Skip to content

Commit

Permalink
fix: add component variables in security controller
Browse files Browse the repository at this point in the history
  • Loading branch information
shingoxx222 committed Nov 13, 2024
1 parent 969d6df commit e3c1c8b
Show file tree
Hide file tree
Showing 5 changed files with 78 additions and 5 deletions.
32 changes: 32 additions & 0 deletions config/v201/component_config/standardized/SecurityCtrlr.json
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,38 @@
"maximum": 3,
"default": "1",
"type": "integer"
},
"AllowCSMSRootCertificateInstallWhenLowSecurityProfile": {
"variable_name": "AllowCSMSRootCertificateInstallWhenLowSecurityProfile",
"characteristics": {
"supportsMonitoring": true,
"dataType": "boolean"
},
"attributes": [
{
"type": "Actual",
"mutability": "ReadWrite"
}
],
"description": "The flag that indicates if installation of CSMSRootCertificate is allowed when security profile is 1.",
"default": true,
"type": "boolean"
},
"AllowManufacturerRootCertificateInstallWhenLowSecurityProfile": {
"variable_name": "AllowManufacturerRootCertificateInstallWhenLowSecurityProfile",
"characteristics": {
"supportsMonitoring": true,
"dataType": "boolean"
},
"attributes": [
{
"type": "Actual",
"mutability": "ReadWrite"
}
],
"description": "The flag that indicates if installation of ManufacturerRootCertificate is allowed when security profile is 1.",
"default": true,
"type": "boolean"
}
},
"required": [
Expand Down
6 changes: 6 additions & 0 deletions include/ocpp/v201/charge_point.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -782,6 +782,12 @@ class ChargePoint : public ChargePointInterface, private ocpp::ChargingStationBa
/// If \param persist is set to true, the change will be persisted across a reboot
void execute_change_availability_request(ChangeAvailabilityRequest request, bool persist);


/// \brief Helper function to determine if a certificate installation should be rejected
/// \param cert_type is the certificate type to be checked
/// \return true if it should be rejected
bool should_reject_certificate_install(InstallCertificateUseEnum cert_type) const;

protected:
std::shared_ptr<SmartChargingHandlerInterface> smart_charging_handler;

Expand Down
2 changes: 2 additions & 0 deletions include/ocpp/v201/ctrlr_component_variables.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,8 @@ extern const ComponentVariable& MaxCertificateChainSize;
extern const ComponentVariable& UpdateCertificateSymlinks;
extern const RequiredComponentVariable& OrganizationName;
extern const RequiredComponentVariable& SecurityProfile;
extern const ComponentVariable& AllowCSMSRootCertificateInstallWhenLowSecurityProfile;
extern const ComponentVariable& AllowManufacturerRootCertificateInstallWhenLowSecurityProfile;
extern const ComponentVariable& ACPhaseSwitchingSupported;
extern const ComponentVariable& SmartChargingCtrlrAvailable;
extern const ComponentVariable& SmartChargingCtrlrEnabled;
Expand Down
29 changes: 24 additions & 5 deletions lib/ocpp/v201/charge_point.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -3588,19 +3588,38 @@ void ChargePoint::handle_get_installed_certificate_ids_req(Call<GetInstalledCert
this->send<GetInstalledCertificateIdsResponse>(call_result);
}

void ChargePoint::should_reject_certificate_install(InstallCertificateUseEnum cert_type) const {
const int security_profile = this->device_model->get_value<int>(ControllerComponentVariables::SecurityProfile);

if (security_profile > 1) {
return false;
}
switch (cert_type) {
case InstallCertificateUseEnum::CSMSRootCertificate:
return !this->device_model
.get_optional_value<bool>(ControllerComponentVariables::AllowCSMSRootCertificateInstallWhenLowSecurityProfile)
.value_or(true);

case InstallCertificateUseEnum::ManufacturerRootCertificate:
return !this->device_model
.get_optional_value<bool>(ControllerComponentVariables::AllowManufacturerRootCertificateInstallWhenLowSecurityProfile)
.value_or(true);
default:
return false;
}
}

void ChargePoint::handle_install_certificate_req(Call<InstallCertificateRequest> call) {
EVLOG_debug << "Received InstallCertificateRequest: " << call.msg << "\nwith messageId: " << call.uniqueId;

const auto msg = call.msg;
InstallCertificateResponse response;

if ((msg.certificateType == InstallCertificateUseEnum::CSMSRootCertificate ||
msg.certificateType == InstallCertificateUseEnum::ManufacturerRootCertificate) &&
this->device_model->get_value<int>(ControllerComponentVariables::SecurityProfile) <= 1) {
if (should_reject_certificate_install(msg.certificateType)) {
response.status = InstallCertificateStatusEnum::Rejected;
response.statusInfo = StatusInfo();
response.statusInfo->reasonCode = "Invalid security profile";
response.statusInfo->additionalInfo = "SecurityProfileTooLowForCertificateHandling";
response.statusInfo->reasonCode = "LowSecurityProfile";
response.statusInfo->additionalInfo = "SecurityProfileTooLowForCertificateInstall";
} else {
const auto result = this->evse_security->install_ca_certificate(
msg.certificate.get(), ocpp::evse_security_conversions::from_ocpp_v201(msg.certificateType));
Expand Down
14 changes: 14 additions & 0 deletions lib/ocpp/v201/ctrlr_component_variables.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1116,6 +1116,20 @@ const RequiredComponentVariable& SecurityProfile = {
"SecurityProfile",
}),
};
const ComponentVariable& AllowCSMSRootCertificateInstallWhenLowSecurityProfile = {
ControllerComponents::SecurityCtrlr,
std::nullopt,
std::optional<Variable>({
"AllowCSMSRootCertificateInstallWhenLowSecurityProfile",
}),
};
const ComponentVariable& AllowManufacturerRootCertificateInstallWhenLowSecurityProfile = {
ControllerComponents::SecurityCtrlr,
std::nullopt,
std::optional<Variable>({
"AllowCSMSRootCertificateInstallWhenLowSecurityProfile",
}),
};
const ComponentVariable& ACPhaseSwitchingSupported = {
ControllerComponents::SmartChargingCtrlr,
std::nullopt,
Expand Down

0 comments on commit e3c1c8b

Please sign in to comment.