Enabled OCPP 2.0.1 with AC ISO 15118-2, PnC and MaEVe

1. Two new MaEVe patches. One for enabling local MO root cert, the other for ignoring OCSP error.
2. Replaced the old MO leaf (CC) as the eMAID check digit wasn't correct
3. Added modified config yaml with CertificateInstallation disabled
4. Corresponding  chages in the demo script to enable the above.

Signed-off-by: Md Sahabul Hossain <[email protected]>

config-sil-ocpp201-pnc.yaml

@@ -0,0 +1,137 @@
+active_modules:
+  iso15118_charger:
+    module: EvseV2G
+    config_module:
+      device: auto
+      tls_security: allow
+      verify_contract_cert_chain: false
+    connections:
+      security:
+        - module_id: evse_security
+          implementation_id: main
+  iso15118_car:
+    module: PyEvJosev
+    config_module:
+      device: auto
+      supported_ISO15118_2: true
+      tls_active: true
+      is_cert_install_needed: false
+  evse_manager_1:
+    module: EvseManager
+    config_module:
+      connector_id: 1
+      three_phases: true
+      has_ventilation: true
+      country_code: DE
+      evse_id: "DE*PNX*00001"
+      session_logging: true
+      session_logging_xml: false
+      session_logging_path: /tmp/everest-logs
+      ac_hlc_enabled: true
+      ac_hlc_use_5percent: false
+      ac_enforce_hlc: false
+    connections:
+      bsp:
+        - module_id: yeti_driver_1
+          implementation_id: board_support
+      powermeter_grid_side:
+        - module_id: yeti_driver_1
+          implementation_id: powermeter
+      slac:
+        - module_id: slac
+          implementation_id: evse
+      hlc:
+        - module_id: iso15118_charger
+          implementation_id: charger
+  yeti_driver_1:
+    module: JsYetiSimulator
+    config_module:
+      connector_id: 1
+  slac:
+    module: JsSlacSimulator
+  car_simulator_1:
+    module: JsCarSimulator
+    config_module:
+      connector_id: 1
+      auto_enable: true
+      auto_exec: false
+      auto_exec_commands: sleep 1;iec_wait_pwr_ready;sleep 1;draw_power_regulated 16,3;sleep 30;unplug
+    connections:
+      simulation_control:
+        - module_id: yeti_driver_1
+          implementation_id: yeti_simulation_control
+      ev:
+        - module_id: iso15118_car
+          implementation_id: ev
+      slac:
+        - module_id: slac
+          implementation_id: ev
+  ocpp:
+    module: OCPP201
+    connections:
+      evse_manager:
+        - module_id: evse_manager_1
+          implementation_id: evse
+      auth:
+        - module_id: auth
+          implementation_id: main
+      system:
+        - module_id: system
+          implementation_id: main
+      security:
+        - module_id: evse_security
+          implementation_id: main
+  evse_security:
+    module: EvseSecurity
+    config_module:
+      private_key_password: "123456"
+  token_provider_1:
+    module: DummyTokenProviderManual
+  auth:
+    module: Auth
+    config_module:
+      connection_timeout: 120
+      selection_algorithm: PlugEvents
+    connections:
+      token_provider:
+        - module_id: token_provider_1
+          implementation_id: main
+        - module_id: ocpp
+          implementation_id: auth_provider
+        - module_id: evse_manager_1
+          implementation_id: token_provider
+      token_validator:
+        - module_id: ocpp
+          implementation_id: auth_validator
+      evse_manager:
+        - module_id: evse_manager_1
+          implementation_id: evse
+  energy_manager:
+    module: EnergyManager
+    connections:
+      energy_trunk:
+        - module_id: grid_connection_point
+          implementation_id: energy_grid
+  grid_connection_point:
+    module: EnergyNode
+    config_module:
+      fuse_limit_A: 40.0
+      phase_count: 3
+    connections:
+      price_information: []
+      energy_consumer:
+        - module_id: evse_manager_1
+          implementation_id: energy_grid
+      powermeter:
+        - module_id: yeti_driver_1
+          implementation_id: powermeter
+  api:
+    module: API
+    connections:
+      evse_manager:
+        - module_id: evse_manager_1
+          implementation_id: evse
+  system:
+    module: System
+
+x-module-layout: {}

demo-iso15118-2-ac-plus-ocpp.sh

@@ -92,14 +92,14 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then
   pushd maeve-csms || exit 1
 
   git reset --hard ${MAEVE_BRANCH}
-  cp ../everest-demo/manager/cached_certs_correct_name.tar.gz .
+  cp ../everest-demo/manager/cached_certs_correct_name_emaid.tar.gz .
 
   echo "Patching the CSMS to disable load balancer"
   patch -p1 -i ../everest-demo/maeve/maeve-csms-no-lb.patch
 
   if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then
     echo "Copying certs into ${DEMO_DIR}/maeve-csms/config/certificates"
-    tar xf cached_certs_correct_name.tar.gz
+    tar xf cached_certs_correct_name_emaid.tar.gz
     cat dist/etc/everest/certs/client/csms/CSMS_LEAF.pem \
         dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \
         dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \
@@ -109,6 +109,7 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then
       > config/certificates/trust.pem
     cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key config/certificates/csms.key
     cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem
+    cp dist/etc/everest/certs/ca/mo/MO_ROOT_CA.pem config/certificates/root-MO-cert.pem
 
     echo "Validating that the certificates are set up correctly"
     openssl verify -show_chain \
@@ -118,6 +119,12 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then
 
     echo "Patching the CSMS to enable EVerest organization"
     patch -p1 -i ../everest-demo/maeve/maeve-csms-everest-org.patch
+
+    echo "Patching the CSMS to enable local mo root"
+    patch -p1 -i ../everest-demo/maeve/maeve-csms-local-mo-root.patch
+
+    echo "Patching the CSMS to enable local mo root"
+    patch -p1 -i ../everest-demo/maeve/maeve-csms-ignore-ocsp.patch
   else
     echo "Patching the CSMS to disable WSS"
     patch -p1 -i ../everest-demo/maeve/maeve-csms-no-wss.patch
@@ -155,6 +162,7 @@ if [[ "$DEMO_VERSION" != v1.6j ]]; then
     "cacheMode": "ALWAYS"
   }'
 
+  curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d '{"countryCode": "UK", "partyId": "Switch", "contractId": "UKSWI123456789G", "uid": "UKSWI123456789G", "issuer": "Switch", "valid": true, "cacheMode": "ALWAYS"}'
   echo "User token added, starting EVerest..."
 
   popd || exit 1
@@ -163,10 +171,10 @@ fi
 
 pushd everest-demo || exit 1
 docker compose --project-name everest-ac-demo --file "${DEMO_COMPOSE_FILE_NAME}" up -d --wait
-
+docker cp config-sil-ocpp201-pnc.yaml  everest-ac-demo-manager-1:/ext/source/config/config-sil-ocpp201-pnc.yaml
 if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then
-  docker cp manager/cached_certs_correct_name.tar.gz everest-ac-demo-manager-1:/workspace/
-  docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xf cached_certs_correct_name.tar.gz"
+  docker cp manager/cached_certs_correct_name_emaid.tar.gz everest-ac-demo-manager-1:/workspace/
+  docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xf cached_certs_correct_name_emaid.tar.gz"
 
   echo "Configured everest certs, validating that the chain is set up correctly"
   docker exec everest-ac-demo-manager-1 /bin/bash -c "openssl verify -show_chain -CAfile dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem dist/etc/everest/certs/client/csms/CSMS_LEAF.pem"
@@ -188,5 +196,5 @@ fi
 
 if [[ "$DEMO_VERSION" =~ v2.0.1 ]]; then
   echo "Starting software in the loop simulation"
-  docker exec everest-ac-demo-manager-1 sh /workspace/build/run-scripts/run-sil-ocpp201.sh
+  docker exec everest-ac-demo-manager-1 sh /workspace/build/run-scripts/run-sil-ocpp201-pnc.sh
 fi

maeve/maeve-csms-ignore-ocsp.patch

@@ -0,0 +1,32 @@
+diff --git a/manager/handlers/ocpp201/authorize.go b/manager/handlers/ocpp201/authorize.go
+index 5df2305..0db9f79 100644
+--- a/manager/handlers/ocpp201/authorize.go
++++ b/manager/handlers/ocpp201/authorize.go
+@@ -49,7 +49,12 @@ func (a AuthorizeHandler) HandleCall(ctx context.Context, chargeStationId string
+ 		if req.Certificate != nil {
+ 			_, err = a.CertificateValidationService.ValidatePEMCertificateChain(ctx, []byte(*req.Certificate), req.IdToken.IdToken)
+ 			status, certificateStatus = handleCertificateValidationError(err)
+-			if err != nil {
++			if err.Error() == "failed to perform ocsp check after 1 attempts" {
++				var tempStatus = types.AuthorizeCertificateStatusEnumTypeAccepted
++				certificateStatus = &tempStatus
++				status = types.AuthorizationStatusEnumTypeAccepted
++				span.SetAttributes(attribute.String("authorize.cert_warn", "No OCSP, but ignoring for testing purpose."))
++			} else if err != nil {
+ 				span.SetAttributes(attribute.String("authorize.cert_error", err.Error()))
+ 			}
+ 		}
+@@ -57,7 +62,12 @@ func (a AuthorizeHandler) HandleCall(ctx context.Context, chargeStationId string
+ 		if req.Iso15118CertificateHashData != nil {
+ 			_, err := a.CertificateValidationService.ValidateHashedCertificateChain(ctx, *req.Iso15118CertificateHashData)
+ 			status, certificateStatus = handleCertificateValidationError(err)
+-			if err != nil {
++			if err.Error() == "failed to perform ocsp check after 1 attempts" {
++				var tempStatus = types.AuthorizeCertificateStatusEnumTypeAccepted
++				certificateStatus = &tempStatus
++				status = types.AuthorizationStatusEnumTypeAccepted
++				span.SetAttributes(attribute.String("authorize.cert_warn", "No OCSP, but ignoring for testing purpose."))
++			} else if err != nil {
+ 				span.SetAttributes(attribute.String("authorize.cert_error", err.Error()))
+ 			}
+ 		}

maeve/maeve-csms-local-mo-root.patch

@@ -0,0 +1,19 @@
+diff --git a/config/manager/config.toml b/config/manager/config.toml
+index 3fa49ec..668eda9 100644
+--- a/config/manager/config.toml
++++ b/config/manager/config.toml
+@@ -19,12 +19,8 @@ firestore.project_id = "*detect-project-id*"
+ type = "ocsp"
+
+ [contract_cert_validator.ocsp.root_certs]
+-type = "opcp"
+-opcp.url = "https://open.plugncharge-test.hubject.com"
+-opcp.ttl = "24h"
+-opcp.auth.type = "hubject_test_token"
+-opcp.auth.hubject_test_token.url = "https://hubject.stoplight.io/api/v1/projects/cHJqOjk0NTg5/nodes/6bb8b3bc79c2e-authorization-token"
+-opcp.auth.hubject_test_token.ttl = "6h"
++type = "file"
++file.files = ["/certificates/root-MO-cert.pem"]
+
+ [contract_cert_provider]
+ type = "opcp"