Add support for certificate links (#398)

* Add support for optional SECC leaf and CPO chain links
* Add method for updating symlinks
* Update symlinks after V2G certificate update
* Config based symlinks update

---------

Signed-off-by: Menno de Graaf <m.degraaf@alfen.com>
Signed-off-by: AssemblyJohn <ioan.bogdann@gmail.com>
Co-authored-by: Menno de Graaf <m.degraaf@alfen.com>
Co-authored-by: AssemblyJohn <ioan.bogdann@gmail.com>

Author: 3 people

config/v201/component_schemas/standardized/InternalCtrlr.json

@@ -471,6 +471,21 @@
           "default": "43200",
           "type": "integer"
       },
+      "UpdateCertificateSymlinks": {
+        "variable_name": "UpdateCertificateSymlinks",
+        "characteristics": {
+            "supportsMonitoring": false,
+            "dataType": "boolean"
+        },
+        "attributes": [
+            {
+                "type": "Actual",
+                "mutability": "ReadOnly"
+            }
+        ],
+        "default": "0",
+        "type": "boolean"
+      },
       "MessageQueueSizeThreshold": {
           "variable_name": "MessageQueueSizeThreshold",
           "characteristics": {

config/v201/config.json

@@ -265,7 +265,14 @@
                 "attributes": {
                     "Actual": "Enabled,Active,Available,Problem"
                 }
+            },
+            "UpdateCertificateSymlinks": {
+                "variable_name": "UpdateCertificateSymlinks",
+                "attributes": {
+                    "Actual": "0"
+                }
             }
+            
         }
     },
     {

dependencies.yaml

@@ -30,7 +30,7 @@ websocketpp:
   git_tag: 0.8.2
 libevse-security:
   git: https://github.com/EVerest/libevse-security.git
-  git_tag: v0.4.1
+  git_tag: 1604c8b
 libwebsockets:
   git: https://github.com/warmcat/libwebsockets.git
   git_tag: v4.3.3

include/ocpp/common/evse_security.hpp

@@ -94,6 +94,9 @@ class EvseSecurity {
     /// \return key pair of certificate and key if present, else std::nullopt
     virtual std::optional<KeyPair> get_key_pair(const CertificateSigningUseEnum& certificate_type) = 0;
 
+    /// \brief Updates the certificate and key links for the given \p certificate_type
+    virtual bool update_certificate_links(const CertificateSigningUseEnum& certificate_type) = 0;
+
     /// \brief Retrieves the PEM formatted CA bundle file for the given \p certificate_type
     /// \param certificate_type
     /// \return CA certificate file

include/ocpp/common/evse_security_impl.hpp

@@ -21,6 +21,9 @@ struct SecurityConfiguration {
     fs::path csms_leaf_key_directory;
     fs::path secc_leaf_cert_directory;
     fs::path secc_leaf_key_directory;
+    fs::path secc_leaf_cert_link;
+    fs::path secc_leaf_key_link;
+    fs::path cpo_cert_chain_link;
     std::optional<std::string> private_key_password;
 };
 
@@ -48,6 +51,7 @@ class EvseSecurityImpl : public EvseSecurity {
                                                      const std::string& country, const std::string& organization,
                                                      const std::string& common, bool use_tpm) override;
     std::optional<KeyPair> get_key_pair(const CertificateSigningUseEnum& certificate_type) override;
+    bool update_certificate_links(const CertificateSigningUseEnum& certificate_type) override;
     std::string get_verify_file(const CaCertificateType& certificate_type) override;
     int get_leaf_expiry_days_count(const CertificateSigningUseEnum& certificate_type) override;
 };

include/ocpp/v201/ctrlr_component_variables.hpp

@@ -176,6 +176,7 @@ extern const ComponentVariable& CertSigningRepeatTimes;
 extern const ComponentVariable& CertSigningWaitMinimum;
 extern const RequiredComponentVariable& SecurityCtrlrIdentity;
 extern const ComponentVariable& MaxCertificateChainSize;
+extern const ComponentVariable& UpdateCertificateSymlinks;
 extern const RequiredComponentVariable& OrganizationName;
 extern const RequiredComponentVariable& SecurityProfile;
 extern const ComponentVariable& ACPhaseSwitchingSupported;

lib/ocpp/common/evse_security_impl.cpp

@@ -16,6 +16,10 @@ EvseSecurityImpl::EvseSecurityImpl(const SecurityConfiguration& security_configu
     file_paths.directories.secc_leaf_cert_directory = security_configuration.secc_leaf_cert_directory;
     file_paths.directories.secc_leaf_key_directory = security_configuration.secc_leaf_key_directory;
 
+    file_paths.links.secc_leaf_cert_link = security_configuration.secc_leaf_cert_link;
+    file_paths.links.secc_leaf_key_link = security_configuration.secc_leaf_key_link;
+    file_paths.links.cpo_cert_chain_link = security_configuration.cpo_cert_chain_link;
+
     this->evse_security =
         std::make_unique<evse_security::EvseSecurity>(file_paths, security_configuration.private_key_password);
 }
@@ -98,6 +102,10 @@ std::optional<KeyPair> EvseSecurityImpl::get_key_pair(const CertificateSigningUs
     }
 }
 
+bool EvseSecurityImpl::update_certificate_links(const CertificateSigningUseEnum& certificate_type) {
+    return this->evse_security->update_certificate_links(conversions::from_ocpp(certificate_type));
+}
+
 std::string EvseSecurityImpl::get_verify_file(const CaCertificateType& certificate_type) {
     return this->evse_security->get_verify_file(conversions::from_ocpp(certificate_type));
 }

lib/ocpp/v201/charge_point.cpp

@@ -1763,6 +1763,13 @@ void ChargePoint::handle_certificate_signed_req(Call<CertificateSignedRequest> c
         }
     }
 
+    // Trigger a symlink update for V2G certificates
+    if ((cert_signing_use == ocpp::CertificateSigningUseEnum::V2GCertificate) and
+        this->device_model->get_optional_value<bool>(ControllerComponentVariables::UpdateCertificateSymlinks)
+            .value_or(false)) {
+        this->evse_security->update_certificate_links(cert_signing_use);
+    }
+
     ocpp::CallResult<CertificateSignedResponse> call_result(response, call.uniqueId);
     this->send<CertificateSignedResponse>(call_result);
 

lib/ocpp/v201/ctrlr_component_variables.cpp

@@ -989,6 +989,13 @@ const ComponentVariable& MaxCertificateChainSize = {
         "MaxCertificateChainSize",
     }),
 };
+const ComponentVariable& UpdateCertificateSymlinks = {
+    ControllerComponents::InternalCtrlr,
+    std::nullopt,
+    std::optional<Variable>({
+        "UpdateCertificateSymlinks",
+    }),
+};
 const RequiredComponentVariable& OrganizationName = {
     ControllerComponents::SecurityCtrlr,
     std::nullopt,

tests/evse_security_mock.hpp

@@ -29,6 +29,7 @@ class EvseSecurityMock : public EvseSecurity {
                 (const CertificateSigningUseEnum&, const std::string&, const std::string&, const std::string&, bool),
                 (override));
     MOCK_METHOD(std::optional<KeyPair>, get_key_pair, (const CertificateSigningUseEnum&), (override));
+    MOCK_METHOD(bool, update_certificate_links, (const CertificateSigningUseEnum&), (override));
     MOCK_METHOD(std::string, get_verify_file, (const CaCertificateType&), (override));
     MOCK_METHOD(int, get_leaf_expiry_days_count, (const CertificateSigningUseEnum&), (override));
 };