Chg: update image tag in helm values to v4.0.0

Chg: update image tag in helm values to v4.0.0-RC1
Merge pull request #405 from Telecominfraproject/version_update
2025-11-01 19:28:01 +00:00 · 2025-05-02 15:40:31 +00:00 · 2025-04-24 21:02:45 +00:00 · 2025-04-24 16:56:09 -04:00 · 2025-04-24 16:36:14 -04:00 · 2025-04-24 16:18:31 -04:00
8 changed files with 34 additions and 11 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,7 +21,7 @@ defaults:

 jobs:
  docker:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    env:
      DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
      DOCKER_REGISTRY_USERNAME: ucentral
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,7 +11,7 @@ defaults:

 jobs:
  helm-package:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    env:
      HELM_REPO_URL: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
      HELM_REPO_USERNAME: ucentral
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.13)
-project(owgw VERSION 3.2.1)
+project(owgw VERSION 4.0.0)

 set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED True)
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -9,7 +9,7 @@ fullnameOverride: ""
 images:
  owgw:
    repository: tip-tip-wlan-cloud-ucentral.jfrog.io/owgw
-    tag: master
+    tag: v4.0.0
    pullPolicy: Always
 #    regcred:
 #      registry: tip-tip-wlan-cloud-ucentral.jfrog.io
--- a/src/AP_WS_Server.cpp
+++ b/src/AP_WS_Server.cpp
@@ -71,14 +71,18 @@ namespace OpenWifi {
 	bool AP_WS_Server::ValidateCertificate(const std::string &ConnectionId,
 										   const Poco::Crypto::X509Certificate &Certificate) {
 		if (IsCertOk()) {
-			if (!Certificate.issuedBy(*IssuerCert_)) {
-				poco_warning(
-					Logger(),
-					fmt::format("CERTIFICATE({}): issuer mismatch. Local='{}' Incoming='{}'",
-								ConnectionId, IssuerCert_->issuerName(), Certificate.issuerName()));
-				return false;
+			// validate certificate agains trusted chain
+			for (const auto &cert : ClientCasCerts_) {
+				if (Certificate.issuedBy(cert)) {
+					return true;
+				}
 			}
-			return true;
+			poco_warning(
+					Logger(),
+					fmt::format(
+						"CERTIFICATE({}): issuer mismatch. Certificate not issued by any trusted CA",
+						ConnectionId)
+					);
 		}
 		return false;
 	}
@@ -133,6 +137,13 @@ namespace OpenWifi {
 			Context->addChainCertificate(Issuing);
 			Context->addCertificateAuthority(Issuing);

+			// add certificates from clientcas to trust chain
+			ClientCasCerts_ = Poco::Net::X509Certificate::readPEM(Svr.ClientCas());
+			for (const auto &cert : ClientCasCerts_) {
+				Context->addChainCertificate(cert);
+				Context->addCertificateAuthority(cert);
+			}
+
 			Poco::Crypto::RSAKey Key("", Svr.KeyFile(), Svr.KeyFilePassword());
 			Context->usePrivateKey(Key);

--- a/src/AP_WS_Server.h
+++ b/src/AP_WS_Server.h
@@ -223,6 +223,7 @@ namespace OpenWifi {
 		mutable std::array<std::mutex,MACHashMax>		SerialNumbersMutex_;

 		std::unique_ptr<Poco::Crypto::X509Certificate> IssuerCert_;
+		std::vector<Poco::Crypto::X509Certificate> ClientCasCerts_;
 		std::list<std::unique_ptr<Poco::Net::HTTPServer>> WebServers_;
 		Poco::ThreadPool DeviceConnectionPool_{"ws:dev-pool", 4, 256};
 		Poco::Net::SocketReactor Reactor_;
--- a/src/framework/SubSystemServer.cpp
+++ b/src/framework/SubSystemServer.cpp
@@ -68,6 +68,16 @@ namespace OpenWifi {
 				Context->addCertificateAuthority(Issuing);
 			}

+			if (!client_cas_.empty()) {
+				// add certificates specified in clientcas
+				std::vector<Poco::Crypto::X509Certificate> Certs =
+					Poco::Net::X509Certificate::readPEM(client_cas_);
+				for (const auto &cert : Certs) {
+					Context->addChainCertificate(cert);
+					Context->addCertificateAuthority(cert);
+				}
+			}
+
 			Poco::Crypto::RSAKey Key("", key_file_, key_file_password_);
 			Context->usePrivateKey(Key);

--- a/src/framework/SubSystemServer.h
+++ b/src/framework/SubSystemServer.h
@@ -45,6 +45,7 @@ namespace OpenWifi {
 		[[nodiscard]] inline auto KeyFile() const { return key_file_; };
 		[[nodiscard]] inline auto CertFile() const { return cert_file_; };
 		[[nodiscard]] inline auto RootCA() const { return root_ca_; };
+		[[nodiscard]] inline auto ClientCas() const { return client_cas_; };
 		[[nodiscard]] inline auto KeyFilePassword() const { return key_file_password_; };
 		[[nodiscard]] inline auto IssuerCertFile() const { return issuer_cert_file_; };
 		[[nodiscard]] inline auto Name() const { return name_; };
Author	SHA1	Message	Date
TIP Automation User	91fe27e973	Chg: update image tag in helm values to v4.0.0	2025-05-02 15:40:31 +00:00
TIP Automation User	f8d714d04b	Chg: update image tag in helm values to v4.0.0-RC1	2025-04-24 21:02:45 +00:00
i-chvets	a5d1eebe6d	Merge pull request #405 from Telecominfraproject/version_update WIFI-14521: fix: Version update - release 4.0.0	2025-04-24 16:56:09 -04:00
Ivan Chvets	ee14f064c8	Merge branch 'master' of github.com:Telecominfraproject/wlan-cloud-ucentralgw into version_update	2025-04-24 16:36:14 -04:00
i-chvets	dbf52c1f23	Merge pull request #406 from Telecominfraproject/WIFI-14521-ci-changes WIFI-14521 Update to ubuntu-latest for GH runner	2025-04-24 16:18:31 -04:00
Carsten Schafer	9dc6a6bf97	Update to ubuntu-latest for GH runner Signed-off-by: Carsten Schafer <Carsten.Schafer@kinarasystems.com>	2025-04-24 15:30:49 -04:00
Ivan Chvets	1c0556f8bf	fix: Version update - release 4.0.0 Signed-off-by: Ivan Chvets <ivan.chvets@kinarasystems.com>	2025-04-24 14:09:12 -04:00
i-chvets	d298139525	Merge pull request #403 from Telecominfraproject/wifi-14521_feat_use_clientcas_for_validation WIFI-14521: feat: Added processing of clientcas	2025-04-09 11:50:04 -04:00
Ivan Chvets	a37c961f5b	feat: Added processing of clientcas https://telecominfraproject.atlassian.net/browse/WIFI-14521 Summary of changes: - Updated code to add certificates from clientcas to trust chain and validate client certificates against it. Signed-off-by: Ivan Chvets <ivan.chvets@kinarasystems.com>	2025-04-09 10:30:52 -04:00