https://telecominfraproject.atlassian.net/browse/WIFI-7831

Signed-off-by: stephb9959 <[email protected]>

build

@@ -1 +1 @@
-27
+29

src/RADIUS_proxy_server.cpp

@@ -159,11 +159,15 @@ namespace OpenWifi {
 	void RADIUS_proxy_server::StartRADSECServers() {
 		std::lock_guard G(Mutex_);
 		for (const auto &pool : PoolList_.pools) {
-			for (const auto &entry : pool.authConfig.servers) {
-				if (entry.radsec) {
-					RADSECservers_[Poco::Net::SocketAddress(entry.ip, 0)] =
-						std::make_unique<RADSEC_server>(*RadiusReactor_, entry, pool);
+			if(pool.enabled) {
+				for (const auto &entry : pool.authConfig.servers) {
+					if (entry.radsec) {
+						RADSECservers_[Poco::Net::SocketAddress(entry.ip, 0)] =
+							std::make_unique<RADSEC_server>(*RadiusReactor_, entry, pool);
+					}
 				}
+			} else {
+				poco_information(Logger(),fmt::format("Pool {} is not enabled.", pool.name));
 			}
 		}
 	}

src/RADSEC_server.h

@@ -53,19 +53,26 @@ namespace OpenWifi {
 
 		inline void run() final {
 			Poco::Thread::trySleep(5000);
-			std::uint64_t LastStatus = 0;
+			std::uint64_t CurrentDelay = 10, maxDelay=300, LastTry=0, LastKeepAlive=0;
 			while (TryAgain_) {
 				if (!Connected_) {
-					LastStatus = Utils::Now();
-					Connect();
-				} else if ((Utils::Now() - LastStatus) > KeepAlive_) {
+					if(!LastTry || (Utils::Now()-LastTry)>CurrentDelay) {
+						LastTry = Utils::Now();
+						if (!Connect()) {
+							CurrentDelay *= 2;
+							if(CurrentDelay>maxDelay) CurrentDelay=10;
+						} else {
+							CurrentDelay = 10;
+						}
+					}
+				} else if ((Utils::Now() - LastKeepAlive) > KeepAlive_) {
 					RADIUS::RadiusOutputPacket P(Server_.radsecSecret);
 					P.MakeStatusMessage();
 					poco_trace(Logger_, fmt::format("{}: Keep-Alive message.", Server_.name));
 					Socket_->sendBytes(P.Data(), P.Len());
-					LastStatus = Utils::Now();
+					LastKeepAlive = Utils::Now();
 				}
-				Poco::Thread::trySleep(!Connected_ ? 30000 : 2000);
+				Poco::Thread::trySleep(2000);
 			}
 		}
 
@@ -166,6 +173,9 @@ namespace OpenWifi {
 			Disconnect();
 		}
 
+		static inline bool IsExpired(const Poco::Crypto::X509Certificate &C) {
+			return C.expiresOn().timestamp().epochTime() < (std::time_t)Utils::Now();
+		}
 
 		inline bool Connect_GlobalReach() {
 			if (TryAgain_) {
@@ -221,7 +231,13 @@ namespace OpenWifi {
 				}
 
 				SecureContext->usePrivateKey(Poco::Crypto::RSAKey("",KeyFile_.path(),""));
-				SecureContext->useCertificate(Poco::Crypto::X509Certificate(CertFile_.path()));
+				Poco::Crypto::X509Certificate	Cert(CertFile_.path());
+				if(!IsExpired(Cert)) {
+					SecureContext->useCertificate(Poco::Crypto::X509Certificate(CertFile_.path()));
+				} else {
+					poco_error(Logger_, fmt::format("Certificate for {} has expired. We cannot connect to this server.", Server_.name));
+					return false;
+				}
 				SecureContext->addCertificateAuthority(Poco::Crypto::X509Certificate(OpenRoamingRootCertFile_.path()));
 				SecureContext->addChainCertificate(Poco::Crypto::X509Certificate(Intermediate0.path()));
 				SecureContext->addChainCertificate(Poco::Crypto::X509Certificate(Intermediate1.path()));

src/RESTObjects/RESTAPI_GWobjects.cpp

@@ -433,6 +433,7 @@ namespace OpenWifi::GWObjects {
 		field_to_json(Obj, "radsecKeepAlive", radsecKeepAlive);
 		field_to_json(Obj, "poolProxyIp", poolProxyIp);
 		field_to_json(Obj, "radsecPoolType", radsecPoolType);
+		field_to_json(Obj, "enabled", enabled);
 	}
 
 	bool RadiusProxyPool::from_json(const Poco::JSON::Object::Ptr &Obj) {
@@ -446,6 +447,7 @@ namespace OpenWifi::GWObjects {
 			field_from_json(Obj, "radsecKeepAlive", radsecKeepAlive);
 			field_from_json(Obj, "poolProxyIp", poolProxyIp);
 			field_from_json(Obj, "radsecPoolType", radsecPoolType);
+			field_from_json(Obj, "enabled", enabled);
 			return true;
 		} catch (const Poco::Exception &E) {
 		}

src/RESTObjects/RESTAPI_GWobjects.h

@@ -363,6 +363,7 @@ namespace OpenWifi::GWObjects {
 		std::string 	radsecPoolType;
 		std::string 	poolProxyIp;
 		std::uint64_t 	radsecKeepAlive=25;
+		bool			enabled=true;
 
 		void to_json(Poco::JSON::Object &Obj) const;
 		bool from_json(const Poco::JSON::Object::Ptr &Obj);