Skip to content

Commit

Permalink
[feature] Added support for more WPA EAP client parameters #313
Browse files Browse the repository at this point in the history 
Closes #313
  • Loading branch information
@pandafy
pandafy committed Sep 20, 2024
1 parent f7a37e0 commit ae28bd5
Show file tree
Hide file tree
Showing 4 changed files with 71 additions and 0 deletions.
6 changes: 6 additions & 0 deletions netjsonconfig/backends/openwrt/converters/wireless.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,10 +283,16 @@ def __netjson_wifi_typecast(self, wifi):
'vlan_bridge',
'eap_type',
'auth',
'anonymous_identity',
'identity',
'password',
'ca_cert',
'client_cert',
'ca_cert_usesystem',
'subject_match',
'altsubject_match',
'domain_match',
'domain_suffix_match',
'priv_key',
'priv_key_pwd',
'wps_config',
Expand Down
56 changes: 56 additions & 0 deletions netjsonconfig/backends/openwrt/schema.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -748,6 +748,62 @@
},
}
},
"encryption_wpa_enterprise_sta_base_settings": {
"properties": {
"ca_cert_usesystem": {
"title": "Use system certificates",
"type": "boolean",
"default": False,
"format": "checkbox",
"description": (
'Validate server certificate using built-in'
' system CA bundle, requires the "ca-bundle" package'
),
"propertyOrder": 7.9,
},
"subject_match": {
"title": "Certificate constraint (Subject)",
"type": "string",
"description": (
"Certificate constraint substring"
" - e.g. /CN=wifi.mycompany.com See `logread -f` during"
" handshake for actual values"
),
"propertyOrder": 8.9,
},
"altsubject_match": {
"title": "Certificate constraint (SAN)",
"description": (
"Certificate constraint(s) via Subject Alternate"
" Name values (supported attributes: EMAIL, DNS, URI)"
" - e.g. DNS:wifi.mycompany.com"
),
"type": "array",
"items": {"type": "string"},
"propertyOrder": 8.91,
},
"domain_match": {
"title": "Certificate constraint (Domain)",
"description": (
"Certificate constraint(s) against DNS SAN values"
" (if available) or Subject CN (exact match)"
),
"type": "array",
"items": {"type": "string"},
"propertyOrder": 8.92,
},
"domain_suffix_match": {
"title": "Certificate constraint (Wildcard)",
"description": (
"Certificate constraint(s) against DNS SAN values "
"(if available) or Subject CN (suffix match)"
),
"type": "array",
"items": {"type": "string"},
"propertyOrder": 8.93,
},
}
},
},
"properties": {
"general": {
Expand Down
1 change: 1 addition & 0 deletions netjsonconfig/schema.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -662,6 +662,7 @@
"propertyOrder": 5,
},
"identity": {"type": "string", "propertyOrder": 6},
"anonymous_identity": {"type": "string", "propertyOrder": 6.1},
"password": {"type": "string", "propertyOrder": 7},
"ca_cert": {
"type": "string",
Expand Down
8 changes: 8 additions & 0 deletions tests/openwrt/test_encryption.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -563,8 +563,12 @@ def test_parse_wpa2_enterprise_client(self):
"cipher": "auto",
"eap_type": "ttls",
"auth": "MSCHAPV2",
"anonymous_identity": "anonymous",
"identity": "test-identity",
"password": "test-password",
"client_cert": "/etc/ssl/wifi.openwisp.io/cert.crt",
"priv_key": "/etc/ssl/wifi.openwisp.io/private.key",
"domain_match": ["wifi.openwisp.io"],
},
},
}
Expand All @@ -573,15 +577,19 @@ def test_parse_wpa2_enterprise_client(self):
_wpa2_enterprise_ttls_client_uci = """package wireless
config wifi-iface 'wifi_wlan0'
option anonymous_identity 'anonymous'
option auth 'MSCHAPV2'
option bssid '00:26:b9:20:5f:09'
option client_cert '/etc/ssl/wifi.openwisp.io/cert.crt'
option device 'radio0'
list domain_match 'wifi.openwisp.io'
option eap_type 'ttls'
option encryption 'wpa2'
option identity 'test-identity'
option ifname 'wlan0'
option mode 'sta'
option password 'test-password'
option priv_key '/etc/ssl/wifi.openwisp.io/private.key'
option ssid 'enterprise-client'
"""

Expand Down

0 comments on commit ae28bd5

Please sign in to comment.