[readme] Update readmes with signed firmware update features

Author: c-jimenez

README.md

@@ -39,7 +39,7 @@ As of this version :
 
 * All the messages defined in the OCPP 1.6 edition 2 protocol have been implemented except GetCompositeSchedule for Charge Point role
 * All the configuration keys defined in the OCPP 1.6 edition 2 protocol have been implemented for the Charge Point role
-* Most of Charge Point and Central System behavior related to the OCPP 1.6 security whitepaper edition 2 has been implemented (work in progress, see [OCPP security extensions](#ocpp-security-extensions))
+* All the messages defined in the OCPP 1.6 security whitepaper edition 2 have been implemented
 
 The user application will have to implement some callbacks to provide the data needed by **Open OCPP** or to handle OCPP events (boot notification, remote start/stop notifications, meter values...).
 
@@ -123,12 +123,13 @@ In the "Owner" column, "S" means that the configuration key behavior is handled
 | ChargingScheduleMaxPeriods | S | None |
 | ConnectorSwitch3to1PhaseSupported | S | None |
 | MaxChargingProfilesInstalled | S | None |
-| AdditionalRootCertificateCheck | U/S | Not implemented yet : implemented behavior is the same as if AdditionalRootCertificateCheck = False |
+| AdditionalRootCertificateCheck | U/S | If internal certificate management is enabled, the stack handle this parameter (implemented behavior for now is the always the one corresponding to AdditionalRootCertificateCheck = False), otherwise it must be the user application |
 | AuthorizationKey | S | None |
 | CertificateSignedMaxChainSize | S | None |
 | CertificateStoreMaxLength | U/S | If internal certificate management is enabled, the stack handle this parameter, otherwise it must be the user application |
 | CpoName | S | None |
 | SecurityProfile | S | None |
+| SupportedFileTransferProtocols | U | None |
 
 ### OCPP security extensions
 
@@ -145,6 +146,8 @@ In Charge Point role, the stack will automatically disconnect and then reconnect
 * **AuthorizationKey**
 * **Security Profile**
 
+**Restriction** : The automatic fallback to old connection parameters if the connection fails after switching to a new security is not implemented yet.
+
 #### Security events
 
 **Open OCPP** support the whole use cases of security events and logging. 
@@ -177,6 +180,14 @@ If **InternalCertificateManagementEnabled** is set to **false**, the actual stor
 
 If **InternalCertificateManagementEnabled** is set to **true**, the storage of certificates and their keys is fully handled by **Open OCPP**. The user application just has to provide a passphrase using the **TlsClientCertificatePrivateKeyPassphrase** configuration key to securily encrypt the certicates' private keys using AES-256-CBC algorithm. **Open OCPP** will automatically use the installed corresponding certificates depending on the configured Security Profile and the certificates validity dates.
 
+**Restriction** : The automatic fallback to old certificate if the connection fails after installing new certificate is not implemented yet.
+
+#### Signed firmware update
+
+**Open OCPP** support this feature for both Charge Point and Central System roles.
+
+**Open OCPP** provides helper classes based on OpenSSL to ease private keys, certificate and certificate requests usage : generation, signature, verification. They can be used in the user application callbacks. These helpers can be found in the ocpp::tools::x509 namespace and are widely used in the **Open OCPP** source code and examples.
+
 ### Internal configuration keys
 
 The behavior and the configuration of the **Open OCPP** stack can be modified through configuration keys. Some are specific to an OCPP role and some are common.

examples/README.md

@@ -2,12 +2,18 @@
 
 All the examples are licensed under the MIT licence so that code can be used and modified at will without having to contribute back.
 
-The following examples are available :
+The following examples are available for OCPP 1.6 standard :
+
 * [Quick start Central System example](./quick_start_centralsystem/README.md)
 * [Quick start Charge Point example](./quick_start_chargepoint/README.md)
 * [Remote Charge Point example](./remote_chargepoint/README.md)
+
+The following examples are available for OCPP 1.6 security extensions :
+
+* [Security Central System example](./security_centralsystem/README.md)
 * [Security Charge Point example](./security_chargepoint/README.md)
 
 How to run the examples:
+
 * Customize the *config.ini* file of the selected example with the URL of the Central System and the other connection parameters has well has the OCPP configuration keys
 * Run the example using the **-w** option to specify the path of the configuration file

examples/security_centralsystem/README.md

@@ -4,7 +4,7 @@
 The certificate management implemented in this example does not follow the state of the arts recommendations :
 
 * Secure storage of private keys / authentication credentials
-* No password on private keys
+* No password on some private keys
 * ... and surely some more
 
 The choosen implementation has only be made to have a simple and comprehensive example of how to use **Open OCPP** features.
@@ -16,6 +16,8 @@ The central system loops on its connected charge points. For each charge point i
 
 * Configure security profile of the Charge Point from 0 to 3
 * Security events / logging
+* Signed firmware update
+* Certificate management
 
 This example must be used with the **security_chargepoint** example since 1 step of the implementation of the security profile change is non standard : the configuration of the connection URL of the charge point.
 

examples/security_chargepoint/README.md

@@ -15,6 +15,7 @@ This example simulates a charge point which uses the messages defined in the sec
 
 * Security events / logging
 * Certificate management and secure connection
+* Signed firmware update
 
 This example must be used with the **security_centralsystem** example since 1 step of the implementation of the security profile change is non standard : the configuration of the connection URL of the charge point.