diff --git a/config/everest/everest-patch.sh b/config/everest/everest-patch.sh new file mode 100644 index 00000000..b1b0047f --- /dev/null +++ b/config/everest/everest-patch.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +if [ "$#" -lt 1 ] ; then + echo "Usage: $0 " + echo "Where is: 1, 2, or 3." + exit 1 +fi + +SP=$1 + +if [[ $SP == 2 || $SP == 3 ]]; then + echo "Patching the CSMS to enable EVerest organization" + patch -p1 -i config/everest/maeve-csms-everest-org.patch + + echo "Patching the CSMS to enable local mo root" + patch -p1 -i config/everest/maeve-csms-local-mo-root.patch + + echo "Patching the CSMS to ignore OCSP" + patch -p1 -i config/everest/maeve-csms-ignore-ocsp.patch +fi diff --git a/config/everest/maeve-csms-everest-org.patch b/config/everest/maeve-csms-everest-org.patch new file mode 100644 index 00000000..999e9ad4 --- /dev/null +++ b/config/everest/maeve-csms-everest-org.patch @@ -0,0 +1,13 @@ +diff --git a/docker-compose.yml b/docker-compose.yml +index b2d93e6..fa3a1ff 100644 +--- a/docker-compose.yml ++++ b/docker-compose.yml +@@ -47,6 +47,8 @@ services: + - "/certificates/csms.key" + - "--tls-trust-cert" + - "/certificates/trust.pem" ++ - "--org-name" ++ - "EVerest" + - "--mqtt-addr" + - "mqtt://mqtt:1883" + - "--manager-api-addr" diff --git a/config/everest/maeve-csms-ignore-ocsp.patch b/config/everest/maeve-csms-ignore-ocsp.patch new file mode 100644 index 00000000..b904ef0e --- /dev/null +++ b/config/everest/maeve-csms-ignore-ocsp.patch @@ -0,0 +1,32 @@ +diff --git a/manager/handlers/ocpp201/authorize.go b/manager/handlers/ocpp201/authorize.go +index 5df2305..0db9f79 100644 +--- a/manager/handlers/ocpp201/authorize.go ++++ b/manager/handlers/ocpp201/authorize.go +@@ -38,7 +38,12 @@ func (a AuthorizeHandler) HandleCall(ctx context.Context, chargeStationId string + if req.Certificate != nil { + _, err = a.CertificateValidationService.ValidatePEMCertificateChain(ctx, []byte(*req.Certificate), req.IdToken.IdToken) + idTokenInfo.Status, certificateStatus = handleCertificateValidationError(err) +- if err != nil { ++ if err.Error() == "failed to perform ocsp check after 1 attempts" { ++ var tempStatus = types.AuthorizeCertificateStatusEnumTypeAccepted ++ certificateStatus = &tempStatus ++ idTokenInfo.Status = types.AuthorizationStatusEnumTypeAccepted ++ span.SetAttributes(attribute.String("authorize.cert_warn", "No OCSP, but ignoring for testing purpose.")) ++ } else if err != nil { + span.SetAttributes(attribute.String("authorize.cert_error", err.Error())) + } + } +@@ -46,7 +46,12 @@ func (a AuthorizeHandler) HandleCall(ctx context.Context, chargeStationId string + if req.Iso15118CertificateHashData != nil { + _, err := a.CertificateValidationService.ValidateHashedCertificateChain(ctx, *req.Iso15118CertificateHashData) + idTokenInfo.Status, certificateStatus = handleCertificateValidationError(err) +- if err != nil { ++ if err.Error() == "failed to perform ocsp check after 1 attempts" { ++ var tempStatus = types.AuthorizeCertificateStatusEnumTypeAccepted ++ certificateStatus = &tempStatus ++ idTokenInfo.Status = types.AuthorizationStatusEnumTypeAccepted ++ span.SetAttributes(attribute.String("authorize.cert_warn", "No OCSP, but ignoring for testing purpose.")) ++ } else if err != nil { + span.SetAttributes(attribute.String("authorize.cert_error", err.Error())) + } + } \ No newline at end of file diff --git a/config/everest/maeve-csms-local-mo-root.patch b/config/everest/maeve-csms-local-mo-root.patch new file mode 100644 index 00000000..c0b7f870 --- /dev/null +++ b/config/everest/maeve-csms-local-mo-root.patch @@ -0,0 +1,19 @@ +diff --git a/config/manager/config.toml b/config/manager/config.toml +index 3fa49ec..668eda9 100644 +--- a/config/manager/config.toml ++++ b/config/manager/config.toml +@@ -19,12 +19,8 @@ firestore.project_id = "*detect-project-id*" + type = "ocsp" + + [contract_cert_validator.ocsp.root_certs] +-type = "opcp" +-opcp.url = "https://open.plugncharge-test.hubject.com" +-opcp.ttl = "24h" +-opcp.auth.type = "hubject_test_token" +-opcp.auth.hubject_test_token.url = "https://hubject.stoplight.io/api/v1/projects/cHJqOjk0NTg5/nodes/6bb8b3bc79c2e-authorization-token" +-opcp.auth.hubject_test_token.ttl = "6h" ++type = "file" ++file.files = ["/certificates/root-MO-cert.pem"] + + [contract_cert_provider] + type = "opcp" diff --git a/gateway/cmd/serve.go b/gateway/cmd/serve.go index 0abdd1e5..fc36be7a 100644 --- a/gateway/cmd/serve.go +++ b/gateway/cmd/serve.go @@ -149,7 +149,22 @@ var serveCmd = &cobra.Command{ wsServer := server.New("ws", wsAddr, nil, websocketHandler) var wssServer *server.Server - if wssAddr != "" { + certs := []string{tlsServerCert, tlsServerKey} + certs = append(certs, tlsTrustCert...) + certsProvided := false + slog.Info("Checking to see what certs were provided...") + for _, cert := range certs { + _, err := os.ReadFile(cert) + if err == nil { + slog.Info("Found at least one cert:", cert) + certsProvided = true + break + } + } + + if !certsProvided { + slog.Warn("no certs were provided, WSS will be closed") + } else if wssAddr != "" { if tlsServerCert == "" { return fmt.Errorf("no tls server cert specified for wss connection") }