From 49235751ad1f0b1fceaaea5493988139836c24a2 Mon Sep 17 00:00:00 2001 From: AssemblyJohn Date: Wed, 16 Oct 2024 16:59:09 +0300 Subject: [PATCH 1/7] Security interface modifications for extended certificate retrieval Signed-off-by: AssemblyJohn --- interfaces/evse_security.yaml | 20 ++++++++++++++++++++ types/evse_security.yaml | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/interfaces/evse_security.yaml b/interfaces/evse_security.yaml index 1bc784415..1af1f11fd 100644 --- a/interfaces/evse_security.yaml +++ b/interfaces/evse_security.yaml @@ -154,6 +154,26 @@ cmds: description: The response to the requested command type: object $ref: /evse_security#/GetCertificateInfoResult + get_all_valid_certificates_info: + description: >- + Finds the latest valid leafs, for each root certificate that is present on the filesystem, + and returns all the newest valid leafs that are present for different roots + arguments: + certificate_type: + description: Specifies the leaf certificate type + type: string + $ref: /evse_security#/LeafCertificateType + encoding: + description: Specifies the encoding of the key + type: string + $ref: /evse_security#/EncodingFormat + include_ocsp: + description: Specifies whether per-certificate OCSP data is also requested + type: boolean + result: + description: The response to the requested command + type: object + $ref: /evse_security#/GetCertificateFullInfoResult get_verify_file: description: Command to get the file path of a CA bundle that can be used for verification arguments: diff --git a/types/evse_security.yaml b/types/evse_security.yaml index 5fdce9f00..31679ba70 100644 --- a/types/evse_security.yaml +++ b/types/evse_security.yaml @@ -227,6 +227,9 @@ types: key: description: The path of the PEM or DER encoded private key type: string + certificate_root: + description: The PEM of the root certificate that issued this leaf + type: string certificate: description: The path of the PEM or DER encoded certificate chain type: string @@ -260,4 +263,21 @@ types: description: The requested info type: object $ref: /evse_security#/CertificateInfo + GetCertificateFullInfoResult: + description: Response to the command get_all_valid_certificates_info + type: object + required: + - status + properties: + status: + description: The status of the requested command + type: string + $ref: /evse_security#/GetCertificateInfoStatus + info: + description: The requested info + type: array + items: + minimum: 0 + type: object + $ref: /evse_security#/CertificateInfo From 78e9c17d7270fd695e98519121616395467dd4c4 Mon Sep 17 00:00:00 2001 From: AssemblyJohn Date: Thu, 17 Oct 2024 10:31:30 +0300 Subject: [PATCH 2/7] Updated impl for new interface Signed-off-by: AssemblyJohn --- modules/EvseSecurity/main/evse_securityImpl.hpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/EvseSecurity/main/evse_securityImpl.hpp b/modules/EvseSecurity/main/evse_securityImpl.hpp index 0b278ae6f..768d88e40 100644 --- a/modules/EvseSecurity/main/evse_securityImpl.hpp +++ b/modules/EvseSecurity/main/evse_securityImpl.hpp @@ -60,6 +60,9 @@ class evse_securityImpl : public evse_securityImplBase { virtual types::evse_security::GetCertificateInfoResult handle_get_leaf_certificate_info(types::evse_security::LeafCertificateType& certificate_type, types::evse_security::EncodingFormat& encoding, bool& include_ocsp) override; + virtual types::evse_security::GetCertificateFullInfoResult + handle_get_all_valid_certificates_info(types::evse_security::LeafCertificateType& certificate_type, + types::evse_security::EncodingFormat& encoding, bool& include_ocsp) override; virtual std::string handle_get_verify_file(types::evse_security::CaCertificateType& certificate_type) override; virtual int handle_get_leaf_expiry_days_count(types::evse_security::LeafCertificateType& certificate_type) override; virtual bool handle_verify_file_signature(std::string& file_path, std::string& signing_certificate, From adbf31a591c6bc93728171b6168bca2357c61cbd Mon Sep 17 00:00:00 2001 From: AssemblyJohn Date: Thu, 17 Oct 2024 11:46:27 +0300 Subject: [PATCH 3/7] Updated sec module interfaces/implementation Signed-off-by: AssemblyJohn --- lib/staging/evse_security/conversions.cpp | 3 ++- .../EvseSecurity/main/evse_securityImpl.cpp | 19 +++++++++++++++++++ types/evse_security.yaml | 1 + 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/lib/staging/evse_security/conversions.cpp b/lib/staging/evse_security/conversions.cpp index 216c48807..d965b5eba 100644 --- a/lib/staging/evse_security/conversions.cpp +++ b/lib/staging/evse_security/conversions.cpp @@ -451,10 +451,11 @@ types::evse_security::OCSPRequestDataList to_everest(evse_security::OCSPRequestD types::evse_security::CertificateInfo to_everest(evse_security::CertificateInfo other) { types::evse_security::CertificateInfo lhs; lhs.key = other.key; + lhs.certificate_root = other.certificate_root; lhs.certificate = other.certificate; lhs.certificate_single = other.certificate_single; lhs.password = other.password; - lhs.certificate_count = other.certificate_count; + lhs.certificate_count = other.certificate_count; return lhs; } diff --git a/modules/EvseSecurity/main/evse_securityImpl.cpp b/modules/EvseSecurity/main/evse_securityImpl.cpp index 050782928..7c601c47d 100644 --- a/modules/EvseSecurity/main/evse_securityImpl.cpp +++ b/modules/EvseSecurity/main/evse_securityImpl.cpp @@ -121,6 +121,25 @@ evse_securityImpl::handle_get_leaf_certificate_info(types::evse_security::LeafCe return response; } +types::evse_security::GetCertificateFullInfoResult +evse_securityImpl::handle_get_all_valid_certificates_info(types::evse_security::LeafCertificateType& certificate_type, + types::evse_security::EncodingFormat& encoding, bool& include_ocsp) { + types::evse_security::GetCertificateFullInfoResult response; + + const auto full_leaf_info = this->evse_security->get_all_valid_certificates_info( + conversions::from_everest(certificate_type), conversions::from_everest(encoding), include_ocsp); + + response.status = conversions::to_everest(full_leaf_info.status); + + if (full_leaf_info.status == evse_security::GetCertificateInfoStatus::Accepted) { + for(const auto& info : full_leaf_info.info) { + response.info.push_back(conversions::to_everest(info)); + } + } + + return response; +} + std::string evse_securityImpl::handle_get_verify_file(types::evse_security::CaCertificateType& certificate_type) { return this->evse_security->get_verify_file(conversions::from_everest(certificate_type)); } diff --git a/types/evse_security.yaml b/types/evse_security.yaml index 31679ba70..3e5a90e4f 100644 --- a/types/evse_security.yaml +++ b/types/evse_security.yaml @@ -268,6 +268,7 @@ types: type: object required: - status + - info properties: status: description: The status of the requested command From 94c6468f42bc86ecc2cd05576a393f023d5654f6 Mon Sep 17 00:00:00 2001 From: AssemblyJohn Date: Mon, 21 Oct 2024 11:37:20 +0300 Subject: [PATCH 4/7] Format Signed-off-by: AssemblyJohn --- lib/staging/evse_security/conversions.cpp | 2 +- modules/EvseSecurity/main/evse_securityImpl.cpp | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/staging/evse_security/conversions.cpp b/lib/staging/evse_security/conversions.cpp index d965b5eba..909f98962 100644 --- a/lib/staging/evse_security/conversions.cpp +++ b/lib/staging/evse_security/conversions.cpp @@ -455,7 +455,7 @@ types::evse_security::CertificateInfo to_everest(evse_security::CertificateInfo lhs.certificate = other.certificate; lhs.certificate_single = other.certificate_single; lhs.password = other.password; - lhs.certificate_count = other.certificate_count; + lhs.certificate_count = other.certificate_count; return lhs; } diff --git a/modules/EvseSecurity/main/evse_securityImpl.cpp b/modules/EvseSecurity/main/evse_securityImpl.cpp index 7c601c47d..29fe3a5d1 100644 --- a/modules/EvseSecurity/main/evse_securityImpl.cpp +++ b/modules/EvseSecurity/main/evse_securityImpl.cpp @@ -123,16 +123,17 @@ evse_securityImpl::handle_get_leaf_certificate_info(types::evse_security::LeafCe types::evse_security::GetCertificateFullInfoResult evse_securityImpl::handle_get_all_valid_certificates_info(types::evse_security::LeafCertificateType& certificate_type, - types::evse_security::EncodingFormat& encoding, bool& include_ocsp) { + types::evse_security::EncodingFormat& encoding, + bool& include_ocsp) { types::evse_security::GetCertificateFullInfoResult response; const auto full_leaf_info = this->evse_security->get_all_valid_certificates_info( conversions::from_everest(certificate_type), conversions::from_everest(encoding), include_ocsp); - + response.status = conversions::to_everest(full_leaf_info.status); if (full_leaf_info.status == evse_security::GetCertificateInfoStatus::Accepted) { - for(const auto& info : full_leaf_info.info) { + for (const auto& info : full_leaf_info.info) { response.info.push_back(conversions::to_everest(info)); } } From 5f66ecab5e5eeb55239e74503c8badabf88749ed Mon Sep 17 00:00:00 2001 From: AssemblyJohn Date: Mon, 21 Oct 2024 12:11:59 +0300 Subject: [PATCH 5/7] Updated dependencies Signed-off-by: AssemblyJohn --- dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.yaml b/dependencies.yaml index 3dea366cc..d8989c67a 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -60,7 +60,7 @@ libcurl: # and would otherwise be overwritten by the version used there libevse-security: git: https://github.com/EVerest/libevse-security.git - git_tag: v0.8.0 + git_tag: 5c0b6655a49167e8140f08e155fa43c823134897 cmake_condition: "EVEREST_DEPENDENCY_ENABLED_LIBEVSE_SECURITY" # OCPP From a10822659bb58841cb65c35eb8910fbbc326cc11 Mon Sep 17 00:00:00 2001 From: AssemblyJohn Date: Tue, 22 Oct 2024 13:51:06 +0300 Subject: [PATCH 6/7] Updated security deps Signed-off-by: AssemblyJohn --- dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.yaml b/dependencies.yaml index d8989c67a..d796a7b9b 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -60,7 +60,7 @@ libcurl: # and would otherwise be overwritten by the version used there libevse-security: git: https://github.com/EVerest/libevse-security.git - git_tag: 5c0b6655a49167e8140f08e155fa43c823134897 + git_tag: v0.9.0 cmake_condition: "EVEREST_DEPENDENCY_ENABLED_LIBEVSE_SECURITY" # OCPP From 61e304d37300a24c9cf6ef13c30828c75fb7c434 Mon Sep 17 00:00:00 2001 From: AssemblyJohn Date: Wed, 23 Oct 2024 14:43:59 +0300 Subject: [PATCH 7/7] Updated deps for updated security tag Signed-off-by: AssemblyJohn --- dependencies.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dependencies.yaml b/dependencies.yaml index d796a7b9b..2caf45112 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -56,11 +56,11 @@ libcurl: cmake_condition: "EVEREST_DEPENDENCY_ENABLED_LIBCURL" # EvseSecurity -# This has to appear before libocpp in this file since it is also a direct dependency of libocpp -# and would otherwise be overwritten by the version used there +# This has to appear before libocpp in this file since it is also a direct dependency +# of libocpp and would otherwise be overwritten by the version used there libevse-security: git: https://github.com/EVerest/libevse-security.git - git_tag: v0.9.0 + git_tag: v0.9.1 cmake_condition: "EVEREST_DEPENDENCY_ENABLED_LIBEVSE_SECURITY" # OCPP