Chg: update image tag in helm values to v4.0.0

CMakeLists.txt

@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.13)
-project(owgw VERSION 4.1.0)
+project(owgw VERSION 4.0.0)
 
 set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED True)

PROTOCOL.md

@@ -880,32 +880,6 @@ The device should answer:
 }
 ```
 
-#### Controller wants the device to perform re-enrollment
-Controller sends this command to trigger re-enrollment, i.e. update of operational certificate. Extreme care must be taken.
-```json
-{    "jsonrpc" : "2.0" , 
-     "method" : "reenroll" , 
-     "params" : {
-        "serial" : <serial number>,
-        "when" : Optional - <UTC time when to apply this config, 0 mean immediate, this is a suggestion>
-     },
-     "id" : <some number>
-}
-```
-
-The device should answer:
-```json
-{     "jsonrpc" : "2.0" , 
-      "result" : {
-          "serial" : <serial number> ,
-          "status" : {
-            "error" : <0 or the value of $? from the shell running the command, 255 signifies a timeout>,
-            "txt" : <text describing the error or success>
-      },
-  "id" : <same number as request>
-}
-```
-
 #### Controller wants the device to switch to another controller
 Controller sends this when the device should change the controller it connects to without looking up a new redirector.
 

helm/values.yaml

@@ -9,7 +9,7 @@ fullnameOverride: ""
 images:
   owgw:
     repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owgw
-    tag: master
+    tag: v4.0.0
     pullPolicy: Always
 #    regcred:
 #      registry: tip-tip-wlan-cloud-ucentral.jfrog.io

openapi/owgw.yaml

@@ -1576,15 +1576,6 @@ components:
           format: base64
           description: This is a base64 encoded string of the certificate bundle (the current bundle .tar.gz file from the PKI portal)
 
-    ReenrollRequest:
-      type: object
-      properties:
-        serialNumber:
-          type: string
-        when:
-          type: integer
-          format: int64
-
     PowerCycleRequest:
       type: object
       properties:
@@ -3065,32 +3056,6 @@ paths:
         404:
           $ref: '#/components/responses/NotFound'
 
-  /device/{serialNumber}/reenroll:
-    post:
-      tags:
-        - Commands
-      summary: Reenroll operational certificate for the device.
-      operationId: reenrollCertificate
-      parameters:
-        - in: path
-          name: serialNumber
-          schema:
-            type: string
-          required: true
-      requestBody:
-        description: Reenroll operational certificate for the device
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ReenrollRequest'
-      responses:
-        200:
-          $ref: '#/components/responses/Success'
-        403:
-          $ref: '#/components/responses/Unauthorized'
-        404:
-          $ref: '#/components/responses/NotFound'
-
   /device/{serialNumber}/powercycle:
     post:
       tags:

src/AP_WS_Connection.cpp

@@ -213,7 +213,6 @@ namespace OpenWifi {
 			}
 
 			State_.certificateExpiryDate = PeerCert.expiresOn().timestamp().epochTime();
-			State_.certificateIssuerName = PeerCert.issuerName();
 
 			poco_trace(Logger_,
 					   fmt::format("TLS-CONNECTION({}): Session={} CN={} Completed. (t={})", CId_,

src/RESTAPI/RESTAPI_device_commandHandler.cpp

@@ -170,7 +170,6 @@ namespace OpenWifi {
 		{APCommands::Commands::powercycle, false, true, &RESTAPI_device_commandHandler::PowerCycle, 60000ms},
 		{APCommands::Commands::fixedconfig, false, true, &RESTAPI_device_commandHandler::FixedConfig, 120000ms},
 		{APCommands::Commands::cablediagnostics, false, true, &RESTAPI_device_commandHandler::CableDiagnostics, 120000ms},
-		{APCommands::Commands::reenroll, false, true, &RESTAPI_device_commandHandler::ReEnroll, 120000ms},
 
 	};
 
@@ -1652,45 +1651,4 @@ namespace OpenWifi {
 										   *ParsedBody_, *Request, *Response, timeout, nullptr, this,
 										   Logger_);
 	}
-
-	void RESTAPI_device_commandHandler::ReEnroll(
-		const std::string &CMD_UUID, uint64_t CMD_RPC,
-		[[maybe_unused]] std::chrono::milliseconds timeout,
-		[[maybe_unused]] const GWObjects::DeviceRestrictions &Restrictions) {
-
-		if(UserInfo_.userinfo.userRole != SecurityObjects::ROOT &&
-			UserInfo_.userinfo.userRole != SecurityObjects::ADMIN) {
-			CallCanceled("REENROLL", CMD_UUID, CMD_RPC, RESTAPI::Errors::ACCESS_DENIED);
-			return UnAuthorized(RESTAPI::Errors::ACCESS_DENIED);
-		}
-
-		poco_debug(Logger_, fmt::format("REENROLL({},{}): TID={} user={} serial={}", CMD_UUID,
-										CMD_RPC, TransactionId_, Requester(), SerialNumber_));
-
-		if(IsDeviceSimulated(SerialNumber_)) {
-			CallCanceled("REENROLL", CMD_UUID, CMD_RPC, RESTAPI::Errors::SimulatedDeviceNotSupported);
-			return BadRequest(RESTAPI::Errors::SimulatedDeviceNotSupported);
-		}
-
-		GWObjects::ReEnroll PR;
-		if(!PR.from_json(ParsedBody_)) {
-			return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
-		}
-
-		GWObjects::CommandDetails Cmd;
-		Cmd.SerialNumber = SerialNumber_;
-		Cmd.SubmittedBy = Requester();
-		Cmd.UUID = CMD_UUID;
-		Cmd.Command = uCentralProtocol::REENROLL;
-		std::ostringstream os;
-		ParsedBody_->stringify(os);
-		Cmd.Details = os.str();
-		Cmd.RunAt = PR.when;
-		Cmd.ErrorCode = 0;
-		Cmd.WaitingForFile = 0;
-
-		return RESTAPI_RPC::WaitForCommand(CMD_RPC, APCommands::Commands::reenroll, false, Cmd,
-										   *ParsedBody_, *Request, *Response, timeout, nullptr, this,
-										   Logger_);
-	}
 } // namespace OpenWifi

src/RESTAPI/RESTAPI_device_commandHandler.h

@@ -74,8 +74,6 @@ namespace OpenWifi {
 					  const GWObjects::DeviceRestrictions &R);
 		void CableDiagnostics(const std::string &UUID, uint64_t RPC, std::chrono::milliseconds timeout,
 					  const GWObjects::DeviceRestrictions &R);
-		void ReEnroll(const std::string &UUID, uint64_t RPC, std::chrono::milliseconds timeout,
-					  const GWObjects::DeviceRestrictions &R);
 
 		static auto PathName() {
 			return std::list<std::string>{"/api/v1/device/{serialNumber}/{command}"};

src/RESTObjects/RESTAPI_GWobjects.cpp

@@ -297,7 +297,6 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "connectionCompletionTime", connectionCompletionTime);
 		field_to_json(Obj, "totalConnectionTime", Utils::Now() - started);
 		field_to_json(Obj, "certificateExpiryDate", certificateExpiryDate);
-		field_to_json(Obj, "certificateIssuerName", certificateIssuerName);
 		field_to_json(Obj, "connectReason", connectReason);
 		field_to_json(Obj, "uptime", uptime);
         field_to_json(Obj, "compatible", Compatible);
@@ -359,7 +358,6 @@ namespace OpenWifi::GWObjects {
             field_from_json(Obj, "connectionCompletionTime", connectionCompletionTime);
             field_from_json(Obj, "totalConnectionTime", totalConnectionTime);
             field_from_json(Obj, "certificateExpiryDate", certificateExpiryDate);
-			field_from_json(Obj, "certificateIssuerName", certificateIssuerName);
             field_from_json(Obj, "connectReason", connectReason);
             field_from_json(Obj, "uptime", uptime);
             field_from_json(Obj, "hasRADIUSSessions", hasRADIUSSessions );
@@ -821,14 +819,4 @@ namespace OpenWifi::GWObjects {
 		}
 		return false;
 	}
-
-	bool ReEnroll::from_json(const Poco::JSON::Object::Ptr &Obj) {
-		try {
-			field_from_json(Obj, "serial", serialNumber);
-			field_from_json(Obj, "when", when);
-			return true;
-		} catch (const Poco::Exception &E) {
-		}
-		return false;
-	}
 } // namespace OpenWifi::GWObjects

src/RESTObjects/RESTAPI_GWobjects.h

@@ -42,7 +42,6 @@ namespace OpenWifi::GWObjects {
 		uint64_t sessionId = 0;
 		double connectionCompletionTime = 0.0;
 		std::uint64_t certificateExpiryDate = 0;
-		std::string certificateIssuerName;
 		std::uint64_t hasRADIUSSessions = 0;
 		bool hasGPS = false;
 		std::uint64_t sanity=0;
@@ -546,12 +545,6 @@ namespace OpenWifi::GWObjects {
 		std::uint64_t 	when;
 		std::vector<std::string> ports;
 
-		bool from_json(const Poco::JSON::Object::Ptr &Obj);
-	};
-	struct ReEnroll {
-		std::string 	serialNumber;
-		std::uint64_t 	when;
-
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);
 	};
 } // namespace OpenWifi::GWObjects

src/framework/ConfigurationValidator.cpp

@@ -3952,9 +3952,7 @@ static std::string DefaultAPSchema = R"foo(
                             "inactive-deauth",
                             "key-mismatch",
                             "beacon-report",
-                            "radar-detected",
+                            "radar-detected"
-                            "ft-finish",
-                            "sta-authorized"
                         ]
                     }
                 }
@@ -7922,9 +7920,7 @@ static std::string DefaultSWITCHSchema = R"foo(
                             "inactive-deauth",
                             "key-mismatch",
                             "beacon-report",
-                            "radar-detected",
+                            "radar-detected"
-                            "ft-finish",
-                            "sta-authorized"
                         ]
                     }
                 }

src/framework/ow_constants.h

@@ -583,7 +583,6 @@ namespace OpenWifi::RESTAPI::Protocol {
 
 	static const char *FIXEDCONFIG = "fixedconfig";
 	static const char *CABLEDIAGNOSTICS = "cable-diagnostics";
-	static const char *REENROLL = "reenroll";
 } // namespace OpenWifi::RESTAPI::Protocol
 
 namespace OpenWifi::uCentralProtocol {
@@ -699,8 +698,6 @@ namespace OpenWifi::uCentralProtocol {
 
 	static const char *FIXEDCONFIG = "fixedconfig";
 	static const char *CABLEDIAGNOSTICS = "cable-diagnostics";
-	static const char *REENROLL = "reenroll";
-
 
 } // namespace OpenWifi::uCentralProtocol
 
@@ -800,7 +797,6 @@ namespace OpenWifi::APCommands {
 		powercycle,
 		fixedconfig,
 		cablediagnostics,
-		reenroll,
 		unknown
 	};
 
@@ -816,8 +812,7 @@ namespace OpenWifi::APCommands {
 		RESTAPI::Protocol::PING,		 RESTAPI::Protocol::SCRIPT,
 		RESTAPI::Protocol::RRM,		 	 RESTAPI::Protocol::CERTUPDATE,
 		RESTAPI::Protocol::TRANSFER,	 RESTAPI::Protocol::POWERCYCLE,
-		RESTAPI::Protocol::FIXEDCONFIG,  RESTAPI::Protocol::CABLEDIAGNOSTICS,
+		RESTAPI::Protocol::FIXEDCONFIG,  RESTAPI::Protocol::CABLEDIAGNOSTICS
-		RESTAPI::Protocol::REENROLL
 	};
 
 	inline const char *to_string(Commands Cmd) { return uCentralAPCommands[(uint8_t)Cmd]; }

src/rttys/RTTYS_server.cpp

@@ -14,7 +14,6 @@
 #include "nlohmann/json.hpp"
 
 #include "Poco/NObserver.h"
-#include <Poco/Net/Context.h>
 #include "Poco/Net/SocketNotification.h"
 #include "Poco/Net/NetException.h"
 #include "Poco/Net/WebSocketImpl.h"
@@ -72,7 +71,6 @@ namespace OpenWifi {
 				const auto &RootCas =
 					MicroServiceConfigPath("ucentral.websocket.host.0.rootca", "");
 				const auto &Cas = MicroServiceConfigPath("ucentral.websocket.host.0.cas", "");
-				const auto &ClientCasFile = MicroServiceConfigPath("ucentral.websocket.host.0.clientcas", "");
 
 				Poco::Net::Context::Params P;
 
@@ -88,7 +86,6 @@ namespace OpenWifi {
 				Poco::Crypto::X509Certificate Cert(CertFileName);
 				Poco::Crypto::X509Certificate Root(RootCaFileName);
 				Poco::Crypto::X509Certificate Issuing(IssuerFileName);
-                std::vector<Poco::Crypto::X509Certificate> ClientCasCerts;
 				Poco::Crypto::RSAKey Key("", KeyFileName, KeyPassword);
 
 				DeviceSecureContext->useCertificate(Cert);
@@ -96,11 +93,7 @@ namespace OpenWifi {
 				DeviceSecureContext->addCertificateAuthority(Root);
 				DeviceSecureContext->addChainCertificate(Issuing);
 				DeviceSecureContext->addCertificateAuthority(Issuing);
-                ClientCasCerts = Poco::Net::X509Certificate::readPEM(ClientCasFile);
+				DeviceSecureContext->addCertificateAuthority(Root);
-                for (const auto &cert : ClientCasCerts) {
-                    DeviceSecureContext->addChainCertificate(cert);
-                    DeviceSecureContext->addCertificateAuthority(cert);
-                }
 				DeviceSecureContext->enableSessionCache(true);
 				DeviceSecureContext->setSessionCacheSize(0);
 				DeviceSecureContext->setSessionTimeout(120);