Updated interface usage for new certificate retrieval

dependencies.yaml

@@ -53,7 +53,7 @@ libevse-security:
 # OCPP
 libocpp:
   git: https://github.com/EVerest/libocpp.git
-  git_tag: v0.11.0
+  git_tag: f4868f3
   cmake_condition: "EVEREST_DEPENDENCY_ENABLED_LIBOCPP"
 # Josev
 Josev:

interfaces/evse_security.yaml

@@ -103,6 +103,16 @@ cmds:
       ocsp_response:
         description: OCSPResponse class as defined in IETF RFC 6960. DER and then base64 encoded
         type: string
+  retrieve_ocsp_cache:
+    description: Command to retrieve the OCSP cache file path of the specified certificate hash
+    arguments:
+      certificate_hash_data:
+        description: Certificate hash data that identifies the certificate for which the cache should be retrieved
+        type: object
+        $ref: /evse_security#/CertificateHashData
+    result:
+      description: Path of data related to the certificate hash, if present
+      type: string
   is_ca_certificate_installed:
     description: Command that indicates of the given CA certificate type is installed
     arguments:
@@ -135,7 +145,7 @@ cmds:
     result:
       description: The certificate signing request in PEM format
       type: string
-  get_key_pair:
+  get_leaf_certificate_info:
     description: Command to get the paths of the certificate and the respective key
     arguments:
       certificate_type: 
@@ -146,10 +156,13 @@ cmds:
         description: Specifies the encoding of the key
         type: string
         $ref: /evse_security#/EncodingFormat
+      include_ocsp:
+        description: Specifies whether per-certificate OCSP data  is also requested
+        type: boolean
     result:
       description: The response to the requested command
       type: object
-      $ref: /evse_security#/GetKeyPairResult
+      $ref: /evse_security#/GetCertificateInfoResult
   get_verify_file:
     description: Command to get the file path of a CA bundle that can be used for verification
     arguments:

lib/staging/ocpp/evse_security_ocpp.cpp

@@ -91,13 +91,15 @@ std::string EvseSecurity::generate_certificate_signing_request(const ocpp::Certi
                                                                       organization, common, use_tpm);
 }
 
-std::optional<ocpp::KeyPair> EvseSecurity::get_key_pair(const ocpp::CertificateSigningUseEnum& certificate_type) {
-    const auto key_pair_response = this->r_security.call_get_key_pair(conversions::from_ocpp(certificate_type),
-                                                                      types::evse_security::EncodingFormat::PEM);
-    if (key_pair_response.status == types::evse_security::GetKeyPairStatus::Accepted and
-        key_pair_response.key_pair.has_value()) {
-        const auto _key_pair = conversions::to_ocpp(key_pair_response.key_pair.value());
-        return _key_pair;
+std::optional<ocpp::CertificateInfo>
+EvseSecurity::get_leaf_certificate_info(const ocpp::CertificateSigningUseEnum& certificate_type, bool include_ocsp) {
+    const auto info_response = this->r_security.call_get_leaf_certificate_info(
+        conversions::from_ocpp(certificate_type), types::evse_security::EncodingFormat::PEM, include_ocsp);
+
+    if (info_response.status == types::evse_security::GetCertificateInfoStatus::Accepted and
+        info_response.info.has_value()) {
+        const auto _info = conversions::to_ocpp(info_response.info.value());
+        return _info;
     } else {
         return std::nullopt;
     }
@@ -279,12 +281,31 @@ ocpp::OCSPRequestData to_ocpp(types::evse_security::OCSPRequestData other) {
     return lhs;
 }
 
-ocpp::KeyPair to_ocpp(types::evse_security::KeyPair other) {
-    ocpp::KeyPair lhs;
+ocpp::CertificateOCSP to_ocpp(types::evse_security::CertificateOCSP other) {
+    ocpp::CertificateOCSP lhs;
+    lhs.hash = to_ocpp(other.hash);
+
+    if (other.ocsp_path.has_value()) {
+        lhs.ocsp_path = other.ocsp_path.value();
+    }
+
+    return lhs;
+}
+
+ocpp::CertificateInfo to_ocpp(types::evse_security::CertificateInfo other) {
+    ocpp::CertificateInfo lhs;
     lhs.certificate_path = other.certificate;
     lhs.certificate_single_path = other.certificate_single;
     lhs.key_path = other.key;
     lhs.password = other.password;
+    lhs.certificate_count = other.certificate_count;
+
+    if (other.ocsp.has_value()) {
+        for (auto& ocsp_data : other.ocsp.value()) {
+            lhs.ocsp.push_back(to_ocpp(ocsp_data));
+        }
+    }
+
     return lhs;
 }
 
@@ -440,10 +461,13 @@ types::evse_security::OCSPRequestData from_ocpp(ocpp::OCSPRequestData other) {
     return lhs;
 }
 
-types::evse_security::KeyPair from_ocpp(ocpp::KeyPair other) {
-    types::evse_security::KeyPair lhs;
-    lhs.key = other.certificate_path;
-    lhs.certificate = other.key_path;
+types::evse_security::CertificateInfo from_ocpp(ocpp::CertificateInfo other) {
+    types::evse_security::CertificateInfo lhs;
+    lhs.certificate = other.certificate_path;
+    lhs.certificate_single = other.certificate_single_path;
+    lhs.certificate_count = other.certificate_count;
+    lhs.key = other.key_path;
+    lhs.password = other.password;
     return lhs;
 }
 

lib/staging/ocpp/evse_security_ocpp.hpp

@@ -35,7 +35,8 @@ class EvseSecurity : public ocpp::EvseSecurity {
     std::string generate_certificate_signing_request(const ocpp::CertificateSigningUseEnum& certificate_type,
                                                      const std::string& country, const std::string& organization,
                                                      const std::string& common, bool use_tpm) override;
-    std::optional<ocpp::KeyPair> get_key_pair(const ocpp::CertificateSigningUseEnum& certificate_type) override;
+    std::optional<ocpp::CertificateInfo>
+    get_leaf_certificate_info(const ocpp::CertificateSigningUseEnum& certificate_type, bool include_ocsp) override;
     bool update_certificate_links(const ocpp::CertificateSigningUseEnum& certificate_type) override;
     std::string get_verify_file(const ocpp::CaCertificateType& certificate_type) override;
     int get_leaf_expiry_days_count(const ocpp::CertificateSigningUseEnum& certificate_type) override;
@@ -54,7 +55,8 @@ ocpp::DeleteCertificateResult to_ocpp(types::evse_security::DeleteCertificateRes
 ocpp::CertificateHashDataType to_ocpp(types::evse_security::CertificateHashData other);
 ocpp::CertificateHashDataChain to_ocpp(types::evse_security::CertificateHashDataChain other);
 ocpp::OCSPRequestData to_ocpp(types::evse_security::OCSPRequestData other);
-ocpp::KeyPair to_ocpp(types::evse_security::KeyPair other);
+ocpp::CertificateOCSP to_ocpp(types::evse_security::CertificateOCSP other);
+ocpp::CertificateInfo to_ocpp(types::evse_security::CertificateInfo other);
 
 types::evse_security::CaCertificateType from_ocpp(ocpp::CaCertificateType other);
 types::evse_security::LeafCertificateType from_ocpp(ocpp::CertificateSigningUseEnum other);
@@ -67,7 +69,7 @@ types::evse_security::DeleteCertificateResult from_ocpp(ocpp::DeleteCertificateR
 types::evse_security::CertificateHashData from_ocpp(ocpp::CertificateHashDataType other);
 types::evse_security::CertificateHashDataChain from_ocpp(ocpp::CertificateHashDataChain other);
 types::evse_security::OCSPRequestData from_ocpp(ocpp::OCSPRequestData other);
-types::evse_security::KeyPair from_ocpp(ocpp::KeyPair other);
+types::evse_security::CertificateInfo from_ocpp(ocpp::CertificateInfo other);
 
 }; // namespace conversions
 

modules/EvseSecurity/conversions.cpp

@@ -188,12 +188,29 @@ evse_security::OCSPRequestDataList from_everest(types::evse_security::OCSPReques
     return lhs;
 }
 
-evse_security::KeyPair from_everest(types::evse_security::KeyPair other) {
-    evse_security::KeyPair lhs;
+evse_security::CertificateOCSP from_everest(types::evse_security::CertificateOCSP other) {
+    evse_security::CertificateOCSP lhs;
+    lhs.hash = from_everest(other.hash);
+
+    if (other.ocsp_path.has_value()) {
+        lhs.ocsp_path = other.ocsp_path.value();
+    }
+
+    return lhs;
+}
+
+evse_security::CertificateInfo from_everest(types::evse_security::CertificateInfo other) {
+    evse_security::CertificateInfo lhs;
     lhs.key = other.key;
     lhs.certificate = other.certificate;
     lhs.certificate_single = other.certificate_single;
+    lhs.certificate_count = other.certificate_count;
     lhs.password = other.password;
+    if (other.ocsp.has_value()) {
+        for (auto& ocsp_data : other.ocsp.value()) {
+            lhs.ocsp.push_back(from_everest(ocsp_data));
+        }
+    }
     return lhs;
 }
 
@@ -346,21 +363,21 @@ types::evse_security::GetInstalledCertificatesStatus to_everest(evse_security::G
     }
 }
 
-types::evse_security::GetKeyPairStatus to_everest(evse_security::GetKeyPairStatus other) {
+types::evse_security::GetCertificateInfoStatus to_everest(evse_security::GetCertificateInfoStatus other) {
     switch (other) {
-    case evse_security::GetKeyPairStatus::Accepted:
-        return types::evse_security::GetKeyPairStatus::Accepted;
-    case evse_security::GetKeyPairStatus::Rejected:
-        return types::evse_security::GetKeyPairStatus::Rejected;
-    case evse_security::GetKeyPairStatus::NotFound:
-        return types::evse_security::GetKeyPairStatus::NotFound;
-    case evse_security::GetKeyPairStatus::NotFoundValid:
-        return types::evse_security::GetKeyPairStatus::NotFoundValid;
-    case evse_security::GetKeyPairStatus::PrivateKeyNotFound:
-        return types::evse_security::GetKeyPairStatus::PrivateKeyNotFound;
+    case evse_security::GetCertificateInfoStatus::Accepted:
+        return types::evse_security::GetCertificateInfoStatus::Accepted;
+    case evse_security::GetCertificateInfoStatus::Rejected:
+        return types::evse_security::GetCertificateInfoStatus::Rejected;
+    case evse_security::GetCertificateInfoStatus::NotFound:
+        return types::evse_security::GetCertificateInfoStatus::NotFound;
+    case evse_security::GetCertificateInfoStatus::NotFoundValid:
+        return types::evse_security::GetCertificateInfoStatus::NotFoundValid;
+    case evse_security::GetCertificateInfoStatus::PrivateKeyNotFound:
+        return types::evse_security::GetCertificateInfoStatus::PrivateKeyNotFound;
     default:
-        throw std::runtime_error("Could not convert evse_security::GetKeyPairStatus to "
-                                 "types::evse_security::GetKeyPairStatus");
+        throw std::runtime_error("Could not convert evse_security::GetCertificateInfoStatus to "
+                                 "types::evse_security::GetCertificateInfoStatus");
     }
 }
 
@@ -415,12 +432,13 @@ types::evse_security::OCSPRequestDataList to_everest(evse_security::OCSPRequestD
     return lhs;
 }
 
-types::evse_security::KeyPair to_everest(evse_security::KeyPair other) {
-    types::evse_security::KeyPair lhs;
+types::evse_security::CertificateInfo to_everest(evse_security::CertificateInfo other) {
+    types::evse_security::CertificateInfo lhs;
     lhs.key = other.key;
     lhs.certificate = other.certificate;
     lhs.certificate_single = other.certificate_single;
     lhs.password = other.password;
+    lhs.certificate_count = other.certificate_count;
     return lhs;
 }
 

modules/EvseSecurity/conversions.hpp

@@ -24,7 +24,7 @@ evse_security::CertificateHashDataChain from_everest(types::evse_security::Certi
 evse_security::GetInstalledCertificatesResult from_everest(types::evse_security::GetInstalledCertificatesResult other);
 evse_security::OCSPRequestData from_everest(types::evse_security::OCSPRequestData other);
 evse_security::OCSPRequestDataList from_everest(types::evse_security::OCSPRequestDataList other);
-evse_security::KeyPair from_everest(types::evse_security::KeyPair other);
+evse_security::CertificateInfo from_everest(types::evse_security::CertificateInfo other);
 
 types::evse_security::EncodingFormat to_everest(evse_security::EncodingFormat other);
 types::evse_security::CaCertificateType to_everest(evse_security::CaCertificateType other);
@@ -35,14 +35,14 @@ types::evse_security::InstallCertificateResult to_everest(evse_security::Install
 types::evse_security::CertificateValidationResult to_everest(evse_security::CertificateValidationResult other);
 types::evse_security::DeleteCertificateResult to_everest(evse_security::DeleteCertificateResult other);
 types::evse_security::GetInstalledCertificatesStatus to_everest(evse_security::GetInstalledCertificatesStatus other);
-types::evse_security::GetKeyPairStatus to_everest(evse_security::GetKeyPairStatus other);
+types::evse_security::GetCertificateInfoStatus to_everest(evse_security::GetCertificateInfoStatus other);
 
 types::evse_security::CertificateHashData to_everest(evse_security::CertificateHashData other);
 types::evse_security::CertificateHashDataChain to_everest(evse_security::CertificateHashDataChain other);
 types::evse_security::GetInstalledCertificatesResult to_everest(evse_security::GetInstalledCertificatesResult other);
 types::evse_security::OCSPRequestData to_everest(evse_security::OCSPRequestData other);
 types::evse_security::OCSPRequestDataList to_everest(evse_security::OCSPRequestDataList other);
-types::evse_security::KeyPair to_everest(evse_security::KeyPair other);
+types::evse_security::CertificateInfo to_everest(evse_security::CertificateInfo other);
 
 } // namespace conversions
 

modules/EvseSecurity/main/evse_securityImpl.cpp

@@ -77,6 +77,17 @@ void evse_securityImpl::handle_update_ocsp_cache(types::evse_security::Certifica
     this->evse_security->update_ocsp_cache(conversions::from_everest(certificate_hash_data), ocsp_response);
 }
 
+std::string
+evse_securityImpl::handle_retrieve_ocsp_cache(types::evse_security::CertificateHashData& certificate_hash_data) {
+    auto cache = this->evse_security->retrieve_ocsp_cache(conversions::from_everest(certificate_hash_data));
+
+    if (cache.has_value()) {
+        return cache.value();
+    }
+
+    return {};
+}
+
 bool evse_securityImpl::handle_is_ca_certificate_installed(types::evse_security::CaCertificateType& certificate_type) {
     return this->evse_security->is_ca_certificate_installed(conversions::from_everest(certificate_type));
 }
@@ -88,17 +99,18 @@ std::string evse_securityImpl::handle_generate_certificate_signing_request(
                                                                      country, organization, common, use_tpm);
 }
 
-types::evse_security::GetKeyPairResult
-evse_securityImpl::handle_get_key_pair(types::evse_security::LeafCertificateType& certificate_type,
-                                       types::evse_security::EncodingFormat& encoding) {
-    types::evse_security::GetKeyPairResult response;
-    const auto key_pair = this->evse_security->get_key_pair(conversions::from_everest(certificate_type),
-                                                            conversions::from_everest(encoding));
+types::evse_security::GetCertificateInfoResult
+evse_securityImpl::handle_get_leaf_certificate_info(types::evse_security::LeafCertificateType& certificate_type,
+                                                    types::evse_security::EncodingFormat& encoding,
+                                                    bool& include_ocsp) {
+    types::evse_security::GetCertificateInfoResult response;
+    const auto leaf_info = this->evse_security->get_leaf_certificate_info(
+        conversions::from_everest(certificate_type), conversions::from_everest(encoding), include_ocsp);
 
-    response.status = conversions::to_everest(key_pair.status);
+    response.status = conversions::to_everest(leaf_info.status);
 
-    if (key_pair.status == evse_security::GetKeyPairStatus::Accepted && key_pair.pair.has_value()) {
-        response.key_pair = conversions::to_everest(key_pair.pair.value());
+    if (leaf_info.status == evse_security::GetCertificateInfoStatus::Accepted && leaf_info.info.has_value()) {
+        response.info = conversions::to_everest(leaf_info.info.value());
     }
 
     return response;

modules/EvseSecurity/main/evse_securityImpl.hpp

@@ -52,14 +52,16 @@ class evse_securityImpl : public evse_securityImplBase {
     handle_get_mo_ocsp_request_data(std::string& certificate_chain) override;
     virtual void handle_update_ocsp_cache(types::evse_security::CertificateHashData& certificate_hash_data,
                                           std::string& ocsp_response) override;
+    virtual std::string
+    handle_retrieve_ocsp_cache(types::evse_security::CertificateHashData& certificate_hash_data) override;
     virtual bool handle_is_ca_certificate_installed(types::evse_security::CaCertificateType& certificate_type) override;
     virtual std::string
     handle_generate_certificate_signing_request(types::evse_security::LeafCertificateType& certificate_type,
                                                 std::string& country, std::string& organization, std::string& common,
                                                 bool& use_tpm) override;
-    virtual types::evse_security::GetKeyPairResult
-    handle_get_key_pair(types::evse_security::LeafCertificateType& certificate_type,
-                        types::evse_security::EncodingFormat& encoding) override;
+    virtual types::evse_security::GetCertificateInfoResult
+    handle_get_leaf_certificate_info(types::evse_security::LeafCertificateType& certificate_type,
+                                     types::evse_security::EncodingFormat& encoding, bool& include_ocsp) override;
     virtual std::string handle_get_verify_file(types::evse_security::CaCertificateType& certificate_type) override;
     virtual int handle_get_leaf_expiry_days_count(types::evse_security::LeafCertificateType& certificate_type) override;
     virtual bool handle_verify_file_signature(std::string& file_path, std::string& signing_certificate,

modules/EvseV2G/connection.cpp

@@ -494,16 +494,16 @@ static bool connection_init_tls(struct v2g_context* ctx) {
     std::string v2g_root_cert_path =
         ctx->r_security->call_get_verify_file(types::evse_security::CaCertificateType::V2G);
 
-    const auto key_pair_response = ctx->r_security->call_get_key_pair(types::evse_security::LeafCertificateType::V2G,
-                                                                      types::evse_security::EncodingFormat::PEM);
-    if (key_pair_response.status != types::evse_security::GetKeyPairStatus::Accepted) {
+    const auto key_pair_response = ctx->r_security->call_get_leaf_certificate_info(
+        types::evse_security::LeafCertificateType::V2G, types::evse_security::EncodingFormat::PEM, false);
+    if (key_pair_response.status != types::evse_security::GetCertificateInfoStatus::Accepted) {
         dlog(DLOG_LEVEL_ERROR, "Failed to read key/pair!");
         return false;
     }
 
-    std::string evse_leaf_cert_path = key_pair_response.key_pair.value().certificate;
-    std::string evse_leaf_key_path = key_pair_response.key_pair.value().key;
-    std::string secc_leaf_key_password = key_pair_response.key_pair.value().password.value_or("");
+    std::string evse_leaf_cert_path = key_pair_response.info.value().certificate.value();
+    std::string evse_leaf_key_path = key_pair_response.info.value().key;
+    std::string secc_leaf_key_password = key_pair_response.info.value().password.value_or("");
 
     uint8_t num_of_v2g_root = 1;
     mbedtls_x509_crt* root_crt = &ctx->v2g_root_crt;