{"id":27940721,"url":"https://github.com/telecominfraproject/wlan-cloud-ucentralsec","last_synced_at":"2025-05-07T10:20:00.644Z","repository":{"id":37095856,"uuid":"382361597","full_name":"Telecominfraproject/wlan-cloud-ucentralsec","owner":"Telecominfraproject","description":null,"archived":false,"fork":false,"pushed_at":"2025-05-02T15:40:34.000Z","size":4669,"stargazers_count":2,"open_issues_count":1,"forks_count":5,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-05-02T15:49:56.303Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Telecominfraproject.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-07-02T13:53:18.000Z","updated_at":"2025-05-02T14:57:20.000Z","dependencies_parsed_at":"2023-09-29T04:33:20.471Z","dependency_job_id":"9d476d0d-2f03-4f1a-bc6a-46a60c33609b","html_url":"https://github.com/Telecominfraproject/wlan-cloud-ucentralsec","commit_stats":null,"previous_names":[],"tags_count":48,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telecominfraproject%2Fwlan-cloud-ucentralsec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telecominfraproject%2Fwlan-cloud-ucentralsec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telecominfraproject%2Fwlan-cloud-ucentralsec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telecominfraproject%2Fwlan-cloud-ucentralsec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Telecominfraproject","download_url":"https://codeload.github.com/Telecominfraproject/wlan-cloud-ucentralsec/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252856699,"owners_count":21814881,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-07T10:19:59.983Z","updated_at":"2025-05-07T10:20:00.614Z","avatar_url":"https://github.com/Telecominfraproject.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n    \u003cimg src=\"images/project/logo.svg\" width=\"200\"/\u003e\n\u003c/p\u003e\n\n# OpenWiFi Security  (OWSEC)\n\n## What is it?\nThe OWSEC is a service for the TIP OpenWiFi CloudSDK (OWSDK).\nOWSEC is the Authentication and Resource Policy Access service for the TIP\nOpenWiFi Cloud SDK (OWSDK). OWSEC,\nlike all other OWSDK microservices, is defined using an OpenAPI definition and uses the ucentral communication\nprotocol to interact with Access Points. To use the OWSUB, you either need to [build it](#building) or use the\n[Docker version](#docker).\n\n## Building\nTo build the microservice from source, please follow the instructions in [here](./BUILDING.md)\n\n## Docker\nTo use the CLoudSDK deployment please follow [here](https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy)\n\n## OpenAPI\nYou may get static page with OpenAPI docs generated from the definition on [GitHub Page](https://telecominfraproject.github.io/wlan-cloud-ucentralsec/).\nAlso, you may use [Swagger UI](https://petstore.swagger.io/#/) with OpenAPI definition file raw link (i.e. [latest version file](https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentralsec/main/openapi/owsec.yaml)) to get interactive docs page.\n\n## Usage\nLike all other OWSDK services, OWSEC is defined through an OpenAPI. You can use this API to build your own \napplications or integration modules into your own systems. If all you need it to access the OWGW for \nexample (the service that manages the APs), you will need to:\n- get a token (`/oauth2`)\n- find the endpoints on the system (`/systemEndpoints`) \n- choose a microservice to manage (pick an endpoint that matches what you are trying to do by looking at its \n`type`. For the Cloud SDK Controller, type = owgw)\n- make your calls (use the PublicEndPoint of the corresponding entry to make your calls, \ndo not forget to add `/api/v1` as the root os the call)\n\nThe CLI for the [OWGW](https://github.com/telecominfraproject/wlan-cloud-ucentralsec/blob/main/test_scripts/curl/cli) has \na very good example of this. Look for the `setgateway` function.\n\nYou may get static page with OpenAPI docs generated from the definition on [GitHub Page](https://telecominfraproject.github.io/wlan-cloud-ucentralsec/).\n\nAlso, you may use [Swagger UI](https://petstore.swagger.io/#/) with OpenAPI definition file raw link (i.e. [latest version file](https://validator.swagger.io/validator?url=https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentralsec/main/openpapi/owsec.yaml)) to get interactive docs page.\n\n#### Expected directory layout\nFrom the directory where your cloned source is, you will need to create the `certs`, `logs`, and `uploads` directories.\n```bash\nmkdir certs\nmkdir certs/cas\nmkdir logs\nmkdir uploads\n```\nYou should now have the following:\n```text\n--+-- certs\n  |   +--- cas\n  +-- cmake\n  +-- cmake-build\n  +-- logs\n  +-- src\n  +-- test_scripts\n  +-- openapi\n  +-- uploads\n  +-- owsec.properties\n```\n\n### Certificate\nThe OWSEC uses a certificate to provide security for the REST API Certificate to secure the Northbound API.\n\n#### The `certs` directory\nFor all deployments, you will need the following `certs` directory, populated with the proper files.\n\n```text\ncerts ---+--- restapi-ca.pem\n         +--- restapi-cert.pem\n         +--- restapi-key.pem\n```\n\n## Firewall Considerations\n| Port  | Description                                | Configurable |\n|:------|:-------------------------------------------|:------------:|\n| 16001 | Default port from the devices to the OWSEC |     yes      |\n\n### Environment variables\nThe following environment variables should be set from the root directory of the service. They tell the OWGW process where to find\nthe configuration and the root directory.\n```bash\nexport OWGW_ROOT=`pwd`\nexport OWGW_CONFIG=`pwd`\n```\nYou can run the shell script `set_env.sh` from the microservice root.\n\n### OWSEC Service Configuration\nThe configuration is kept in a file called `owsec.properties`. To understand the content of this file,\nplease look [here](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/CONFIGURATION.md)\n\n### Default username and password\nThe default username and password are set in `owsec.properties` file. The following entries manage the username and password\n```properties\nauthentication.default.username = tip@ucentral.com\nauthentication.default.password = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n```\nThe password is a long sequence of hexadecimal digits. It is the result of hashing the `username` and the `password`.\nIn order to create the password, please follow these simple instructions.\n```bash\necho -n \"\u003cpassword\u003e\u003cusername\u003e\" | shasum -a 256\n```\nHere is a complete example for username \"root@system.com\" and the password being \"weLoveWifi\".\n```bash\necho -n \"weLoveWifiroot@system.com\" | shasum -a 256\nb5bfed31e2a272e52973a57b95042ab842db3999475f3d79f1ce0f45f465e34c  -\n```\nThen you need to modify your properties file like this\n```properties\nauthentication.default.username = root@system.com\nauthentication.default.password = b5bfed31e2a272e52973a57b95042ab842db3999475f3d79f1ce0f45f465e34c\n```\nRemember, when you login, use `root@system.com` with the password `weLoveWifi`, not this monster digit sequence.\n\n### Changing default password\nOn the first startup of the service new user will be created with the default credentials from properties `authentication.default.username` and `authentication.default.password`, but **you will have to change the password** before making any real requests.\nYou can this using [owgw-ui](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui/) on first login or using the following script:\n\n```bash\nexport OWSEC=openwifi.wlan.local:16001 # endpoint to your owsec RESTAPI endpoint\n#export FLAGS=\"-k\" # uncomment and add curl flags that you would like to pass for the request (for example '-k' may be used to pass errors with self-signed certificates)\nexport OWSEC_DEFAULT_USERNAME=root@system.com # default username that you've set in property 'authentication.default.username'\nexport OWSEC_DEFAULT_PASSWORD=weLoveWifi # default password __in cleartext__ from property 'authentication.default.password'\nexport OWSEC_NEW_PASSWORD=NewPass123% # new password that must be set for the user (must comply with 'authentication.validation.expression')\ntest_scripts/curl/cli testlogin $OWSEC_DEFAULT_USERNAME $OWSEC_DEFAULT_PASSWORD $OWSEC_NEW_PASSWORD\n```\n\nCLI is also included in Docker image if you want to run it this way:\n\n```bash\nexport OWSEC=openwifi.wlan.local:16001\n#export FLAGS=\"-k\"\nexport OWSEC_DEFAULT_USERNAME=root@system.com\nexport OWSEC_DEFAULT_PASSWORD=weLoveWifi\nexport OWSEC_NEW_PASSWORD=NewPass123%\ndocker run --rm -ti \\\n  --network=host \\\n  --env OWSEC \\\n  --env FLAGS \\\n  --env OWSEC_DEFAULT_USERNAME \\\n  --env OWSEC_DEFAULT_PASSWORD \\\n  --env OWSEC_NEW_PASSWORD \\\n  tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:main \\\n  /cli testlogin $OWSEC_DEFAULT_USERNAME $OWSEC_DEFAULT_PASSWORD $OWSEC_NEW_PASSWORD\n```\n\nIt is very important that you not use spaces in your OrgName.\n## Kafka topics\nToe read more about Kafka, follow the [document](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/main/KAFKA.md)\n\n## Contributions\nWe need more contributors. Should you wish to contribute,\nplease follow the [contributions](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/CONTRIBUTING.md) document.\n\n## Pull Requests\nPlease create a branch with the Jira addressing the issue you are fixing or the feature you are implementing.\nCreate a pull-request from the branch into master.\n\n## Additional OWSDK Microservices\nHere is a list of additional OWSDK microservices\n| Name | Description | Link | OpenAPI |\n| :--- | :--- | :---: | :---: |\n| OWSEC | Security Service | [here](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec) | [here](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/blob/main/openpapi/owsec.yaml) |\n| OWGW | Controller Service | [here](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw) | [here](https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/blob/master/openapi/owgw.yaml) |\n| OWFMS | Firmware Management Service | [here](https://github.com/Telecominfraproject/wlan-cloud-ucentralfms) | [here](https://github.com/Telecominfraproject/wlan-cloud-ucentralfms/blob/main/openapi/owfms.yaml) |\n| OWPROV | Provisioning Service | [here](https://github.com/Telecominfraproject/wlan-cloud-owprov) | [here](https://github.com/Telecominfraproject/wlan-cloud-owprov/blob/main/openapi/owprov.yaml) |\n| OWANALYTICS | Analytics Service | [here](https://github.com/Telecominfraproject/wlan-cloud-analytics) | [here](https://github.com/Telecominfraproject/wlan-cloud-analytics/blob/main/openapi/owanalytics.yaml) |\n| OWSUB | Subscriber Service | [here](https://github.com/Telecominfraproject/wlan-cloud-userportal) | [here](https://github.com/Telecominfraproject/wlan-cloud-userportal/blob/main/openapi/userportal.yaml) |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelecominfraproject%2Fwlan-cloud-ucentralsec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftelecominfraproject%2Fwlan-cloud-ucentralsec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelecominfraproject%2Fwlan-cloud-ucentralsec/lists"}