diff --git a/config-sil-ocpp201-pnc.yaml b/config-sil-ocpp201-pnc.yaml new file mode 100644 index 00000000..2102daa9 --- /dev/null +++ b/config-sil-ocpp201-pnc.yaml @@ -0,0 +1,137 @@ +active_modules: + iso15118_charger: + module: EvseV2G + config_module: + device: auto + tls_security: allow + verify_contract_cert_chain: false + connections: + security: + - module_id: evse_security + implementation_id: main + iso15118_car: + module: PyEvJosev + config_module: + device: auto + supported_ISO15118_2: true + tls_active: true + is_cert_install_needed: false + evse_manager_1: + module: EvseManager + config_module: + connector_id: 1 + three_phases: true + has_ventilation: true + country_code: DE + evse_id: "DE*PNX*00001" + session_logging: true + session_logging_xml: false + session_logging_path: /tmp/everest-logs + ac_hlc_enabled: true + ac_hlc_use_5percent: false + ac_enforce_hlc: false + connections: + bsp: + - module_id: yeti_driver_1 + implementation_id: board_support + powermeter_grid_side: + - module_id: yeti_driver_1 + implementation_id: powermeter + slac: + - module_id: slac + implementation_id: evse + hlc: + - module_id: iso15118_charger + implementation_id: charger + yeti_driver_1: + module: JsYetiSimulator + config_module: + connector_id: 1 + slac: + module: JsSlacSimulator + car_simulator_1: + module: JsCarSimulator + config_module: + connector_id: 1 + auto_enable: true + auto_exec: false + auto_exec_commands: sleep 1;iec_wait_pwr_ready;sleep 1;draw_power_regulated 16,3;sleep 30;unplug + connections: + simulation_control: + - module_id: yeti_driver_1 + implementation_id: yeti_simulation_control + ev: + - module_id: iso15118_car + implementation_id: ev + slac: + - module_id: slac + implementation_id: ev + ocpp: + module: OCPP201 + connections: + evse_manager: + - module_id: evse_manager_1 + implementation_id: evse + auth: + - module_id: auth + implementation_id: main + system: + - module_id: system + implementation_id: main + security: + - module_id: evse_security + implementation_id: main + evse_security: + module: EvseSecurity + config_module: + private_key_password: "123456" + token_provider_1: + module: DummyTokenProviderManual + auth: + module: Auth + config_module: + connection_timeout: 120 + selection_algorithm: PlugEvents + connections: + token_provider: + - module_id: token_provider_1 + implementation_id: main + - module_id: ocpp + implementation_id: auth_provider + - module_id: evse_manager_1 + implementation_id: token_provider + token_validator: + - module_id: ocpp + implementation_id: auth_validator + evse_manager: + - module_id: evse_manager_1 + implementation_id: evse + energy_manager: + module: EnergyManager + connections: + energy_trunk: + - module_id: grid_connection_point + implementation_id: energy_grid + grid_connection_point: + module: EnergyNode + config_module: + fuse_limit_A: 40.0 + phase_count: 3 + connections: + price_information: [] + energy_consumer: + - module_id: evse_manager_1 + implementation_id: energy_grid + powermeter: + - module_id: yeti_driver_1 + implementation_id: powermeter + api: + module: API + connections: + evse_manager: + - module_id: evse_manager_1 + implementation_id: evse + system: + module: System + +x-module-layout: {} diff --git a/demo-iso15118-2-ac-plus-ocpp.sh b/demo-iso15118-2-ac-plus-ocpp.sh index add0fa69..7c211634 100755 --- a/demo-iso15118-2-ac-plus-ocpp.sh +++ b/demo-iso15118-2-ac-plus-ocpp.sh @@ -92,14 +92,14 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then pushd maeve-csms || exit 1 git reset --hard ${MAEVE_BRANCH} - cp ../everest-demo/manager/cached_certs_correct_name.tar.gz . + cp ../everest-demo/manager/cached_certs_correct_name_emaid.tar.gz . echo "Patching the CSMS to disable load balancer" patch -p1 -i ../everest-demo/maeve/maeve-csms-no-lb.patch if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then echo "Copying certs into ${DEMO_DIR}/maeve-csms/config/certificates" - tar xf cached_certs_correct_name.tar.gz + tar xf cached_certs_correct_name_emaid.tar.gz cat dist/etc/everest/certs/client/csms/CSMS_LEAF.pem \ dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ @@ -109,6 +109,7 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then > config/certificates/trust.pem cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key config/certificates/csms.key cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem + cp dist/etc/everest/certs/ca/mo/MO_ROOT_CA.pem config/certificates/root-MO-cert.pem echo "Validating that the certificates are set up correctly" openssl verify -show_chain \ @@ -118,6 +119,12 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then echo "Patching the CSMS to enable EVerest organization" patch -p1 -i ../everest-demo/maeve/maeve-csms-everest-org.patch + + echo "Patching the CSMS to enable local mo root" + patch -p1 -i ../everest-demo/maeve/maeve-csms-local-mo-root.patch + + echo "Patching the CSMS to enable local mo root" + patch -p1 -i ../everest-demo/maeve/maeve-csms-ignore-ocsp.patch else echo "Patching the CSMS to disable WSS" patch -p1 -i ../everest-demo/maeve/maeve-csms-no-wss.patch @@ -155,6 +162,7 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then "cacheMode": "ALWAYS" }' + curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d '{"countryCode": "UK", "partyId": "Switch", "contractId": "UKSWI123456789G", "uid": "UKSWI123456789G", "issuer": "Switch", "valid": true, "cacheMode": "ALWAYS"}' echo "User token added, starting EVerest..." popd || exit 1 @@ -163,10 +171,10 @@ fi pushd everest-demo || exit 1 docker compose --project-name everest-ac-demo --file "${DEMO_COMPOSE_FILE_NAME}" up -d --wait - +docker cp config-sil-ocpp201-pnc.yaml everest-ac-demo-manager-1:/ext/source/config/config-sil-ocpp201-pnc.yaml if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then - docker cp manager/cached_certs_correct_name.tar.gz everest-ac-demo-manager-1:/workspace/ - docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xf cached_certs_correct_name.tar.gz" + docker cp manager/cached_certs_correct_name_emaid.tar.gz everest-ac-demo-manager-1:/workspace/ + docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xf cached_certs_correct_name_emaid.tar.gz" echo "Configured everest certs, validating that the chain is set up correctly" docker exec everest-ac-demo-manager-1 /bin/bash -c "openssl verify -show_chain -CAfile dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem dist/etc/everest/certs/client/csms/CSMS_LEAF.pem" @@ -188,5 +196,5 @@ fi if [[ "$DEMO_VERSION" =~ v2.0.1 ]]; then echo "Starting software in the loop simulation" - docker exec everest-ac-demo-manager-1 sh /workspace/build/run-scripts/run-sil-ocpp201.sh + docker exec everest-ac-demo-manager-1 sh /workspace/build/run-scripts/run-sil-ocpp201-pnc.sh fi diff --git a/maeve/maeve-csms-ignore-ocsp.patch b/maeve/maeve-csms-ignore-ocsp.patch new file mode 100644 index 00000000..d0e746f7 --- /dev/null +++ b/maeve/maeve-csms-ignore-ocsp.patch @@ -0,0 +1,32 @@ +diff --git a/manager/handlers/ocpp201/authorize.go b/manager/handlers/ocpp201/authorize.go +index 5df2305..0db9f79 100644 +--- a/manager/handlers/ocpp201/authorize.go ++++ b/manager/handlers/ocpp201/authorize.go +@@ -49,7 +49,12 @@ func (a AuthorizeHandler) HandleCall(ctx context.Context, chargeStationId string + if req.Certificate != nil { + _, err = a.CertificateValidationService.ValidatePEMCertificateChain(ctx, []byte(*req.Certificate), req.IdToken.IdToken) + status, certificateStatus = handleCertificateValidationError(err) +- if err != nil { ++ if err.Error() == "failed to perform ocsp check after 1 attempts" { ++ var tempStatus = types.AuthorizeCertificateStatusEnumTypeAccepted ++ certificateStatus = &tempStatus ++ status = types.AuthorizationStatusEnumTypeAccepted ++ span.SetAttributes(attribute.String("authorize.cert_warn", "No OCSP, but ignoring for testing purpose.")) ++ } else if err != nil { + span.SetAttributes(attribute.String("authorize.cert_error", err.Error())) + } + } +@@ -57,7 +62,12 @@ func (a AuthorizeHandler) HandleCall(ctx context.Context, chargeStationId string + if req.Iso15118CertificateHashData != nil { + _, err := a.CertificateValidationService.ValidateHashedCertificateChain(ctx, *req.Iso15118CertificateHashData) + status, certificateStatus = handleCertificateValidationError(err) +- if err != nil { ++ if err.Error() == "failed to perform ocsp check after 1 attempts" { ++ var tempStatus = types.AuthorizeCertificateStatusEnumTypeAccepted ++ certificateStatus = &tempStatus ++ status = types.AuthorizationStatusEnumTypeAccepted ++ span.SetAttributes(attribute.String("authorize.cert_warn", "No OCSP, but ignoring for testing purpose.")) ++ } else if err != nil { + span.SetAttributes(attribute.String("authorize.cert_error", err.Error())) + } + } diff --git a/maeve/maeve-csms-local-mo-root.patch b/maeve/maeve-csms-local-mo-root.patch new file mode 100644 index 00000000..c0b7f870 --- /dev/null +++ b/maeve/maeve-csms-local-mo-root.patch @@ -0,0 +1,19 @@ +diff --git a/config/manager/config.toml b/config/manager/config.toml +index 3fa49ec..668eda9 100644 +--- a/config/manager/config.toml ++++ b/config/manager/config.toml +@@ -19,12 +19,8 @@ firestore.project_id = "*detect-project-id*" + type = "ocsp" + + [contract_cert_validator.ocsp.root_certs] +-type = "opcp" +-opcp.url = "https://open.plugncharge-test.hubject.com" +-opcp.ttl = "24h" +-opcp.auth.type = "hubject_test_token" +-opcp.auth.hubject_test_token.url = "https://hubject.stoplight.io/api/v1/projects/cHJqOjk0NTg5/nodes/6bb8b3bc79c2e-authorization-token" +-opcp.auth.hubject_test_token.ttl = "6h" ++type = "file" ++file.files = ["/certificates/root-MO-cert.pem"] + + [contract_cert_provider] + type = "opcp" diff --git a/manager/cached_certs_correct_name_emaid.tar.gz b/manager/cached_certs_correct_name_emaid.tar.gz new file mode 100644 index 00000000..3e06f168 Binary files /dev/null and b/manager/cached_certs_correct_name_emaid.tar.gz differ