From bc8e7e8ac93e951e83817b1f3d8baa7f4b5fea7b Mon Sep 17 00:00:00 2001
From: stephb9959 <stephane.bourque@gmail.com>
Date: Tue, 3 Oct 2023 07:14:11 -0700
Subject: [PATCH] https://telecominfraproject.atlassian.net/browse/WIFI-7831

Signed-off-by: stephb9959 <stephane.bourque@gmail.com>
---
 .../RESTAPI_radius_endpoint_handler.cpp       | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/src/RESTAPI/RESTAPI_radius_endpoint_handler.cpp b/src/RESTAPI/RESTAPI_radius_endpoint_handler.cpp
index ffe8dae..eae3046 100644
--- a/src/RESTAPI/RESTAPI_radius_endpoint_handler.cpp
+++ b/src/RESTAPI/RESTAPI_radius_endpoint_handler.cpp
@@ -111,6 +111,24 @@ namespace OpenWifi {
                         if(!StorageService()->OrionAccountsDB().Exists("id",Server.UseOpenRoamingAccount)) {
                             return BadRequest(RESTAPI::Errors::OrionAccountMustExist);
                         }
+                        if(Server.Certificate.empty() || !Utils::ValidX509Certificate(Server.Certificate)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecMainCertificate);
+                        }
+                        if(Server.CaCerts.empty() || !Utils::ValidX509Certificate(Server.CaCerts)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecCaCertificate);
+                        }
+                        if(Server.PrivateKey.empty() || !Utils::VerifyPrivateKey(Server.PrivateKey)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecPrivteKey);
+                        }
+                        if(!Utils::ValidIP(Server.IP)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecIPAddress);
+                        }
+                        if(!(Server.Port>0 && Server.Port<65535)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecPort);
+                        }
+                        if(Server.Secret.empty()) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecSecret);
+                        }
                     }
                 } break;
                 case RadiusEndpointDB::EndpointType::globalreach: {
@@ -118,6 +136,24 @@ namespace OpenWifi {
                         if(!StorageService()->GLBLRCertsDB().Exists("id",Server.UseOpenRoamingAccount)) {
                             return BadRequest(RESTAPI::Errors::GlobalReachCertMustExist);
                         }
+                        if(Server.Certificate.empty() || !Utils::ValidX509Certificate(Server.Certificate)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecMainCertificate);
+                        }
+                        if(Server.CaCerts.empty() || !Utils::ValidX509Certificate(Server.CaCerts)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecCaCertificate);
+                        }
+                        if(Server.PrivateKey.empty() || !Utils::VerifyPrivateKey(Server.PrivateKey)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecPrivteKey);
+                        }
+                        if(!Utils::ValidIP(Server.IP)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecIPAddress);
+                        }
+                        if(!(Server.Port>0 && Server.Port<65535)) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecPort);
+                        }
+                        if(Server.Secret.empty()) {
+                            return BadRequest(RESTAPI::Errors::InvalidRadsecSecret);
+                        }
                     }
                 } break;
                 case RadiusEndpointDB::EndpointType::radsec: {