https://telecominfraproject.atlassian.net/browse/WIFI-7831

Signed-off-by: stephb9959 <[email protected]>
Telecominfraproject · Sep 12, 2023 · 5390d1f · 5390d1f
1 parent bf20fc2
commit 5390d1f
Show file tree

Hide file tree

Showing 9 changed files with 85 additions and 47 deletions.
diff --git a/openapi/openroaming_globalreach.yaml b/openapi/openroaming_globalreach.yaml
@@ -55,6 +55,10 @@ components:
           type: string
         CSR:
           type: string
+        CSRPrivateKey:
+          type: string
+        CSRPublicKey:
+          type: string
         GlobalReachAcctId:
           type: string
 

diff --git a/src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.cpp b/src/RESTAPI/RESTAPI_openroaming_gr_acct_handler.cpp
@@ -67,7 +67,16 @@ namespace OpenWifi {
             return BadRequest(RESTAPI::Errors::MissingOrInvalidParameters);
         }
 
-        NewObject.CSR = Utils::CreateX509CSR(NewObject.country,NewObject.province, NewObject.city, NewObject.organization, NewObject.commonName);
+        Utils::CSRCreationParameters    P;
+        P.Country = NewObject.country;
+        P.CommonName = NewObject.commonName;
+        P.Province = NewObject.province;
+        P.City = NewObject.city;
+        P.Organization = NewObject.organization;
+        Utils::CSRCreationResults       R;
+        if(!Utils::CreateX509CSR(P,R)) {
+            return BadRequest(RESTAPI::Errors::CannotCreateCSR);
+        }
 
         ProvObjects::CreateObjectInfo(RawObject,UserInfo_.userinfo,NewObject.info);
 
@@ -101,27 +110,6 @@ namespace OpenWifi {
             return BadRequest(OpenWifi::RESTAPI::Errors::InvalidJSONDocument);
         }
 
-        if(RawObject->has("privateKey")) {
-            if(!Modify.privateKey.empty() && !Utils::VerifyECKey(Modify.privateKey)) {
-                return BadRequest(RESTAPI::Errors::NotAValidECKey);
-            }
-            Existing.privateKey = Modify.privateKey;
-        }
-
-        std::string GlobalReachName;
-        if(!OpenRoaming_GlobalReach()->VerifyAccount(Existing.GlobalReachAcctId,Existing.privateKey,GlobalReachName)) {
-            return BadRequest(RESTAPI::Errors::InvalidGlobalReachAccount);
-        }
-
-        auto Modified = AssignIfPresent(RawObject,"country",Existing.country)   ||
-                        AssignIfPresent(RawObject,"commonName",Existing.commonName) ||
-                        AssignIfPresent(RawObject,"city",Existing.city) ||
-                        AssignIfPresent(RawObject,"province",Existing.province) ||
-                        AssignIfPresent(RawObject,"organization",Existing.organization);
-        if(Modified) {
-            Existing.CSR = Utils::CreateX509CSR(Existing.country,Existing.province, Existing.city, Existing.organization, Existing.commonName);
-        }
-
         if(DB_.UpdateRecord("id",Existing.info.id,Existing)) {
             ProvObjects::GLBLRAccountInfo StoredObject;
             DB_.GetRecord("id",Existing.info.id,StoredObject);

diff --git a/src/RESTObjects/RESTAPI_ProvObjects.cpp b/src/RESTObjects/RESTAPI_ProvObjects.cpp
@@ -1203,6 +1203,8 @@ namespace OpenWifi::ProvObjects {
         field_to_json(Obj, "organization", organization);
         field_to_json(Obj, "commonName", commonName);
         field_to_json(Obj, "CSR", CSR);
+        field_to_json(Obj, "CSRPrivateKey", CSRPrivateKey);
+        field_to_json(Obj, "CSRPublicKey", CSRPublicKey);
         field_to_json(Obj, "GlobalReachAcctId", GlobalReachAcctId);
     }
 
@@ -1216,6 +1218,8 @@ namespace OpenWifi::ProvObjects {
             field_from_json(Obj, "organization", organization);
             field_from_json(Obj, "commonName", commonName);
             field_from_json(Obj, "CSR", CSR);
+            field_from_json(Obj, "CSRPrivateKey", CSRPrivateKey);
+            field_from_json(Obj, "CSRPublicKey", CSRPublicKey);
             field_from_json(Obj, "GlobalReachAcctId", GlobalReachAcctId);
             return true;
         } catch (const Poco::Exception &E) {

diff --git a/src/RESTObjects/RESTAPI_ProvObjects.h b/src/RESTObjects/RESTAPI_ProvObjects.h
@@ -751,7 +751,7 @@ namespace OpenWifi::ProvObjects {
         ObjectInfo      info;
         std::string     privateKey;
         std::string     country, province, city, organization, commonName;
-        std::string     CSR;
+        std::string     CSR, CSRPrivateKey, CSRPublicKey;
         std::string     GlobalReachAcctId;
 
         void to_json(Poco::JSON::Object &Obj) const;

diff --git a/src/framework/ow_constants.h b/src/framework/ow_constants.h
@@ -409,6 +409,7 @@ namespace OpenWifi::RESTAPI::Errors {
     static const struct msg DefFirmwareNameExists { 1172, "Firmware name already exists." };
     static const struct msg NotAValidECKey { 1173, "Provided key supplied is not valid." };
     static const struct msg InvalidGlobalReachAccount { 1174, "Invalid Global Reach account information (id or key)." };
+    static const struct msg CannotCreateCSR { 1175, "Could not create CSR" };
 
     static const struct msg SimulationDoesNotExist {
         7000, "Simulation Instance ID does not exist."

diff --git a/src/framework/utils.cpp b/src/framework/utils.cpp
@@ -609,8 +609,14 @@ namespace OpenWifi::Utils {
 		return DT.timestamp().epochTime();
 	}
 
-    std::string  CreateX509CSR(const std::string &Country, const std::string &Province, const std::string &City,
-                        const std::string &Organization, const std::string &CommonName, int bits ) {
+    static std::string FileToString(const std::string &Filename) {
+        std::ifstream   ifs(Filename.c_str(),std::ios_base::in|std::ios_base::binary);
+        std::ostringstream os;
+        Poco::StreamCopier::copyStream(ifs,os);
+        return os.str();
+    }
+
+    bool CreateX509CSR(const CSRCreationParameters & Parameters, CSRCreationResults & Results) {
         int             ret = 0;
         RSA             *r = nullptr;
         BIGNUM          *bne = nullptr;
@@ -622,33 +628,47 @@ namespace OpenWifi::Utils {
         X509_NAME       *x509_name = nullptr;
         EVP_PKEY        *pKey = nullptr;
 //        RSA             *tem = nullptr;
-        BIO             *out = nullptr;
 //        BIO             *bio_err = nullptr;
 
-        const char      *szCountry = Country.c_str();
-        const char      *szProvince = Province.c_str();
-        const char      *szCity = City.c_str();
-        const char      *szOrganization = Organization.c_str();
-        const char      *szCommon = CommonName.c_str();
+        const char      *szCountry = Parameters.Country.c_str();
+        const char      *szProvince = Parameters.Province.c_str();
+        const char      *szCity = Parameters.City.c_str();
+        const char      *szOrganization = Parameters.Organization.c_str();
+        const char      *szCommon = Parameters.CommonName.c_str();
 
-        Poco::TemporaryFile     CsrPath;
+        Poco::TemporaryFile     CsrPath, PubKey, PrivateKey;
         std::string             Result;
         std::ifstream           ifs;
         std::ostringstream      ss;
+        BIO                     *bp_public = nullptr,
+                *bp_private = nullptr,
+                *bp_csr = nullptr;
 
-    // 1. generate rsa key
+        // 1. generate rsa key
         bne = BN_new();
         ret = BN_set_word(bne,e);
         if(ret != 1){
             goto free_all;
         }
 
         r = RSA_new();
-        ret = RSA_generate_key_ex(r, bits, bne, nullptr);
+        ret = RSA_generate_key_ex(r, Parameters.bits, bne, nullptr);
         if(ret != 1){
             goto free_all;
         }
 
+        bp_public = BIO_new_file(PubKey.path().c_str(), "w+");
+        ret = PEM_write_bio_RSAPublicKey(bp_public, r);
+        if(ret != 1) {
+            goto free_all;
+        }
+
+        bp_private = BIO_new_file(PrivateKey.path().c_str(), "w+");
+        ret = PEM_write_bio_RSAPrivateKey(bp_private, r, NULL, NULL, 0, NULL, NULL);
+        if(ret != 1) {
+            goto free_all;
+        }
+
 // 2. set version of x509 req
         x509_req = X509_REQ_new();
         ret = X509_REQ_set_version(x509_req, nVersion);
@@ -700,22 +720,25 @@ namespace OpenWifi::Utils {
             goto free_all;
         }
 
-        out = BIO_new_file(CsrPath.path().c_str(),"w");
-        ret = PEM_write_bio_X509_REQ(out, x509_req);
+        bp_csr = BIO_new_file(CsrPath.path().c_str(),"w");
+        ret = PEM_write_bio_X509_REQ(bp_csr, x509_req);
 
-        ifs.open(CsrPath.path().c_str(),std::ios_base::binary|std::ios_base::in);
-        Poco::StreamCopier::copyStream(ifs,ss);
-        ifs.close();
-        Result = ss.str();
 // 6. free
-    free_all:
+        free_all:
         X509_REQ_free(x509_req);
-        BIO_free_all(out);
+        BIO_free_all(bp_csr);
+        BIO_free_all(bp_public);
+        BIO_free_all(bp_private);
 
         EVP_PKEY_free(pKey);
         BN_free(bne);
+        if(ret==1) {
+            Results.CSR = FileToString(CsrPath.path());
+            Results.PrivateKey = FileToString(PrivateKey.path());
+            Results.PublicKey = FileToString(PubKey.path());
+        }
 
-        return Result;
+        return ret;
     }
 
     bool VerifyECKey(const std::string &key) {

diff --git a/src/framework/utils.h b/src/framework/utils.h
@@ -247,7 +247,17 @@ namespace OpenWifi::Utils {
 		return count;
 	}
 
-    std::string CreateX509CSR(const std::string &Country, const std::string &Province, const std::string &City,
-                    const std::string &Organization, const std::string &CommonName, int bits=2048);
+    struct CSRCreationParameters {
+        std::string Country, Province, City,
+                    Organization, CommonName;
+        int         bits=2048;
+    };
+
+    struct CSRCreationResults {
+        std::string     CSR, PublicKey, PrivateKey;
+    };
+
+    bool CreateX509CSR(const CSRCreationParameters & Parameters, CSRCreationResults & Results);
+
     bool VerifyECKey(const std::string &key);
 } // namespace OpenWifi::Utils
diff --git a/src/storage/storage_glblraccounts.cpp b/src/storage/storage_glblraccounts.cpp
@@ -25,6 +25,8 @@ namespace OpenWifi {
             ORM::Field{"organization", ORM::FieldType::FT_TEXT},
             ORM::Field{"commonName", ORM::FieldType::FT_TEXT},
             ORM::Field{"CSR", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSRPrivateKey", ORM::FieldType::FT_TEXT},
+            ORM::Field{"CSRPublicKey", ORM::FieldType::FT_TEXT},
             ORM::Field{"GlobalReachAcctId", ORM::FieldType::FT_TEXT}
     };
 
@@ -68,7 +70,9 @@ void ORM::DB<OpenWifi::GLBLRAccountsDBRecordType, OpenWifi::ProvObjects::GLBLRAc
     Out.organization = In.get<10>();
     Out.commonName = In.get<11>();
     Out.CSR = In.get<12>();
-    Out.GlobalReachAcctId = In.get<13>();
+    Out.CSRPrivateKey = In.get<13>();
+    Out.CSRPublicKey = In.get<14>();
+    Out.GlobalReachAcctId = In.get<15>();
 }
 
 template <>
@@ -87,5 +91,7 @@ void ORM::DB<OpenWifi::GLBLRAccountsDBRecordType, OpenWifi::ProvObjects::GLBLRAc
     Out.set<10>(In.organization);
     Out.set<11>(In.commonName);
     Out.set<12>(In.CSR);
-    Out.set<13>(In.GlobalReachAcctId);
+    Out.set<13>(In.CSRPrivateKey);
+    Out.set<14>(In.CSRPublicKey);
+    Out.set<15>(In.GlobalReachAcctId);
 }
diff --git a/src/storage/storage_glblraccounts.h b/src/storage/storage_glblraccounts.h
@@ -19,6 +19,8 @@ namespace OpenWifi {
             std::string,
             std::string,
             std::string,
+            std::string,
+            std::string,
             std::string>
         GLBLRAccountsDBRecordType;