From 888aecbf80c42bc4a644a102b9d1e6cfd4b954c6 Mon Sep 17 00:00:00 2001 From: John Date: Fri, 10 May 2024 12:29:35 +0300 Subject: [PATCH] Bugfix/66 graceful crash handling (#665) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Updated interfaces * Format and fixes * Updated interface usage for CSR generation * Updated interface definition usage * Comment updates * Updated deps * Updated interface for comments * Updated bazel deps * Removed unused evse_security interface function --------- Signed-off-by: AssemblyJohn Co-authored-by: Piet Gömpel <37657534+Pietfried@users.noreply.github.com> --- dependencies.yaml | 4 +- interfaces/evse_security.yaml | 12 +- lib/staging/ocpp/evse_security_ocpp.cpp | 115 ++++++++++++++---- lib/staging/ocpp/evse_security_ocpp.hpp | 18 ++- modules/EvseSecurity/conversions.cpp | 68 ++++++++--- modules/EvseSecurity/conversions.hpp | 7 +- .../EvseSecurity/main/evse_securityImpl.cpp | 36 ++++-- .../EvseSecurity/main/evse_securityImpl.hpp | 8 +- modules/EvseV2G/connection.cpp | 12 +- third-party/bazel/deps_versions.bzl | 8 +- types/evse_security.yaml | 67 ++++++++-- 11 files changed, 261 insertions(+), 94 deletions(-) diff --git a/dependencies.yaml b/dependencies.yaml index 4b88abf11..e4594871f 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -50,13 +50,13 @@ libcurl: # and would otherwise be overwritten by the version used there libevse-security: git: https://github.com/EVerest/libevse-security.git - git_tag: v0.6.0 + git_tag: 6e702ef5df568c2f9929a3c3b97a09c0cb4c5b21 cmake_condition: "EVEREST_DEPENDENCY_ENABLED_LIBEVSE_SECURITY" # OCPP libocpp: git: https://github.com/EVerest/libocpp.git - git_tag: v0.11.0 + git_tag: 9deeb534c7f38981a422b53a6f0416bdb791b368 cmake_condition: "EVEREST_DEPENDENCY_ENABLED_LIBOCPP" # Josev Josev: diff --git a/interfaces/evse_security.yaml b/interfaces/evse_security.yaml index 353d2142e..0f102cd71 100644 --- a/interfaces/evse_security.yaml +++ b/interfaces/evse_security.yaml @@ -102,7 +102,7 @@ cmds: $ref: /evse_security#/CertificateHashData ocsp_response: description: OCSPResponse class as defined in IETF RFC 6960. DER and then base64 encoded - type: string + type: string is_ca_certificate_installed: description: Command that indicates of the given CA certificate type is installed arguments: @@ -134,8 +134,9 @@ cmds: type: boolean result: description: The certificate signing request in PEM format - type: string - get_key_pair: + type: object + $ref: /evse_security#/GetCertificateSignRequestResult + get_leaf_certificate_info: description: Command to get the paths of the certificate and the respective key arguments: certificate_type: @@ -146,10 +147,13 @@ cmds: description: Specifies the encoding of the key type: string $ref: /evse_security#/EncodingFormat + include_ocsp: + description: Specifies whether per-certificate OCSP data is also requested + type: boolean result: description: The response to the requested command type: object - $ref: /evse_security#/GetKeyPairResult + $ref: /evse_security#/GetCertificateInfoResult get_verify_file: description: Command to get the file path of a CA bundle that can be used for verification arguments: diff --git a/lib/staging/ocpp/evse_security_ocpp.cpp b/lib/staging/ocpp/evse_security_ocpp.cpp index e8b942d2c..e79a7b46c 100644 --- a/lib/staging/ocpp/evse_security_ocpp.cpp +++ b/lib/staging/ocpp/evse_security_ocpp.cpp @@ -83,24 +83,36 @@ bool EvseSecurity::is_ca_certificate_installed(const ocpp::CaCertificateType& ce return this->r_security.call_is_ca_certificate_installed(conversions::from_ocpp(certificate_type)); } -std::string EvseSecurity::generate_certificate_signing_request(const ocpp::CertificateSigningUseEnum& certificate_type, - const std::string& country, - const std::string& organization, - const std::string& common, bool use_tpm) { - return this->r_security.call_generate_certificate_signing_request(conversions::from_ocpp(certificate_type), country, - organization, common, use_tpm); -} - -std::optional EvseSecurity::get_key_pair(const ocpp::CertificateSigningUseEnum& certificate_type) { - const auto key_pair_response = this->r_security.call_get_key_pair(conversions::from_ocpp(certificate_type), - types::evse_security::EncodingFormat::PEM); - if (key_pair_response.status == types::evse_security::GetKeyPairStatus::Accepted and - key_pair_response.key_pair.has_value()) { - const auto _key_pair = conversions::to_ocpp(key_pair_response.key_pair.value()); - return _key_pair; - } else { - return std::nullopt; +ocpp::GetCertificateSignRequestResult +EvseSecurity::generate_certificate_signing_request(const ocpp::CertificateSigningUseEnum& certificate_type, + const std::string& country, const std::string& organization, + const std::string& common, bool use_tpm) { + auto csr_response = this->r_security.call_generate_certificate_signing_request( + conversions::from_ocpp(certificate_type), country, organization, common, use_tpm); + + ocpp::GetCertificateSignRequestResult result; + + result.status = conversions::to_ocpp(csr_response.status); + if (csr_response.csr.has_value()) { + result.csr = csr_response.csr; } + + return result; +} + +ocpp::GetCertificateInfoResult +EvseSecurity::get_leaf_certificate_info(const ocpp::CertificateSigningUseEnum& certificate_type, bool include_ocsp) { + const auto info_response = this->r_security.call_get_leaf_certificate_info( + conversions::from_ocpp(certificate_type), types::evse_security::EncodingFormat::PEM, include_ocsp); + + ocpp::GetCertificateInfoResult result; + + result.status = conversions::to_ocpp(info_response.status); + if (info_response.info.has_value()) { + result.info = conversions::to_ocpp(info_response.info.value()); + } + + return result; } bool EvseSecurity::update_certificate_links(const ocpp::CertificateSigningUseEnum& certificate_type) { @@ -221,13 +233,30 @@ ocpp::CertificateValidationResult to_ocpp(types::evse_security::CertificateValid return ocpp::CertificateValidationResult::InvalidChain; case types::evse_security::CertificateValidationResult::Unknown: return ocpp::CertificateValidationResult::Unknown; - ; default: throw std::runtime_error("Could not convert types::evse_security::CertificateValidationResult to " "ocpp::CertificateValidationResult"); } } +ocpp::GetCertificateInfoStatus to_ocpp(types::evse_security::GetCertificateInfoStatus other) { + switch (other) { + case types::evse_security::GetCertificateInfoStatus::Accepted: + return ocpp::GetCertificateInfoStatus::Accepted; + case types::evse_security::GetCertificateInfoStatus::Rejected: + return ocpp::GetCertificateInfoStatus::Rejected; + case types::evse_security::GetCertificateInfoStatus::NotFound: + return ocpp::GetCertificateInfoStatus::NotFound; + case types::evse_security::GetCertificateInfoStatus::NotFoundValid: + return ocpp::GetCertificateInfoStatus::NotFoundValid; + case types::evse_security::GetCertificateInfoStatus::PrivateKeyNotFound: + return ocpp::GetCertificateInfoStatus::PrivateKeyNotFound; + default: + throw std::runtime_error("Could not convert types::evse_security::GetCertificateInfoStatus to " + "ocpp::GetCertificateInfoStatus"); + } +} + ocpp::DeleteCertificateResult to_ocpp(types::evse_security::DeleteCertificateResult other) { switch (other) { case types::evse_security::DeleteCertificateResult::Accepted: @@ -242,6 +271,22 @@ ocpp::DeleteCertificateResult to_ocpp(types::evse_security::DeleteCertificateRes } } +ocpp::GetCertificateSignRequestStatus to_ocpp(types::evse_security::GetCertificateSignRequestStatus other) { + switch (other) { + case types::evse_security::GetCertificateSignRequestStatus::Accepted: + return ocpp::GetCertificateSignRequestStatus::Accepted; + case types::evse_security::GetCertificateSignRequestStatus::InvalidRequestedType: + return ocpp::GetCertificateSignRequestStatus::InvalidRequestedType; + case types::evse_security::GetCertificateSignRequestStatus::KeyGenError: + return ocpp::GetCertificateSignRequestStatus::KeyGenError; + case types::evse_security::GetCertificateSignRequestStatus::GenerationError: + return ocpp::GetCertificateSignRequestStatus::GenerationError; + default: + throw std::runtime_error("Could not convert types::evse_security::GetCertificateSignRequestStatus to " + "ocpp::GetCertificateSignRequestStatus"); + } +} + ocpp::CertificateHashDataType to_ocpp(types::evse_security::CertificateHashData other) { ocpp::CertificateHashDataType lhs; lhs.hashAlgorithm = to_ocpp(other.hash_algorithm); @@ -279,12 +324,31 @@ ocpp::OCSPRequestData to_ocpp(types::evse_security::OCSPRequestData other) { return lhs; } -ocpp::KeyPair to_ocpp(types::evse_security::KeyPair other) { - ocpp::KeyPair lhs; +ocpp::CertificateOCSP to_ocpp(types::evse_security::CertificateOCSP other) { + ocpp::CertificateOCSP lhs; + lhs.hash = to_ocpp(other.hash); + + if (other.ocsp_path.has_value()) { + lhs.ocsp_path = other.ocsp_path.value(); + } + + return lhs; +} + +ocpp::CertificateInfo to_ocpp(types::evse_security::CertificateInfo other) { + ocpp::CertificateInfo lhs; lhs.certificate_path = other.certificate; lhs.certificate_single_path = other.certificate_single; lhs.key_path = other.key; lhs.password = other.password; + lhs.certificate_count = other.certificate_count; + + if (other.ocsp.has_value()) { + for (auto& ocsp_data : other.ocsp.value()) { + lhs.ocsp.push_back(to_ocpp(ocsp_data)); + } + } + return lhs; } @@ -440,10 +504,13 @@ types::evse_security::OCSPRequestData from_ocpp(ocpp::OCSPRequestData other) { return lhs; } -types::evse_security::KeyPair from_ocpp(ocpp::KeyPair other) { - types::evse_security::KeyPair lhs; - lhs.key = other.certificate_path; - lhs.certificate = other.key_path; +types::evse_security::CertificateInfo from_ocpp(ocpp::CertificateInfo other) { + types::evse_security::CertificateInfo lhs; + lhs.certificate = other.certificate_path; + lhs.certificate_single = other.certificate_single_path; + lhs.certificate_count = other.certificate_count; + lhs.key = other.key_path; + lhs.password = other.password; return lhs; } diff --git a/lib/staging/ocpp/evse_security_ocpp.hpp b/lib/staging/ocpp/evse_security_ocpp.hpp index 24c7088fe..8a7ff6857 100644 --- a/lib/staging/ocpp/evse_security_ocpp.hpp +++ b/lib/staging/ocpp/evse_security_ocpp.hpp @@ -32,10 +32,12 @@ class EvseSecurity : public ocpp::EvseSecurity { void update_ocsp_cache(const ocpp::CertificateHashDataType& certificate_hash_data, const std::string& ocsp_response) override; bool is_ca_certificate_installed(const ocpp::CaCertificateType& certificate_type) override; - std::string generate_certificate_signing_request(const ocpp::CertificateSigningUseEnum& certificate_type, - const std::string& country, const std::string& organization, - const std::string& common, bool use_tpm) override; - std::optional get_key_pair(const ocpp::CertificateSigningUseEnum& certificate_type) override; + ocpp::GetCertificateSignRequestResult + generate_certificate_signing_request(const ocpp::CertificateSigningUseEnum& certificate_type, + const std::string& country, const std::string& organization, + const std::string& common, bool use_tpm) override; + ocpp::GetCertificateInfoResult get_leaf_certificate_info(const ocpp::CertificateSigningUseEnum& certificate_type, + bool include_ocsp) override; bool update_certificate_links(const ocpp::CertificateSigningUseEnum& certificate_type) override; std::string get_verify_file(const ocpp::CaCertificateType& certificate_type) override; int get_leaf_expiry_days_count(const ocpp::CertificateSigningUseEnum& certificate_type) override; @@ -49,12 +51,15 @@ ocpp::CertificateType to_ocpp(types::evse_security::CertificateType other); ocpp::HashAlgorithmEnumType to_ocpp(types::evse_security::HashAlgorithm other); ocpp::InstallCertificateResult to_ocpp(types::evse_security::InstallCertificateResult other); ocpp::CertificateValidationResult to_ocpp(types::evse_security::CertificateValidationResult other); +ocpp::GetCertificateInfoStatus to_ocpp(types::evse_security::GetCertificateInfoStatus other); +ocpp::GetCertificateSignRequestStatus to_ocpp(types::evse_security::GetCertificateSignRequestStatus other); ocpp::DeleteCertificateResult to_ocpp(types::evse_security::DeleteCertificateResult other); ocpp::CertificateHashDataType to_ocpp(types::evse_security::CertificateHashData other); ocpp::CertificateHashDataChain to_ocpp(types::evse_security::CertificateHashDataChain other); ocpp::OCSPRequestData to_ocpp(types::evse_security::OCSPRequestData other); -ocpp::KeyPair to_ocpp(types::evse_security::KeyPair other); +ocpp::CertificateOCSP to_ocpp(types::evse_security::CertificateOCSP other); +ocpp::CertificateInfo to_ocpp(types::evse_security::CertificateInfo other); types::evse_security::CaCertificateType from_ocpp(ocpp::CaCertificateType other); types::evse_security::LeafCertificateType from_ocpp(ocpp::CertificateSigningUseEnum other); @@ -62,12 +67,13 @@ types::evse_security::LeafCertificateType from_ocpp(ocpp::LeafCertificateType ot types::evse_security::CertificateType from_ocpp(ocpp::CertificateType other); types::evse_security::HashAlgorithm from_ocpp(ocpp::HashAlgorithmEnumType other); types::evse_security::InstallCertificateResult from_ocpp(ocpp::InstallCertificateResult other); +types::evse_security::GetCertificateSignRequestStatus from_ocpp(ocpp::GetCertificateSignRequestStatus other); types::evse_security::DeleteCertificateResult from_ocpp(ocpp::DeleteCertificateResult other); types::evse_security::CertificateHashData from_ocpp(ocpp::CertificateHashDataType other); types::evse_security::CertificateHashDataChain from_ocpp(ocpp::CertificateHashDataChain other); types::evse_security::OCSPRequestData from_ocpp(ocpp::OCSPRequestData other); -types::evse_security::KeyPair from_ocpp(ocpp::KeyPair other); +types::evse_security::CertificateInfo from_ocpp(ocpp::CertificateInfo other); }; // namespace conversions diff --git a/modules/EvseSecurity/conversions.cpp b/modules/EvseSecurity/conversions.cpp index eba1adaaf..e9965fe49 100644 --- a/modules/EvseSecurity/conversions.cpp +++ b/modules/EvseSecurity/conversions.cpp @@ -188,12 +188,29 @@ evse_security::OCSPRequestDataList from_everest(types::evse_security::OCSPReques return lhs; } -evse_security::KeyPair from_everest(types::evse_security::KeyPair other) { - evse_security::KeyPair lhs; +evse_security::CertificateOCSP from_everest(types::evse_security::CertificateOCSP other) { + evse_security::CertificateOCSP lhs; + lhs.hash = from_everest(other.hash); + + if (other.ocsp_path.has_value()) { + lhs.ocsp_path = other.ocsp_path.value(); + } + + return lhs; +} + +evse_security::CertificateInfo from_everest(types::evse_security::CertificateInfo other) { + evse_security::CertificateInfo lhs; lhs.key = other.key; lhs.certificate = other.certificate; lhs.certificate_single = other.certificate_single; + lhs.certificate_count = other.certificate_count; lhs.password = other.password; + if (other.ocsp.has_value()) { + for (auto& ocsp_data : other.ocsp.value()) { + lhs.ocsp.push_back(from_everest(ocsp_data)); + } + } return lhs; } @@ -346,21 +363,37 @@ types::evse_security::GetInstalledCertificatesStatus to_everest(evse_security::G } } -types::evse_security::GetKeyPairStatus to_everest(evse_security::GetKeyPairStatus other) { +types::evse_security::GetCertificateSignRequestStatus to_everest(evse_security::GetCertificateSignRequestStatus other) { + switch (other) { + case evse_security::GetCertificateSignRequestStatus::Accepted: + return types::evse_security::GetCertificateSignRequestStatus::Accepted; + case evse_security::GetCertificateSignRequestStatus::InvalidRequestedType: + return types::evse_security::GetCertificateSignRequestStatus::InvalidRequestedType; + case evse_security::GetCertificateSignRequestStatus::KeyGenError: + return types::evse_security::GetCertificateSignRequestStatus::KeyGenError; + case evse_security::GetCertificateSignRequestStatus::GenerationError: + return types::evse_security::GetCertificateSignRequestStatus::GenerationError; + default: + throw std::runtime_error("Could not convert evse_security::GetCertificateSignRequestStatus to " + "types::evse_security::GetCertificateSignRequestStatus"); + } +} + +types::evse_security::GetCertificateInfoStatus to_everest(evse_security::GetCertificateInfoStatus other) { switch (other) { - case evse_security::GetKeyPairStatus::Accepted: - return types::evse_security::GetKeyPairStatus::Accepted; - case evse_security::GetKeyPairStatus::Rejected: - return types::evse_security::GetKeyPairStatus::Rejected; - case evse_security::GetKeyPairStatus::NotFound: - return types::evse_security::GetKeyPairStatus::NotFound; - case evse_security::GetKeyPairStatus::NotFoundValid: - return types::evse_security::GetKeyPairStatus::NotFoundValid; - case evse_security::GetKeyPairStatus::PrivateKeyNotFound: - return types::evse_security::GetKeyPairStatus::PrivateKeyNotFound; + case evse_security::GetCertificateInfoStatus::Accepted: + return types::evse_security::GetCertificateInfoStatus::Accepted; + case evse_security::GetCertificateInfoStatus::Rejected: + return types::evse_security::GetCertificateInfoStatus::Rejected; + case evse_security::GetCertificateInfoStatus::NotFound: + return types::evse_security::GetCertificateInfoStatus::NotFound; + case evse_security::GetCertificateInfoStatus::NotFoundValid: + return types::evse_security::GetCertificateInfoStatus::NotFoundValid; + case evse_security::GetCertificateInfoStatus::PrivateKeyNotFound: + return types::evse_security::GetCertificateInfoStatus::PrivateKeyNotFound; default: - throw std::runtime_error("Could not convert evse_security::GetKeyPairStatus to " - "types::evse_security::GetKeyPairStatus"); + throw std::runtime_error("Could not convert evse_security::GetCertificateInfoStatus to " + "types::evse_security::GetCertificateInfoStatus"); } } @@ -415,12 +448,13 @@ types::evse_security::OCSPRequestDataList to_everest(evse_security::OCSPRequestD return lhs; } -types::evse_security::KeyPair to_everest(evse_security::KeyPair other) { - types::evse_security::KeyPair lhs; +types::evse_security::CertificateInfo to_everest(evse_security::CertificateInfo other) { + types::evse_security::CertificateInfo lhs; lhs.key = other.key; lhs.certificate = other.certificate; lhs.certificate_single = other.certificate_single; lhs.password = other.password; + lhs.certificate_count = other.certificate_count; return lhs; } diff --git a/modules/EvseSecurity/conversions.hpp b/modules/EvseSecurity/conversions.hpp index b87220a15..9f25447a8 100644 --- a/modules/EvseSecurity/conversions.hpp +++ b/modules/EvseSecurity/conversions.hpp @@ -24,7 +24,7 @@ evse_security::CertificateHashDataChain from_everest(types::evse_security::Certi evse_security::GetInstalledCertificatesResult from_everest(types::evse_security::GetInstalledCertificatesResult other); evse_security::OCSPRequestData from_everest(types::evse_security::OCSPRequestData other); evse_security::OCSPRequestDataList from_everest(types::evse_security::OCSPRequestDataList other); -evse_security::KeyPair from_everest(types::evse_security::KeyPair other); +evse_security::CertificateInfo from_everest(types::evse_security::CertificateInfo other); types::evse_security::EncodingFormat to_everest(evse_security::EncodingFormat other); types::evse_security::CaCertificateType to_everest(evse_security::CaCertificateType other); @@ -35,14 +35,15 @@ types::evse_security::InstallCertificateResult to_everest(evse_security::Install types::evse_security::CertificateValidationResult to_everest(evse_security::CertificateValidationResult other); types::evse_security::DeleteCertificateResult to_everest(evse_security::DeleteCertificateResult other); types::evse_security::GetInstalledCertificatesStatus to_everest(evse_security::GetInstalledCertificatesStatus other); -types::evse_security::GetKeyPairStatus to_everest(evse_security::GetKeyPairStatus other); +types::evse_security::GetCertificateSignRequestStatus to_everest(evse_security::GetCertificateSignRequestStatus other); +types::evse_security::GetCertificateInfoStatus to_everest(evse_security::GetCertificateInfoStatus other); types::evse_security::CertificateHashData to_everest(evse_security::CertificateHashData other); types::evse_security::CertificateHashDataChain to_everest(evse_security::CertificateHashDataChain other); types::evse_security::GetInstalledCertificatesResult to_everest(evse_security::GetInstalledCertificatesResult other); types::evse_security::OCSPRequestData to_everest(evse_security::OCSPRequestData other); types::evse_security::OCSPRequestDataList to_everest(evse_security::OCSPRequestDataList other); -types::evse_security::KeyPair to_everest(evse_security::KeyPair other); +types::evse_security::CertificateInfo to_everest(evse_security::CertificateInfo other); } // namespace conversions diff --git a/modules/EvseSecurity/main/evse_securityImpl.cpp b/modules/EvseSecurity/main/evse_securityImpl.cpp index cd6572464..d53df42c1 100644 --- a/modules/EvseSecurity/main/evse_securityImpl.cpp +++ b/modules/EvseSecurity/main/evse_securityImpl.cpp @@ -81,24 +81,36 @@ bool evse_securityImpl::handle_is_ca_certificate_installed(types::evse_security: return this->evse_security->is_ca_certificate_installed(conversions::from_everest(certificate_type)); } -std::string evse_securityImpl::handle_generate_certificate_signing_request( +types::evse_security::GetCertificateSignRequestResult evse_securityImpl::handle_generate_certificate_signing_request( types::evse_security::LeafCertificateType& certificate_type, std::string& country, std::string& organization, std::string& common, bool& use_tpm) { - return this->evse_security->generate_certificate_signing_request(conversions::from_everest(certificate_type), - country, organization, common, use_tpm); + types::evse_security::GetCertificateSignRequestResult response; + + auto csr_response = this->evse_security->generate_certificate_signing_request( + conversions::from_everest(certificate_type), country, organization, common, use_tpm); + + response.status = conversions::to_everest(csr_response.status); + + if (csr_response.status == evse_security::GetCertificateSignRequestStatus::Accepted && + csr_response.csr.has_value()) { + response.csr = csr_response.csr; + } + + return response; } -types::evse_security::GetKeyPairResult -evse_securityImpl::handle_get_key_pair(types::evse_security::LeafCertificateType& certificate_type, - types::evse_security::EncodingFormat& encoding) { - types::evse_security::GetKeyPairResult response; - const auto key_pair = this->evse_security->get_key_pair(conversions::from_everest(certificate_type), - conversions::from_everest(encoding)); +types::evse_security::GetCertificateInfoResult +evse_securityImpl::handle_get_leaf_certificate_info(types::evse_security::LeafCertificateType& certificate_type, + types::evse_security::EncodingFormat& encoding, + bool& include_ocsp) { + types::evse_security::GetCertificateInfoResult response; + const auto leaf_info = this->evse_security->get_leaf_certificate_info( + conversions::from_everest(certificate_type), conversions::from_everest(encoding), include_ocsp); - response.status = conversions::to_everest(key_pair.status); + response.status = conversions::to_everest(leaf_info.status); - if (key_pair.status == evse_security::GetKeyPairStatus::Accepted && key_pair.pair.has_value()) { - response.key_pair = conversions::to_everest(key_pair.pair.value()); + if (leaf_info.status == evse_security::GetCertificateInfoStatus::Accepted && leaf_info.info.has_value()) { + response.info = conversions::to_everest(leaf_info.info.value()); } return response; diff --git a/modules/EvseSecurity/main/evse_securityImpl.hpp b/modules/EvseSecurity/main/evse_securityImpl.hpp index 139bd26a2..0b278ae6f 100644 --- a/modules/EvseSecurity/main/evse_securityImpl.hpp +++ b/modules/EvseSecurity/main/evse_securityImpl.hpp @@ -53,13 +53,13 @@ class evse_securityImpl : public evse_securityImplBase { virtual void handle_update_ocsp_cache(types::evse_security::CertificateHashData& certificate_hash_data, std::string& ocsp_response) override; virtual bool handle_is_ca_certificate_installed(types::evse_security::CaCertificateType& certificate_type) override; - virtual std::string + virtual types::evse_security::GetCertificateSignRequestResult handle_generate_certificate_signing_request(types::evse_security::LeafCertificateType& certificate_type, std::string& country, std::string& organization, std::string& common, bool& use_tpm) override; - virtual types::evse_security::GetKeyPairResult - handle_get_key_pair(types::evse_security::LeafCertificateType& certificate_type, - types::evse_security::EncodingFormat& encoding) override; + virtual types::evse_security::GetCertificateInfoResult + handle_get_leaf_certificate_info(types::evse_security::LeafCertificateType& certificate_type, + types::evse_security::EncodingFormat& encoding, bool& include_ocsp) override; virtual std::string handle_get_verify_file(types::evse_security::CaCertificateType& certificate_type) override; virtual int handle_get_leaf_expiry_days_count(types::evse_security::LeafCertificateType& certificate_type) override; virtual bool handle_verify_file_signature(std::string& file_path, std::string& signing_certificate, diff --git a/modules/EvseV2G/connection.cpp b/modules/EvseV2G/connection.cpp index bcb9ae36c..a00fcc2a7 100644 --- a/modules/EvseV2G/connection.cpp +++ b/modules/EvseV2G/connection.cpp @@ -494,16 +494,16 @@ static bool connection_init_tls(struct v2g_context* ctx) { std::string v2g_root_cert_path = ctx->r_security->call_get_verify_file(types::evse_security::CaCertificateType::V2G); - const auto key_pair_response = ctx->r_security->call_get_key_pair(types::evse_security::LeafCertificateType::V2G, - types::evse_security::EncodingFormat::PEM); - if (key_pair_response.status != types::evse_security::GetKeyPairStatus::Accepted) { + const auto key_pair_response = ctx->r_security->call_get_leaf_certificate_info( + types::evse_security::LeafCertificateType::V2G, types::evse_security::EncodingFormat::PEM, false); + if (key_pair_response.status != types::evse_security::GetCertificateInfoStatus::Accepted) { dlog(DLOG_LEVEL_ERROR, "Failed to read key/pair!"); return false; } - std::string evse_leaf_cert_path = key_pair_response.key_pair.value().certificate; - std::string evse_leaf_key_path = key_pair_response.key_pair.value().key; - std::string secc_leaf_key_password = key_pair_response.key_pair.value().password.value_or(""); + std::string evse_leaf_cert_path = key_pair_response.info.value().certificate.value(); + std::string evse_leaf_key_path = key_pair_response.info.value().key; + std::string secc_leaf_key_password = key_pair_response.info.value().password.value_or(""); uint8_t num_of_v2g_root = 1; mbedtls_x509_crt* root_crt = &ctx->v2g_root_crt; diff --git a/third-party/bazel/deps_versions.bzl b/third-party/bazel/deps_versions.bzl index cb9595dcc..6863266e7 100644 --- a/third-party/bazel/deps_versions.bzl +++ b/third-party/bazel/deps_versions.bzl @@ -46,8 +46,8 @@ EVEREST_DEPS = struct( # libevse-security libevse_security_repo = "https://github.com/EVerest/libevse-security.git", - libevse_security_commit = None, - libevse_security_tag = "v0.6.0", + libevse_security_commit = "6e702ef5df568c2f9929a3c3b97a09c0cb4c5b21", + libevse_security_tag = None, # libfsm libfsm_repo = "https://github.com/EVerest/libfsm.git", @@ -61,8 +61,8 @@ EVEREST_DEPS = struct( # libocpp libocpp_repo = "https://github.com/EVerest/libocpp.git", - libocpp_commit = None, - libocpp_tag = "v0.11.0", + libocpp_commit = "9deeb534c7f38981a422b53a6f0416bdb791b368", + libocpp_tag = None, # libslac libslac_repo = "https://github.com/EVerest/libslac.git", diff --git a/types/evse_security.yaml b/types/evse_security.yaml index 7709aca3b..5fdce9f00 100644 --- a/types/evse_security.yaml +++ b/types/evse_security.yaml @@ -76,8 +76,16 @@ types: enum: - Accepted - NotFound - GetKeyPairStatus: - description: Status indicates the result of the attempt to retrieve a a keypair + GetCertificateSignRequestStatus: + description: Status indicates the result to generate a certificate signing request + type: string + enum: + - Accepted + - InvalidRequestedType + - KeyGenError + - GenerationError + GetCertificateInfoStatus: + description: Status indicates the result of the attempt to retrieve a certificate type: string enum: - Accepted @@ -183,13 +191,38 @@ types: minimum: 0 type: object $ref: /evse_security#/OCSPRequestData - KeyPair: + CertificateOCSP: + description: OCSP data related to requested the certificates + type: object + required: + - hash + properties: + hash: + description: Hash of certificate linked to the provided data + type: object + $ref: /evse_security#/CertificateHashData + ocsp_path: + description: OCSP path of the file containing the data + type: string + GetCertificateSignRequestResult: + description: Response related to a CSR generation + type: object + required: + - status + properties: + status: + description: Status of the request + type: string + $ref: /evse_security#/GetCertificateSignRequestStatus + csr: + description: PEM encoded certificate signing request + type: string + CertificateInfo: description: Type that specifies the paths of a certificate and the respective private key type: object required: - - key - - certificate - - certificate_single + - key + - certificate_count properties: key: description: The path of the PEM or DER encoded private key @@ -200,11 +233,21 @@ types: certificate_single: description: The path of the PEM or DER encoded single certificate type: string + certificate_count: + description: The count of certificates in the chain + type: integer password: description: Specifies the password for the private key if encrypted type: string - GetKeyPairResult: - description: Response to the command get_key_pair + ocsp: + description: Certificate related OCSP data, if requested + type: array + items: + minimum: 0 + type: object + $ref: /evse_security#/CertificateOCSP + GetCertificateInfoResult: + description: Response to the command get_leaf_certificate_info type: object required: - status @@ -212,9 +255,9 @@ types: status: description: The status of the requested command type: string - $ref: /evse_security#/GetKeyPairStatus - key_pair: - description: The requested key pair + $ref: /evse_security#/GetCertificateInfoStatus + info: + description: The requested info type: object - $ref: /evse_security#/KeyPair + $ref: /evse_security#/CertificateInfo