857 certificates handling over an unsecure connection in ocpp201 should not be allowed #863
Conversation
shingoxx222
requested review from
Pietfried,
hikinggrass,
marcemmers and
maaikez
as code owners
|
test with octt: |
shingoxx222
force-pushed
the
857-certificates-handling-over-an-unsecure-connection-in-ocpp201-should-not-be-allowed
branch
from
37ea94e to
8a54349
Compare
include/ocpp/v201/smart_charging.hpp
Outdated
| @@ -26,6 +26,7 @@ enum class ProfileValidationResultEnum { | |||
| Valid, | |||
| EvseDoesNotExist, | |||
| ExistingChargingStationExternalConstraints, | |||
| InvalidSecurityProfile, | |||
There was a problem hiding this comment.
Since this is unrelated to smart charging we should not add this to a result enum of smart charging
There was a problem hiding this comment.
using hardcoded string now
lib/ocpp/v201/charge_point.cpp
Outdated
| "Installed certificate: " + conversions::install_certificate_use_enum_to_string(msg.certificateType); | ||
| this->security_event_notification_req(CiString<50>(security_event), CiString<255>(tech_info), true, | ||
| utils::is_critical(security_event)); | ||
| if ((msg.certificateType == InstallCertificateUseEnum::CSMSRootCertificate || |
There was a problem hiding this comment.
Allowing installation of CSMSRootCertificate and ManufacturerRootCertificate should be configurable, not hardcoded. I think preferably they should be configurable separately from each other.
Default should also allow this since that is what the current implementation does.
There was a problem hiding this comment.
done, I make them ReadWrite and not required
shingoxx222
force-pushed
the
857-certificates-handling-over-an-unsecure-connection-in-ocpp201-should-not-be-allowed
branch
5 times, most recently
from
17058a0 to
23d04b3
Compare
| @@ -177,6 +177,38 @@ | |||
| "maximum": 3, | |||
| "default": "1", | |||
| "type": "integer" | |||
| }, | |||
| "AllowCSMSRootCertificateInstallWhenLowSecurityProfile": { | |||
| "variable_name": "AllowCSMSRootCertificateInstallWhenLowSecurityProfile", | |||
There was a problem hiding this comment.
"Low" security profile leaves room for interpretation, it could be a bit more explicit still ;)
There was a problem hiding this comment.
it is now AllowCSMSRootCertInstallWhenSecurityProfile1
lib/ocpp/v201/charge_point.cpp
Outdated
| @@ -3588,24 +3588,52 @@ void ChargePoint::handle_get_installed_certificate_ids_req(Call<GetInstalledCert | |||
| this->send<GetInstalledCertificateIdsResponse>(call_result); | |||
| } | |||
|
|
|||
| bool ChargePoint::should_reject_certificate_install(InstallCertificateUseEnum cert_type) const { | |||
There was a problem hiding this comment.
Nice to make a function of this to clean up the handler 👍
I do always have a difficult time with the double negatives especially with value_or in the mix. Would it be an option to change this to should_accept_certificate_install instead?
| "attributes": [ | ||
| { | ||
| "type": "Actual", | ||
| "mutability": "ReadWrite" |
There was a problem hiding this comment.
What is the reason you've chosen ReadWrite here? Keep in mind the reason for this change is to prevent parties to install wrong certificates.
There was a problem hiding this comment.
I thought ReadOnly is the same as unmutable. now it is ReadOnly
lib/ocpp/v201/charge_point.cpp
Outdated
| response.status = InstallCertificateStatusEnum::Rejected; | ||
| response.statusInfo = StatusInfo(); | ||
| response.statusInfo->reasonCode = "LowSecurityProfile"; | ||
| response.statusInfo->additionalInfo = "SecurityProfileTooLowForCertificateInstall"; |
There was a problem hiding this comment.
This one could also be improved a bit. For example "Installation of certificate is not allowed when security profile is less then 2"
There was a problem hiding this comment.
made it CertificateInstallationNotAllowedWhenSecurityProfile1
| @@ -1116,6 +1116,20 @@ const RequiredComponentVariable& SecurityProfile = { | |||
| "SecurityProfile", | |||
| }), | |||
| }; | |||
| const ComponentVariable& AllowCSMSRootCertificateInstallWhenLowSecurityProfile = { | |||
| ControllerComponents::SecurityCtrlr, | |||
There was a problem hiding this comment.
They should be part of the InternalCtrlr since they are configuration items used internally
shingoxx222
force-pushed
the
857-certificates-handling-over-an-unsecure-connection-in-ocpp201-should-not-be-allowed
branch
from
534a4eb to
eb89ebe
Compare
Signed-off-by: Xin Xu <[email protected]>
Signed-off-by: Xin Xu <[email protected]>
Signed-off-by: Xin Xu <[email protected]>
Signed-off-by: Xin Xu <[email protected]>
Signed-off-by: Xin Xu <[email protected]>
shingoxx222
force-pushed
the
857-certificates-handling-over-an-unsecure-connection-in-ocpp201-should-not-be-allowed
branch
from
bcf645f to
7f3ce1f
Compare
shingoxx222
deleted the
857-certificates-handling-over-an-unsecure-connection-in-ocpp201-should-not-be-allowed
branch
Describe your changes
Issue ticket number and link
Checklist before requesting a review