From ba66ca6e5cf705321b4b959ccf868b9b1d72d335 Mon Sep 17 00:00:00 2001 From: "Bryan T. Richardson" Date: Sat, 16 Mar 2024 08:18:50 -0600 Subject: [PATCH] Updated OCPP 2.0.1 Security Profile 2 MRE demo script Adjusted creation of OCPP server (MaEVe CSMS) certificate bundles based on conversations in Zulip around the topic. Added `extra_hosts` config to EVerest Manager service in relevant Docker Compose file to get constent behavior on all platforms for the `host.docker.internal` DNS name that is used as part of the demo. Signed-off-by: Bryan T. Richardson --- demo-iso15118-2-ac-plus-ocpp201.sp2.sh | 53 ++++++++++++++------------ docker-compose.ocpp201.sp2.yml | 2 + 2 files changed, 31 insertions(+), 24 deletions(-) diff --git a/demo-iso15118-2-ac-plus-ocpp201.sp2.sh b/demo-iso15118-2-ac-plus-ocpp201.sp2.sh index 88934dc7..2e7ed18b 100755 --- a/demo-iso15118-2-ac-plus-ocpp201.sp2.sh +++ b/demo-iso15118-2-ac-plus-ocpp201.sp2.sh @@ -22,19 +22,16 @@ download_demo_file() { curl -s -o "${destination_path}" "${repo_raw_url}/${repo_file_path}" if [[ "$?" != 0 ]]; then echo "Error: Failed to retrieve \"${repo_file_path}\" from the demo" - echo 'repository. If this issue persists, please report this as an' - echo 'issue in the EVerest project:' - echo ' https://github.com/EVerest/EVerest/issues' - exit 1 + echo 'repository. If this issue persists, please report this as an' + echo 'issue in the EVerest project:' + echo ' https://github.com/EVerest/EVerest/issues' + exit 1 fi } echo "Cloning EVerest into ${DEMO_DIR}/everest-demo" cd ${DEMO_DIR} -git clone https://github.com/US-JOET/everest-demo.git everest-demo -pushd everest-demo -git checkout --track origin/enable_security_profile_2 -popd +git clone https://github.com/everest/everest-demo.git everest-demo echo "Cloning MaEVe CSMS into ${DEMO_DIR}/maeve-csms and starting it" git clone https://github.com/thoughtworks/maeve-csms.git maeve-csms @@ -42,21 +39,29 @@ cp everest-demo/manager/cached_certs_correct_name.tar.gz maeve-csms pushd maeve-csms echo "Copying certs into ${DEMO_DIR}/maeve-csms/config/certificates" -tar xzvf cached_certs_correct_name.tar.gz -cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem -cp dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem config/certificates/cpo_sub_ca1.pem -cp dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem config/certificates/cpo_sub_ca2.pem -cp dist/etc/everest/certs/client/csms/CSMS_LEAF.pem config/certificates/csms.pem +tar xf cached_certs_correct_name.tar.gz +cat dist/etc/everest/certs/client/csms/CSMS_LEAF.pem \ + dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ + dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ + > config/certificates/csms.pem +cat dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ + dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ + > config/certificates/trust.pem cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key config/certificates/csms.key -cp dist/etc/everest/certs/client/csms/CPO_SUB_CA1.key config/certificates/cpo_sub_ca1.key -cp dist/etc/everest/certs/client/csms/CPO_SUB_CA2.key config/certificates/cpo_sub_ca2.key -cat config/certificates/cpo_sub_ca1.pem config/certificates/cpo_sub_ca2.pem > config/certificates/trust.pem +cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem echo "Validating that the certificates are set up correctly" -openssl verify -show_chain -CAfile config/certificates/root-V2G-cert.pem -untrusted config/certificates/trust.pem config/certificates/csms.pem +openssl verify -show_chain \ + -CAfile config/certificates/root-V2G-cert.pem \ + -untrusted config/certificates/trust.pem \ + config/certificates/csms.pem echo "Starting the CSMS" docker compose up -d + +echo "Waiting 10s for CSMS to start..." +sleep 10 + echo "MaEVe CSMS started, adding charge station. Note that profiles in MaEVe start with 0 so SP 1 == OCPP SP 2" curl http://localhost:9410/api/v0/cs/cp001 -H 'content-type: application/json' \ -d '{"securityProfile": 1, "base64SHA256Password": "3oGi4B5I+Y9iEkYtL7xvuUxrvGOXM/X2LQrsCwf/knA="}' @@ -75,20 +80,20 @@ curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d ' echo "User token added, starting EVerest..." popd + pushd everest-demo -docker compose --project-name everest-ac-demo \ - --file "${DEMO_COMPOSE_FILE_NAME}" up -d --wait +docker compose --project-name everest-ac-demo --file "${DEMO_COMPOSE_FILE_NAME}" up -d --wait + ls -al manager + docker cp manager/cached_certs_correct_name.tar.gz everest-ac-demo-manager-1:/workspace/ -docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xzvf cached_certs_correct_name.tar.gz" +docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xf cached_certs_correct_name.tar.gz" echo "Configured everest certs, validating that the chain is set up correctly" docker exec everest-ac-demo-manager-1 /bin/bash -c "openssl verify -show_chain -CAfile dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem dist/etc/everest/certs/client/csms/CSMS_LEAF.pem" -echo "Copying bundle over to root (confusing!) https://github.com/EVerest/everest-demo/issues/25#issuecomment-1988895630" -docker exec everest-ac-demo-manager-1 /bin/bash -c "cp dist/etc/everest/certs/ca/v2g/V2G_CA_BUNDLE.pem dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem" echo "Copying device DB, configured to SecurityProfile: 2" docker cp manager/device_model_storage_maeve_sp2.db everest-ac-demo-manager-1:/workspace/dist/share/everest/modules/OCPP201/device_model_storage.db -echo "All configuration done, please run 'docker exec -it everest-ac-demo-manager-1 /bin/bash' and then (in the container) 'sh ./build/run-scripts/run-sil-ocpp201.sh'" -echo "Note that this is currently expected to fail https://github.com/EVerest/everest-demo/issues/25#issuecomment-1991954008" +echo "Starting software in the loop simulation" +docker exec -it everest-ac-demo-manager-1 sh /workspace/build/run-scripts/run-sil-ocpp201.sh diff --git a/docker-compose.ocpp201.sp2.yml b/docker-compose.ocpp201.sp2.yml index 6e97eb5f..c4670020 100644 --- a/docker-compose.ocpp201.sp2.yml +++ b/docker-compose.ocpp201.sp2.yml @@ -23,6 +23,8 @@ services: entrypoint: "tail -f /dev/null" sysctls: - net.ipv6.conf.all.disable_ipv6=0 + extra_hosts: + - "host.docker.internal:host-gateway" nodered: image: ghcr.io/everest/everest-demo/nodered:${TAG}