Enable OCPP 2.0.1 with AC ISO 15118-2, PnC and MaEVe

config-sil-ocpp201-pnc.yaml

@@ -0,0 +1,137 @@
+active_modules:
+  iso15118_charger:
+    module: EvseV2G
+    config_module:
+      device: auto
+      tls_security: allow
+      verify_contract_cert_chain: false
+    connections:
+      security:
+        - module_id: evse_security
+          implementation_id: main
+  iso15118_car:
+    module: PyEvJosev
+    config_module:
+      device: auto
+      supported_ISO15118_2: true
+      tls_active: true
+      is_cert_install_needed: false
+  evse_manager_1:
+    module: EvseManager
+    config_module:
+      connector_id: 1
+      three_phases: true
+      has_ventilation: true
+      country_code: DE
+      evse_id: "DE*PNX*00001"
+      session_logging: true
+      session_logging_xml: false
+      session_logging_path: /tmp/everest-logs
+      ac_hlc_enabled: true
+      ac_hlc_use_5percent: false
+      ac_enforce_hlc: false
+    connections:
+      bsp:
+        - module_id: yeti_driver_1
+          implementation_id: board_support
+      powermeter_grid_side:
+        - module_id: yeti_driver_1
+          implementation_id: powermeter
+      slac:
+        - module_id: slac
+          implementation_id: evse
+      hlc:
+        - module_id: iso15118_charger
+          implementation_id: charger
+  yeti_driver_1:
+    module: JsYetiSimulator
+    config_module:
+      connector_id: 1
+  slac:
+    module: JsSlacSimulator
+  car_simulator_1:
+    module: JsCarSimulator
+    config_module:
+      connector_id: 1
+      auto_enable: true
+      auto_exec: false
+      auto_exec_commands: sleep 1;iec_wait_pwr_ready;sleep 1;draw_power_regulated 16,3;sleep 30;unplug
+    connections:
+      simulation_control:
+        - module_id: yeti_driver_1
+          implementation_id: yeti_simulation_control
+      ev:
+        - module_id: iso15118_car
+          implementation_id: ev
+      slac:
+        - module_id: slac
+          implementation_id: ev
+  ocpp:
+    module: OCPP201
+    connections:
+      evse_manager:
+        - module_id: evse_manager_1
+          implementation_id: evse
+      auth:
+        - module_id: auth
+          implementation_id: main
+      system:
+        - module_id: system
+          implementation_id: main
+      security:
+        - module_id: evse_security
+          implementation_id: main
+  evse_security:
+    module: EvseSecurity
+    config_module:
+      private_key_password: "123456"
+  token_provider_1:
+    module: DummyTokenProviderManual
+  auth:
+    module: Auth
+    config_module:
+      connection_timeout: 120
+      selection_algorithm: PlugEvents
+    connections:
+      token_provider:
+        - module_id: token_provider_1
+          implementation_id: main
+        - module_id: ocpp
+          implementation_id: auth_provider
+        - module_id: evse_manager_1
+          implementation_id: token_provider
+      token_validator:
+        - module_id: ocpp
+          implementation_id: auth_validator
+      evse_manager:
+        - module_id: evse_manager_1
+          implementation_id: evse
+  energy_manager:
+    module: EnergyManager
+    connections:
+      energy_trunk:
+        - module_id: grid_connection_point
+          implementation_id: energy_grid
+  grid_connection_point:
+    module: EnergyNode
+    config_module:
+      fuse_limit_A: 40.0
+      phase_count: 3
+    connections:
+      price_information: []
+      energy_consumer:
+        - module_id: evse_manager_1
+          implementation_id: energy_grid
+      powermeter:
+        - module_id: yeti_driver_1
+          implementation_id: powermeter
+  api:
+    module: API
+    connections:
+      evse_manager:
+        - module_id: evse_manager_1
+          implementation_id: evse
+  system:
+    module: System
+
+x-module-layout: {}

demo-iso15118-2-ac-plus-ocpp.sh

@@ -92,14 +92,14 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then
   pushd maeve-csms || exit 1
 
   git reset --hard ${MAEVE_BRANCH}
-  cp ../everest-demo/manager/cached_certs_correct_name.tar.gz .
+  cp ../everest-demo/manager/cached_certs_correct_name_emaid.tar.gz .
 
   echo "Patching the CSMS to disable load balancer"
   patch -p1 -i ../everest-demo/maeve/maeve-csms-no-lb.patch
 
   if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then
     echo "Copying certs into ${DEMO_DIR}/maeve-csms/config/certificates"
-    tar xf cached_certs_correct_name.tar.gz
+    tar xf cached_certs_correct_name_emaid.tar.gz
     cat dist/etc/everest/certs/client/csms/CSMS_LEAF.pem \
         dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \
         dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \
@@ -109,6 +109,7 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then
       > config/certificates/trust.pem
     cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key config/certificates/csms.key
     cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem
+    cp dist/etc/everest/certs/ca/mo/MO_ROOT_CA.pem config/certificates/root-MO-cert.pem
 
     echo "Validating that the certificates are set up correctly"
     openssl verify -show_chain \
@@ -118,6 +119,12 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then
 
     echo "Patching the CSMS to enable EVerest organization"
     patch -p1 -i ../everest-demo/maeve/maeve-csms-everest-org.patch
+
+    echo "Patching the CSMS to enable local mo root"
+    patch -p1 -i ../everest-demo/maeve/maeve-csms-local-mo-root.patch
+
+    echo "Patching the CSMS to enable local mo root"
+    patch -p1 -i ../everest-demo/maeve/maeve-csms-ignore-ocsp.patch
   else
     echo "Patching the CSMS to disable WSS"
     patch -p1 -i ../everest-demo/maeve/maeve-csms-no-wss.patch
@@ -155,6 +162,7 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then
     "cacheMode": "ALWAYS"
   }'
 
+  curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d '{"countryCode": "UK", "partyId": "Switch", "contractId": "UKSWI123456789G", "uid": "UKSWI123456789G", "issuer": "Switch", "valid": true, "cacheMode": "ALWAYS"}'
   echo "User token added, starting EVerest..."
 
   popd || exit 1
@@ -163,10 +171,10 @@ fi
 
 pushd everest-demo || exit 1
 docker compose --project-name everest-ac-demo --file "${DEMO_COMPOSE_FILE_NAME}" up -d --wait
-
+docker cp config-sil-ocpp201-pnc.yaml  everest-ac-demo-manager-1:/ext/source/config/config-sil-ocpp201-pnc.yaml
 if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then
-  docker cp manager/cached_certs_correct_name.tar.gz everest-ac-demo-manager-1:/workspace/
-  docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xf cached_certs_correct_name.tar.gz"
+  docker cp manager/cached_certs_correct_name_emaid.tar.gz everest-ac-demo-manager-1:/workspace/
+  docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xf cached_certs_correct_name_emaid.tar.gz"
 
   echo "Configured everest certs, validating that the chain is set up correctly"
   docker exec everest-ac-demo-manager-1 /bin/bash -c "openssl verify -show_chain -CAfile dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem dist/etc/everest/certs/client/csms/CSMS_LEAF.pem"
@@ -188,5 +196,5 @@ fi
 
 if [[ "$DEMO_VERSION" =~ v2.0.1 ]]; then
   echo "Starting software in the loop simulation"
-  docker exec everest-ac-demo-manager-1 sh /workspace/build/run-scripts/run-sil-ocpp201.sh
+  docker exec everest-ac-demo-manager-1 sh /workspace/build/run-scripts/run-sil-ocpp201-pnc.sh
 fi

maeve/maeve-csms-ignore-ocsp.patch

@@ -0,0 +1,32 @@
+diff --git a/manager/handlers/ocpp201/authorize.go b/manager/handlers/ocpp201/authorize.go
+index 5df2305..0db9f79 100644
+--- a/manager/handlers/ocpp201/authorize.go
++++ b/manager/handlers/ocpp201/authorize.go
+@@ -49,7 +49,12 @@ func (a AuthorizeHandler) HandleCall(ctx context.Context, chargeStationId string
+ 		if req.Certificate != nil {
+ 			_, err = a.CertificateValidationService.ValidatePEMCertificateChain(ctx, []byte(*req.Certificate), req.IdToken.IdToken)
+ 			status, certificateStatus = handleCertificateValidationError(err)
+-			if err != nil {
++			if err.Error() == "failed to perform ocsp check after 1 attempts" {
++				var tempStatus = types.AuthorizeCertificateStatusEnumTypeAccepted
++				certificateStatus = &tempStatus
++				status = types.AuthorizationStatusEnumTypeAccepted
++				span.SetAttributes(attribute.String("authorize.cert_warn", "No OCSP, but ignoring for testing purpose."))
++			} else if err != nil {
+ 				span.SetAttributes(attribute.String("authorize.cert_error", err.Error()))
+ 			}
+ 		}
+@@ -57,7 +62,12 @@ func (a AuthorizeHandler) HandleCall(ctx context.Context, chargeStationId string
+ 		if req.Iso15118CertificateHashData != nil {
+ 			_, err := a.CertificateValidationService.ValidateHashedCertificateChain(ctx, *req.Iso15118CertificateHashData)
+ 			status, certificateStatus = handleCertificateValidationError(err)
+-			if err != nil {
++			if err.Error() == "failed to perform ocsp check after 1 attempts" {
++				var tempStatus = types.AuthorizeCertificateStatusEnumTypeAccepted
++				certificateStatus = &tempStatus
++				status = types.AuthorizationStatusEnumTypeAccepted
++				span.SetAttributes(attribute.String("authorize.cert_warn", "No OCSP, but ignoring for testing purpose."))
++			} else if err != nil {
+ 				span.SetAttributes(attribute.String("authorize.cert_error", err.Error()))
+ 			}
+ 		}

maeve/maeve-csms-local-mo-root.patch

@@ -0,0 +1,19 @@
+diff --git a/config/manager/config.toml b/config/manager/config.toml
+index 3fa49ec..668eda9 100644
+--- a/config/manager/config.toml
++++ b/config/manager/config.toml
+@@ -19,12 +19,8 @@ firestore.project_id = "*detect-project-id*"
+ type = "ocsp"
+
+ [contract_cert_validator.ocsp.root_certs]
+-type = "opcp"
+-opcp.url = "https://open.plugncharge-test.hubject.com"
+-opcp.ttl = "24h"
+-opcp.auth.type = "hubject_test_token"
+-opcp.auth.hubject_test_token.url = "https://hubject.stoplight.io/api/v1/projects/cHJqOjk0NTg5/nodes/6bb8b3bc79c2e-authorization-token"
+-opcp.auth.hubject_test_token.ttl = "6h"
++type = "file"
++file.files = ["/certificates/root-MO-cert.pem"]
+
+ [contract_cert_provider]
+ type = "opcp"