Updated OCPP 2.0.1 Security Profile 2 MRE demo script

Adjusted creation of OCPP server (MaEVe CSMS) certificate bundles based
on conversations in Zulip around the topic.

Added `extra_hosts` config to EVerest Manager service in relevant Docker
Compose file to get constent behavior on all platforms for the
`host.docker.internal` DNS name that is used as part of the demo.

Signed-off-by: Bryan T. Richardson <[email protected]>

demo-iso15118-2-ac-plus-ocpp201.sp2.sh

@@ -22,41 +22,46 @@ download_demo_file() {
     curl -s -o "${destination_path}" "${repo_raw_url}/${repo_file_path}"
     if [[ "$?" != 0 ]]; then
         echo "Error: Failed to retrieve \"${repo_file_path}\" from the demo"
-	echo 'repository. If this issue persists, please report this as an'
-	echo 'issue in the EVerest project:'
-	echo '    https://github.com/EVerest/EVerest/issues'
-	exit 1
+        echo 'repository. If this issue persists, please report this as an'
+        echo 'issue in the EVerest project:'
+        echo '    https://github.com/EVerest/EVerest/issues'
+        exit 1
     fi
 }
 
 echo "Cloning EVerest into ${DEMO_DIR}/everest-demo"
 cd ${DEMO_DIR}
-git clone https://github.com/US-JOET/everest-demo.git everest-demo
-pushd everest-demo
-git checkout --track origin/enable_security_profile_2
-popd
+git clone https://github.com/everest/everest-demo.git everest-demo
 
 echo "Cloning MaEVe CSMS into ${DEMO_DIR}/maeve-csms and starting it"
 git clone https://github.com/thoughtworks/maeve-csms.git maeve-csms
 cp everest-demo/manager/cached_certs_correct_name.tar.gz maeve-csms
 pushd maeve-csms
 
 echo "Copying certs into ${DEMO_DIR}/maeve-csms/config/certificates"
-tar xzvf cached_certs_correct_name.tar.gz
-cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem
-cp dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem config/certificates/cpo_sub_ca1.pem
-cp dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem config/certificates/cpo_sub_ca2.pem
-cp dist/etc/everest/certs/client/csms/CSMS_LEAF.pem config/certificates/csms.pem
+tar xf cached_certs_correct_name.tar.gz
+cat dist/etc/everest/certs/client/csms/CSMS_LEAF.pem \
+    dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \
+    dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \
+  > config/certificates/csms.pem
+cat dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \
+    dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \
+  > config/certificates/trust.pem
 cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key config/certificates/csms.key
-cp dist/etc/everest/certs/client/csms/CPO_SUB_CA1.key config/certificates/cpo_sub_ca1.key
-cp dist/etc/everest/certs/client/csms/CPO_SUB_CA2.key config/certificates/cpo_sub_ca2.key
-cat config/certificates/cpo_sub_ca1.pem config/certificates/cpo_sub_ca2.pem > config/certificates/trust.pem
+cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem
 
 echo "Validating that the certificates are set up correctly"
-openssl verify -show_chain -CAfile config/certificates/root-V2G-cert.pem -untrusted config/certificates/trust.pem config/certificates/csms.pem
+openssl verify -show_chain \
+  -CAfile config/certificates/root-V2G-cert.pem \
+  -untrusted config/certificates/trust.pem \
+  config/certificates/csms.pem
 
 echo "Starting the CSMS"
 docker compose up -d
+
+echo "Waiting 10s for CSMS to start..."
+sleep 10
+
 echo "MaEVe CSMS started, adding charge station. Note that profiles in MaEVe start with 0 so SP 1 == OCPP SP 2"
 curl http://localhost:9410/api/v0/cs/cp001 -H 'content-type: application/json' \
     -d '{"securityProfile": 1, "base64SHA256Password": "3oGi4B5I+Y9iEkYtL7xvuUxrvGOXM/X2LQrsCwf/knA="}'
@@ -75,20 +80,20 @@ curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d '
 
 echo "User token added, starting EVerest..."
 popd
+
 pushd everest-demo
-docker compose --project-name everest-ac-demo \
-	       --file "${DEMO_COMPOSE_FILE_NAME}" up -d --wait
+docker compose --project-name everest-ac-demo --file "${DEMO_COMPOSE_FILE_NAME}" up -d --wait
+
 ls -al manager
+
 docker cp manager/cached_certs_correct_name.tar.gz everest-ac-demo-manager-1:/workspace/
-docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xzvf cached_certs_correct_name.tar.gz"
+docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xf cached_certs_correct_name.tar.gz"
 
 echo "Configured everest certs, validating that the chain is set up correctly"
 docker exec everest-ac-demo-manager-1 /bin/bash -c "openssl verify -show_chain -CAfile dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem dist/etc/everest/certs/client/csms/CSMS_LEAF.pem"
-echo "Copying bundle over to root (confusing!) https://github.com/EVerest/everest-demo/issues/25#issuecomment-1988895630"
-docker exec everest-ac-demo-manager-1 /bin/bash -c "cp dist/etc/everest/certs/ca/v2g/V2G_CA_BUNDLE.pem dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem"
 
 echo "Copying device DB, configured to SecurityProfile: 2"
 docker cp manager/device_model_storage_maeve_sp2.db everest-ac-demo-manager-1:/workspace/dist/share/everest/modules/OCPP201/device_model_storage.db
 
-echo "All configuration done, please run 'docker exec -it everest-ac-demo-manager-1 /bin/bash' and then (in the container) 'sh ./build/run-scripts/run-sil-ocpp201.sh'"
-echo "Note that this is currently expected to fail https://github.com/EVerest/everest-demo/issues/25#issuecomment-1991954008"
+echo "Starting software in the loop simulation"
+docker exec -it everest-ac-demo-manager-1 sh /workspace/build/run-scripts/run-sil-ocpp201.sh

docker-compose.ocpp201.sp2.yml

@@ -23,6 +23,8 @@ services:
     entrypoint: "tail -f /dev/null"
     sysctls:
       - net.ipv6.conf.all.disable_ipv6=0
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
 
   nodered:
     image: ghcr.io/everest/everest-demo/nodered:${TAG}