eric/cariflex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add extracted tools: CitrineOS, OpenOCPP, ShapeShifter

Browse Source 
- CitrineOS core extracted (CSMS OCPP 2.0.1)
- OpenOCPP extracted (firmware OCPP 1.6J/2.0.1)
- ShapeShifter library installed (pip install -e)
- ShapeShifter specification extracted
- EVerest extracted

TODO updated with progress
This commit is contained in:
Eric F
2026-06-08 00:38:27 -04:00
parent 468cfeaa50
commit d398a6ced2
7326 changed files with 1177561 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tools/EVerest-main/modules/EVSE/EvseSecurity/BUILD.bazel Normal file
View File

@@ -0,0 +1,15 @@
load("//modules:module.bzl", "cc_everest_module")
IMPLS = [
"main",
]
cc_everest_module(
name = "EvseSecurity",
deps = [
"//lib/everest/evse_security:libevse-security",
"//lib:evse_security_conversions",
],
impls = IMPLS,
)

27
tools/EVerest-main/modules/EVSE/EvseSecurity/CMakeLists.txt Normal file
View File

@@ -0,0 +1,27 @@
#
# AUTO GENERATED - MARKED REGIONS WILL BE KEPT
# template version 3
#
# module setup:
# - ${MODULE_NAME}: module name
ev_setup_cpp_module()
# ev@bcc62523-e22b-41d7-ba2f-825b493a3c97:v1
# insert your custom targets and additional config variables here
target_link_libraries(${MODULE_NAME}
PRIVATE
everest::evse_security
everest::evse_security_conversions
)
# ev@bcc62523-e22b-41d7-ba2f-825b493a3c97:v1
target_sources(${MODULE_NAME}
PRIVATE
"main/evse_securityImpl.cpp"
)
# ev@c55432ab-152c-45a9-9d2e-7281d50c69c3:v1
# insert other things like install cmds etc here
# ev@c55432ab-152c-45a9-9d2e-7281d50c69c3:v1

15
tools/EVerest-main/modules/EVSE/EvseSecurity/EvseSecurity.cpp Normal file
View File

@@ -0,0 +1,15 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright Pionix GmbH and Contributors to EVerest
#include "EvseSecurity.hpp"
namespace module {
void EvseSecurity::init() {
invoke_init(*p_main);
}
void EvseSecurity::ready() {
invoke_ready(*p_main);
}
} // namespace module

68
tools/EVerest-main/modules/EVSE/EvseSecurity/EvseSecurity.hpp Normal file
View File

@@ -0,0 +1,68 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright Pionix GmbH and Contributors to EVerest
#ifndef EVSE_SECURITY_HPP
#define EVSE_SECURITY_HPP
//
// AUTO GENERATED - MARKED REGIONS WILL BE KEPT
// template version 2
//
#include "ld-ev.hpp"
// headers for provided interface implementations
#include <generated/interfaces/evse_security/Implementation.hpp>
// ev@4bf81b14-a215-475c-a1d3-0a484ae48918:v1
// insert your custom include headers here
// ev@4bf81b14-a215-475c-a1d3-0a484ae48918:v1
namespace module {
struct Conf {
std::string csms_ca_bundle;
std::string mf_ca_bundle;
std::string mo_ca_bundle;
std::string v2g_ca_bundle;
std::string csms_leaf_cert_directory;
std::string csms_leaf_key_directory;
std::string secc_leaf_cert_directory;
std::string secc_leaf_key_directory;
std::string private_key_password;
};
class EvseSecurity : public Everest::ModuleBase {
public:
EvseSecurity() = delete;
EvseSecurity(const ModuleInfo& info, std::unique_ptr<evse_securityImplBase> p_main, Conf& config) :
ModuleBase(info), p_main(std::move(p_main)), config(config){};
const std::unique_ptr<evse_securityImplBase> p_main;
const Conf& config;
// ev@1fce4c5e-0ab8-41bb-90f7-14277703d2ac:v1
// insert your public definitions here
// ev@1fce4c5e-0ab8-41bb-90f7-14277703d2ac:v1
protected:
// ev@4714b2ab-a24f-4b95-ab81-36439e1478de:v1
// insert your protected definitions here
// ev@4714b2ab-a24f-4b95-ab81-36439e1478de:v1
private:
friend class LdEverest;
void init();
void ready();
// ev@211cfdbe-f69a-4cd6-a4ec-f8aaa3d1b6c8:v1
// insert your private definitions here
// ev@211cfdbe-f69a-4cd6-a4ec-f8aaa3d1b6c8:v1
};
// ev@087e516b-124c-48df-94fb-109508c7cda9:v1
// insert other definitions here
// ev@087e516b-124c-48df-94fb-109508c7cda9:v1
} // namespace module
#endif // EVSE_SECURITY_HPP

126
tools/EVerest-main/modules/EVSE/EvseSecurity/docs/index.rst Normal file
View File

@@ -0,0 +1,126 @@
.. _everest_modules_handwritten_EvseSecurity:
.. ============
.. EvseSecurity
.. ============
This module implements the
:ref:`evse_security interface <everest_interfaces_evse_security>`.
It wraps the functionality of the
`libevse-security <https://github.com/EVerest/libevse-security>`_
to provide access to security-related operations to other Everest modules such
as OCPP and ISO15118. These modules require similar security-related
operations and shared access to certificates and keys, which this module
facilitates.
For detailed information about the provided functionality, please refer to the
README within the
`libevse-security <https://github.com/EVerest/libevse-security>`_.
CA Certificate Domains
======================
The combination of ISO 15118 and OCPP defines several CA certificate domains
for charging stations, addressed and covered by this module:
* V2G root: Trust anchor for ISO 15118 TLS communication between the charging
station and the electric vehicle.
* CSMS root: Trust anchor for TLS communication between the charging station
and OCPP CSMS.
* MF root: Trust anchor of the manufacturer to verify firmware updates.
* MO root: Trust anchor of the Mobility Operator domain to verify contract
certificates.
Module Configuration
====================
The following instructions describe how to configure the module parameters
mainly for two domains: OCPP communication and ISO 15118 communication.
A lot of configuration parameters specify directory or file paths from which
certificates and private keys are loaded or new certificates and keys are
written to. Please make sure that these paths are writeable for EVerest.
Configuration for OCPP
----------------------
In OCPP and OCPP security profiles, the security level of the connection is
specified as follows:
* SecurityProfile 0: Unsecured transport without basic authentication
* SecurityProfile 1: Unsecured transport with basic authentication
* SecurityProfile 2: TLS with basic authentication
* SecurityProfile 3: TLS with client-side certificates
Only when security profiles 2 or 3 are used, the configuration of this module
is relevant for the OCPP communication. In this case, the charging station
acts as a TLS client.
The ``csms_ca_bundle`` config parameter specifies a path to a file containing
trusted CSMS root certificates. The server certificate presented by the CSMS
server during the TLS handshake must be signed by one of the trusted root
certificates specified in this file.
If new root certificates are installed using the ``install_ca_certificate``
command with the CSMS domain specified, the new CA certificate is installed
into the specified bundle and used for further validations.
Note: The OCPP modules in EVerest can be configured to also trust the
operating system's default verify paths. The parameter controlling this
behavior is ``UseSslDefaultVerifyPaths``. If configured to ``true``, the
``csms_ca_bundle`` need not necessarily be configured.
If security profile 3 is used, a mutual TLS (mTLS) connection shall be
established, so the CSMS server also verifies the client certificate. The
``csms_leaf_cert_directory`` and ``csms_leaf_key_directory`` need to be
configured for this. These parameters specify the directory of the client
certificate and key for the mTLS connection.
New CSMS client certificates can be installed using the
``update_leaf_certificate`` command with the CSMS domain specified. In OCPP,
new client certificates are installed by using the ``CertificateSigned.req``
message.
Configuration for ISO 15118
---------------------------
For ISO 15118 communication, the charging station provides a server endpoint
to which the electric vehicle connects. The communication may be secured using
TLS. TLS is mandatory for Plug&Charge. If TLS is used, the correct
configuration of the ``secc_leaf_cert_directory`` and
``secc_leaf_key_directory`` is required. These directories are used to locate
the server certificate and key for the ISO 15118 TLS server provided by the
charging station.
New V2G client certificates can be installed using the
``update_leaf_certificate`` command with the V2G domain specified. In OCPP,
new client certificates are installed by using the ``CertificateSigned.req``
message.
Private Key Password
--------------------
If private keys are generated in the process of generating a certificate
signing request (CSR), the private keys are not encrypted with a password.
Therefore, no password needs to be configured if all certificates are
installed using the ``generate_certificate_signing_request`` and
``update_leaf_certificate`` commands.
If existing certificates and private keys are to be installed, the
``private_key_password`` parameter specifies the password for encrypted
private keys. Please note that only one value can be configured for possibly
multiple encrypted private keys.
More about CSMS, V2G, MO and MF Bundles
---------------------------------------
* The ``v2g_ca_bundle`` is used to verify the installation of SECC leaf
certificates using the ``update_leaf_certificate`` command.
* The ``csms_ca_bundle`` is used to verify the installation of CSMS leaf
certificates using the ``update_leaf_certificate`` command.
* The ``mo_ca_bundle`` is used to verify contract certificates provided by the
electric vehicle as part of the ISO 15118 Plug & Charge process.
* The ``mf_ca_bundle`` is used to verify firmware update files.
New root certificates can be installed in the specified domain using the
``install_ca_certificate`` command.

290
tools/EVerest-main/modules/EVSE/EvseSecurity/main/evse_securityImpl.cpp Normal file
View File

@@ -0,0 +1,290 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright Pionix GmbH and Contributors to EVerest
#include "evse_securityImpl.hpp"
#include <everest/conversions/evse_security/conversions.hpp>
namespace module {
namespace main {
void evse_securityImpl::init() {
const auto certs_path = this->mod->info.paths.etc / "certs";
evse_security::FilePaths file_paths = {certs_path / this->mod->config.csms_ca_bundle,
certs_path / this->mod->config.mf_ca_bundle,
certs_path / this->mod->config.mo_ca_bundle,
certs_path / this->mod->config.v2g_ca_bundle,
certs_path / this->mod->config.csms_leaf_cert_directory,
certs_path / this->mod->config.csms_leaf_key_directory,
certs_path / this->mod->config.secc_leaf_cert_directory,
certs_path / this->mod->config.secc_leaf_key_directory};
std::optional<std::string> private_key_password = std::nullopt;
if (!this->mod->config.private_key_password.empty()) {
private_key_password = this->mod->config.private_key_password;
}
this->evse_security = std::make_unique<evse_security::EvseSecurity>(file_paths, private_key_password);
}
void evse_securityImpl::ready() {
}
types::evse_security::InstallCertificateResult
evse_securityImpl::handle_install_ca_certificate(std::string& certificate,
types::evse_security::CaCertificateType& certificate_type) {
try {
const auto response = conversions::to_everest(
this->evse_security->install_ca_certificate(certificate, conversions::from_everest(certificate_type)));
if (response == types::evse_security::InstallCertificateResult::Accepted) {
types::evse_security::CertificateStoreUpdate update;
update.operation = types::evse_security::CertificateStoreUpdateOperation::Installed;
update.ca_certificate_type = certificate_type;
this->publish_certificate_store_update(update);
}
return response;
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return types::evse_security::InstallCertificateResult::WriteError;
}
}
types::evse_security::DeleteCertificateResult
evse_securityImpl::handle_delete_certificate(types::evse_security::CertificateHashData& certificate_hash_data) {
try {
const auto response = this->evse_security->delete_certificate(conversions::from_everest(certificate_hash_data));
const auto result = conversions::to_everest(response.result);
if (result == types::evse_security::DeleteCertificateResult::Accepted) {
types::evse_security::CertificateStoreUpdate update;
update.operation = types::evse_security::CertificateStoreUpdateOperation::Deleted;
if (response.ca_certificate_type.has_value()) {
update.ca_certificate_type = conversions::to_everest(response.ca_certificate_type.value());
}
if (response.leaf_certificate_type.has_value()) {
update.leaf_certificate_type = conversions::to_everest(response.leaf_certificate_type.value());
}
this->publish_certificate_store_update(update);
}
return result;
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return types::evse_security::DeleteCertificateResult::Failed;
}
}
types::evse_security::InstallCertificateResult
evse_securityImpl::handle_update_leaf_certificate(std::string& certificate_chain,
types::evse_security::LeafCertificateType& certificate_type) {
try {
const auto response = conversions::to_everest(this->evse_security->update_leaf_certificate(
certificate_chain, conversions::from_everest(certificate_type)));
if (response == types::evse_security::InstallCertificateResult::Accepted) {
types::evse_security::CertificateStoreUpdate update;
update.operation = types::evse_security::CertificateStoreUpdateOperation::Installed;
update.leaf_certificate_type = certificate_type;
this->publish_certificate_store_update(update);
}
return response;
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return types::evse_security::InstallCertificateResult::WriteError;
}
}
types::evse_security::CertificateValidationResult evse_securityImpl::handle_verify_certificate(
std::string& certificate_chain, std::vector<types::evse_security::LeafCertificateType>& certificate_types) {
std::vector<evse_security::LeafCertificateType> _certificate_types;
for (const auto& certificate_type : certificate_types) {
try {
_certificate_types.push_back(conversions::from_everest(certificate_type));
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
}
}
try {
return conversions::to_everest(this->evse_security->verify_certificate(certificate_chain, _certificate_types));
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return types::evse_security::CertificateValidationResult::Unknown;
}
}
types::evse_security::GetInstalledCertificatesResult evse_securityImpl::handle_get_installed_certificates(
std::vector<types::evse_security::CertificateType>& certificate_types) {
std::vector<evse_security::CertificateType> _certificate_types;
for (const auto& certificate_type : certificate_types) {
try {
_certificate_types.push_back(conversions::from_everest(certificate_type));
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
}
}
try {
return conversions::to_everest(this->evse_security->get_installed_certificates(_certificate_types));
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return {types::evse_security::GetInstalledCertificatesStatus::NotFound, {}};
}
}
types::evse_security::OCSPRequestDataList evse_securityImpl::handle_get_v2g_ocsp_request_data() {
try {
return conversions::to_everest(this->evse_security->get_v2g_ocsp_request_data());
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return {};
}
}
types::evse_security::OCSPRequestDataList
evse_securityImpl::handle_get_mo_ocsp_request_data(std::string& certificate_chain) {
try {
return conversions::to_everest(this->evse_security->get_mo_ocsp_request_data(certificate_chain));
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return {};
}
}
void evse_securityImpl::handle_update_ocsp_cache(types::evse_security::CertificateHashData& certificate_hash_data,
std::string& ocsp_response) {
try {
this->evse_security->update_ocsp_cache(conversions::from_everest(certificate_hash_data), ocsp_response);
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
}
}
bool evse_securityImpl::handle_is_ca_certificate_installed(types::evse_security::CaCertificateType& certificate_type) {
try {
return this->evse_security->is_ca_certificate_installed(conversions::from_everest(certificate_type));
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return false;
}
}
types::evse_security::GetCertificateSignRequestResult evse_securityImpl::handle_generate_certificate_signing_request(
types::evse_security::LeafCertificateType& certificate_type, std::string& country, std::string& organization,
std::string& common, bool& use_tpm) {
types::evse_security::GetCertificateSignRequestResult response;
try {
auto csr_response = this->evse_security->generate_certificate_signing_request(
conversions::from_everest(certificate_type), country, organization, common, use_tpm);
response.status = conversions::to_everest(csr_response.status);
if (csr_response.status == evse_security::GetCertificateSignRequestStatus::Accepted &&
csr_response.csr.has_value()) {
response.csr = csr_response.csr;
}
return response;
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
response.status = types::evse_security::GetCertificateSignRequestStatus::GenerationError;
return response;
}
}
types::evse_security::GetCertificateInfoResult
evse_securityImpl::handle_get_leaf_certificate_info(types::evse_security::LeafCertificateType& certificate_type,
types::evse_security::EncodingFormat& encoding,
bool& include_ocsp) {
types::evse_security::GetCertificateInfoResult response;
try {
const auto leaf_info = this->evse_security->get_leaf_certificate_info(
conversions::from_everest(certificate_type), conversions::from_everest(encoding), include_ocsp);
response.status = conversions::to_everest(leaf_info.status);
if (leaf_info.status == evse_security::GetCertificateInfoStatus::Accepted && leaf_info.info.has_value()) {
response.info = conversions::to_everest(leaf_info.info.value());
}
return response;
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
response.status = types::evse_security::GetCertificateInfoStatus::Rejected;
return response;
}
}
types::evse_security::GetCertificateFullInfoResult
evse_securityImpl::handle_get_all_valid_certificates_info(types::evse_security::LeafCertificateType& certificate_type,
types::evse_security::EncodingFormat& encoding,
bool& include_ocsp) {
types::evse_security::GetCertificateFullInfoResult response;
try {
const auto full_leaf_info = this->evse_security->get_all_valid_certificates_info(
conversions::from_everest(certificate_type), conversions::from_everest(encoding), include_ocsp);
response.status = conversions::to_everest(full_leaf_info.status);
if (full_leaf_info.status == evse_security::GetCertificateInfoStatus::Accepted) {
for (const auto& info : full_leaf_info.info) {
response.info.push_back(conversions::to_everest(info));
}
}
return response;
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
response.status = types::evse_security::GetCertificateInfoStatus::Rejected;
return response;
}
}
std::string evse_securityImpl::handle_get_verify_file(types::evse_security::CaCertificateType& certificate_type) {
try {
return this->evse_security->get_verify_file(conversions::from_everest(certificate_type));
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return {};
}
}
std::string evse_securityImpl::handle_get_verify_location(types::evse_security::CaCertificateType& certificate_type) {
try {
return this->evse_security->get_verify_location(conversions::from_everest(certificate_type));
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return {};
}
}
int evse_securityImpl::handle_get_leaf_expiry_days_count(types::evse_security::LeafCertificateType& certificate_type) {
try {
return this->evse_security->get_leaf_expiry_days_count(conversions::from_everest(certificate_type));
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return 0;
}
}
bool evse_securityImpl::handle_verify_file_signature(std::string& file_path, std::string& signing_certificate,
std::string& signature) {
try {
return evse_security::EvseSecurity::verify_file_signature(std::filesystem::path(file_path), signing_certificate,
signature);
} catch (const std::out_of_range& e) {
EVLOG_warning << e.what();
return false;
}
}
} // namespace main
} // namespace module

96
tools/EVerest-main/modules/EVSE/EvseSecurity/main/evse_securityImpl.hpp Normal file
View File

@@ -0,0 +1,96 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright Pionix GmbH and Contributors to EVerest
#ifndef MAIN_EVSE_SECURITY_IMPL_HPP
#define MAIN_EVSE_SECURITY_IMPL_HPP
//
// AUTO GENERATED - MARKED REGIONS WILL BE KEPT
// template version 3
//
#include <generated/interfaces/evse_security/Implementation.hpp>
#include "../EvseSecurity.hpp"
// ev@75ac1216-19eb-4182-a85c-820f1fc2c091:v1
// insert your custom include headers here
#include <evse_security/evse_security.hpp>
// ev@75ac1216-19eb-4182-a85c-820f1fc2c091:v1
namespace module {
namespace main {
struct Conf {};
class evse_securityImpl : public evse_securityImplBase {
public:
evse_securityImpl() = delete;
evse_securityImpl(Everest::ModuleAdapter* ev, const Everest::PtrContainer<EvseSecurity>& mod, Conf& config) :
evse_securityImplBase(ev, "main"), mod(mod), config(config){};
// ev@8ea32d28-373f-4c90-ae5e-b4fcc74e2a61:v1
// insert your public definitions here
// ev@8ea32d28-373f-4c90-ae5e-b4fcc74e2a61:v1
protected:
// command handler functions (virtual)
virtual types::evse_security::InstallCertificateResult
handle_install_ca_certificate(std::string& certificate,
types::evse_security::CaCertificateType& certificate_type) override;
virtual types::evse_security::DeleteCertificateResult
handle_delete_certificate(types::evse_security::CertificateHashData& certificate_hash_data) override;
virtual types::evse_security::InstallCertificateResult
handle_update_leaf_certificate(std::string& certificate_chain,
types::evse_security::LeafCertificateType& certificate_type) override;
virtual types::evse_security::CertificateValidationResult
handle_verify_certificate(std::string& certificate_chain,
std::vector<types::evse_security::LeafCertificateType>& certificate_types) override;
virtual types::evse_security::GetInstalledCertificatesResult
handle_get_installed_certificates(std::vector<types::evse_security::CertificateType>& certificate_types) override;
virtual types::evse_security::OCSPRequestDataList handle_get_v2g_ocsp_request_data() override;
virtual types::evse_security::OCSPRequestDataList
handle_get_mo_ocsp_request_data(std::string& certificate_chain) override;
virtual void handle_update_ocsp_cache(types::evse_security::CertificateHashData& certificate_hash_data,
std::string& ocsp_response) override;
virtual bool handle_is_ca_certificate_installed(types::evse_security::CaCertificateType& certificate_type) override;
virtual types::evse_security::GetCertificateSignRequestResult
handle_generate_certificate_signing_request(types::evse_security::LeafCertificateType& certificate_type,
std::string& country, std::string& organization, std::string& common,
bool& use_tpm) override;
virtual types::evse_security::GetCertificateInfoResult
handle_get_leaf_certificate_info(types::evse_security::LeafCertificateType& certificate_type,
types::evse_security::EncodingFormat& encoding, bool& include_ocsp) override;
virtual types::evse_security::GetCertificateFullInfoResult
handle_get_all_valid_certificates_info(types::evse_security::LeafCertificateType& certificate_type,
types::evse_security::EncodingFormat& encoding, bool& include_ocsp) override;
virtual std::string handle_get_verify_file(types::evse_security::CaCertificateType& certificate_type) override;
virtual std::string handle_get_verify_location(types::evse_security::CaCertificateType& certificate_type) override;
virtual int handle_get_leaf_expiry_days_count(types::evse_security::LeafCertificateType& certificate_type) override;
virtual bool handle_verify_file_signature(std::string& file_path, std::string& signing_certificate,
std::string& signature) override;
// ev@d2d1847a-7b88-41dd-ad07-92785f06f5c4:v1
// insert your protected definitions here
// ev@d2d1847a-7b88-41dd-ad07-92785f06f5c4:v1
private:
const Everest::PtrContainer<EvseSecurity>& mod;
const Conf& config;
virtual void init() override;
virtual void ready() override;
// ev@3370e4dd-95f4-47a9-aaec-ea76f34a66c9:v1
// insert your private definitions here
std::unique_ptr<evse_security::EvseSecurity> evse_security;
// ev@3370e4dd-95f4-47a9-aaec-ea76f34a66c9:v1
};
// ev@3d7da0ad-02c2-493d-9920-0bbbd56b9876:v1
// insert other definitions here
// ev@3d7da0ad-02c2-493d-9920-0bbbd56b9876:v1
} // namespace main
} // namespace module
#endif // MAIN_EVSE_SECURITY_IMPL_HPP

49
tools/EVerest-main/modules/EVSE/EvseSecurity/manifest.yaml Normal file
View File

@@ -0,0 +1,49 @@
description: >-
This module implements the evse_security interface. It uses the filesystem to store certificates
and keys
config:
csms_ca_bundle:
description: Path to csms_ca_bundle file. If relative will be prefixed with everest prefix + etc/everest/certs. Otherwise absolute file path is used.
type: string
default: ca/csms/CSMS_ROOT_CA.pem
mf_ca_bundle:
description: Path to mf_ca_bundle file. If relative will be prefixed with everest prefix + etc/everest/certs. Otherwise absolute file path is used.
type: string
default: ca/mf/MF_ROOT_CA.pem
mo_ca_bundle:
description: Path to mo_ca_bundle file. If relative will be prefixed with everest prefix + etc/everest/certs. Otherwise absolute file path is used.
type: string
default: ca/mo/MO_ROOT_CA.pem
v2g_ca_bundle:
description: Path to v2g_ca_bundle file. If relative will be prefixed with everest prefix + etc/everest/certs. Otherwise absolute file path is used.
type: string
default: ca/v2g/V2G_ROOT_CA.pem
csms_leaf_cert_directory:
description: Directory where CSMS leaf certificates are stored. If relative will be prefixed with everest prefix + etc/everest/certs. Otherwise absolute file path is used.
type: string
default: client/csms
csms_leaf_key_directory:
description: Directory where CSMS private keys are stored. If relative will be prefixed with everest prefix + etc/everest/certs. Otherwise absolute file path is used.
type: string
default: client/csms
secc_leaf_cert_directory:
description: Directory where SECC leaf certificates are stored. If relative will be prefixed with everest prefix + etc/everest/certs. Otherwise absolute file path is used.
type: string
default: client/cso
secc_leaf_key_directory:
description: Directory where SECC private keys are stored. If relative will be prefixed with everest prefix + etc/everest/certs. Otherwise absolute file path is used.
type: string
default: client/cso
private_key_password:
description: Password for encrypted private keys.
type: string
default: ""
provides:
main:
description: Implementation of the evse_security interface
interface: evse_security
enable_telemetry: false
metadata:
license: https://opensource.org/licenses/Apache-2.0
authors:
- Piet Gömpel