Final MRE script; includes certificate configuration

It ends with instructions to `docker exec` into the container and run the startup command. Note that the command is currently expected to fail. This should allow the EVerest OCPP implementers to reproduce the error and then investigate it while still "logged in to" the container. Signed-off-by: Shankari <[email protected]>
EVerest · Mar 12, 2024 · cec20e2 · cec20e2
1 parent de35a62
commit cec20e2
Showing 1 changed file with 94 additions and 0 deletions.
diff --git a/demo-iso15118-2-ac-plus-ocpp201.sp2.sh b/demo-iso15118-2-ac-plus-ocpp201.sp2.sh
@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+
+DEMO_COMPOSE_FILE_NAME='docker-compose.ocpp201.sp2.yml'
+DEMO_DIR="$(mktemp -d)"
+
+delete_temporary_directory() { rm -rf "${DEMO_DIR}"; }
+trap delete_temporary_directory EXIT
+
+if [[ ! "${DEMO_DIR}" || ! -d "${DEMO_DIR}" ]]; then
+ echo 'Error: Failed to create a temporary directory for the demo.'
+ exit 1
+fi
+
+download_demo_file() {
+ local -r repo_file_path="$1"
+ local -r repo_raw_url='https://raw.githubusercontent.com/everest/everest-demo/main'
+ local -r destination_path="${DEMO_DIR}/${repo_file_path}"
+
+ echo "Downloading ${repo_raw_url}/${repo_file_path} to ${destination_path}"
+
+ mkdir -p "$(dirname ${destination_path})"
+ curl -s -o "${destination_path}" "${repo_raw_url}/${repo_file_path}"
+ if [[ "$?" != 0 ]]; then
+ echo "Error: Failed to retrieve \"${repo_file_path}\" from the demo"
+ echo 'repository. If this issue persists, please report this as an'
+ echo 'issue in the EVerest project:'
+ echo ' https://github.com/EVerest/EVerest/issues'
+ exit 1
+ fi
+}
+
+echo "Cloning EVerest into ${DEMO_DIR}/everest-demo"
+cd ${DEMO_DIR}
+git clone https://github.com/US-JOET/everest-demo.git everest-demo
+pushd everest-demo
+git checkout --track origin/enable_security_profile_2
+popd
+
+echo "Cloning MaEVe CSMS into ${DEMO_DIR}/maeve-csms and starting it"
+git clone https://github.com/thoughtworks/maeve-csms.git maeve-csms
+cp everest-demo/manager/cached_certs_correct_name.tar.gz maeve-csms
+pushd maeve-csms
+
+echo "Copying certs into ${DEMO_DIR}/maeve-csms/config/certificates"
+tar xzvf cached_certs_correct_name.tar.gz
+cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem
+cp dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem config/certificates/cpo_sub_ca1.pem
+cp dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem config/certificates/cpo_sub_ca2.pem
+cp dist/etc/everest/certs/client/csms/CSMS_LEAF.pem config/certificates/csms.pem
+cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key config/certificates/csms.key
+cp dist/etc/everest/certs/client/csms/CPO_SUB_CA1.key config/certificates/cpo_sub_ca1.key
+cp dist/etc/everest/certs/client/csms/CPO_SUB_CA2.key config/certificates/cpo_sub_ca2.key
+cat config/certificates/cpo_sub_ca1.pem config/certificates/cpo_sub_ca2.pem > config/certificates/trust.pem
+
+echo "Validating that the certificates are set up correctly"
+openssl verify -show_chain -CAfile config/certificates/root-V2G-cert.pem -untrusted config/certificates/trust.pem config/certificates/csms.pem
+
+echo "Starting the CSMS"
+docker compose up -d
+echo "MaEVe CSMS started, adding charge station. Note that profiles in MaEVe start with 0 so SP 1 == OCPP SP 2"
+curl http://localhost:9410/api/v0/cs/cp001 -H 'content-type: application/json' \
+ -d '{"securityProfile": 1, "base64SHA256Password": "3oGi4B5I+Y9iEkYtL7xvuUxrvGOXM/X2LQrsCwf/knA="}'
+
+echo "Charge station added, adding user token"
+curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d '{
+ "countryCode": "GB",
+ "partyId": "TWK",
+ "type": "RFID",
+ "uid": "DEADBEEF",
+ "contractId": "GBTWK012345678V",
+ "issuer": "Thoughtworks",
+ "valid": true,
+ "cacheMode": "ALWAYS"
+}'
+
+echo "User token added, starting EVerest..."
+popd
+pushd everest-demo
+docker compose --project-name everest-ac-demo \
+ --file "${DEMO_COMPOSE_FILE_NAME}" up -d --wait
+ls -al manager
+docker cp manager/cached_certs_correct_name.tar.gz everest-ac-demo-manager-1:/workspace/
+docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xzvf cached_certs_correct_name.tar.gz"
+
+echo "Configured everest certs, validating that the chain is set up correctly"
+docker exec everest-ac-demo-manager-1 /bin/bash -c "openssl verify -show_chain -CAfile dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem dist/etc/everest/certs/client/csms/CSMS_LEAF.pem"
+echo "Copying bundle over to root (confusing!) https://github.com/EVerest/everest-demo/issues/25#issuecomment-1988895630"
+docker exec everest-ac-demo-manager-1 /bin/bash -c "cp dist/etc/everest/certs/ca/v2g/V2G_CA_BUNDLE.pem dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem"
+
+echo "Copying device DB, configured to SecurityProfile: 2"
+docker cp manager/device_model_storage_maeve_sp2.db everest-ac-demo-manager-1:/workspace/dist/share/everest/modules/OCPP201/device_model_storage.db
+
+echo "All configuration done, please run 'docker exec -it everest-ac-demo-manager-1 /bin/bash' and then (in the container) 'sh ./build/run-scripts/run-sil-ocpp201.sh'"
+echo "Note that this is currently expected to fail https://github.com/EVerest/everest-demo/issues/25#issuecomment-1991954008"