ap' where devicetype='AP';",
+				"update devices set devicetype='switch' where devicetype='SWITCH';",
+				"update devices set devicetype='ap' where devicetype!='ap' and devicetype!='switch';"
+			};
+
+			for (const auto &ScriptLine : ScriptLines) {
+				try {
+					Poco::Data::Session Sess = Pool_->get();
+					Poco::Data::Statement SqlStatement(Sess);
+					SqlStatement << ScriptLine, Poco::Data::Keywords::now;
+				} catch (...) {
+				}
+			}
+		} catch (const Poco::Exception &E) {
+			Logger().log(E);
+		}
+	}
+
 } // namespace OpenWifi