[charge point] Add implementation of SignedUpdateFirmware and SignedFirmwareStatusNotification

Author: c-jimenez

examples/common/DefaultChargePointEventsHandler.cpp

@@ -629,6 +629,45 @@ bool DefaultChargePointEventsHandler::hasChargePointCertificateInstalled()
     return false;
 }
 
+/** @copydoc ocpp::types::UpdateFirmwareStatusEnumType IChargePointEventsHandler::checkFirmwareSigningCertificate(
+ *                                            const ocpp::x509::Certificate&) */
+ocpp::types::UpdateFirmwareStatusEnumType DefaultChargePointEventsHandler::checkFirmwareSigningCertificate(
+    const ocpp::x509::Certificate& signing_certificate)
+{
+    UpdateFirmwareStatusEnumType ret = UpdateFirmwareStatusEnumType::InvalidCertificate;
+
+    cout << "Check of firmware signing certificate requested : subject = " << signing_certificate.subjectString()
+         << " - issuer = " << signing_certificate.issuerString() << endl;
+
+    // Load all installed Manufacturer CA certificates
+    std::vector<Certificate> ca_certificates;
+    for (auto const& dir_entry : std::filesystem::directory_iterator{m_working_dir})
+    {
+        if (!dir_entry.is_directory())
+        {
+            std::string filename = dir_entry.path().filename();
+            if (ocpp::helpers::startsWith(filename, "fw_") && ocpp::helpers::endsWith(filename, ".pem"))
+            {
+                ca_certificates.emplace_back(dir_entry.path());
+            }
+        }
+    }
+    if (!ca_certificates.empty())
+    {
+        // Check signing certificate
+        if (signing_certificate.verify(ca_certificates))
+        {
+            ret = UpdateFirmwareStatusEnumType::Accepted;
+        }
+    }
+    else
+    {
+        cout << "No manufacturer CA installed" << endl;
+    }
+
+    return ret;
+}
+
 /** @brief Get the number of installed CA certificates */
 unsigned int DefaultChargePointEventsHandler::getNumberOfCaCertificateInstalled(bool manufacturer, bool central_system)
 {

examples/common/DefaultChargePointEventsHandler.h

@@ -158,6 +158,10 @@ class DefaultChargePointEventsHandler : public ocpp::chargepoint::IChargePointEv
     /** @copydoc bool IChargePointEventsHandler::hasChargePointCertificateInstalled() */
     bool hasChargePointCertificateInstalled() override;
 
+    /** @copydoc ocpp::types::UpdateFirmwareStatusEnumType IChargePointEventsHandler::checkFirmwareSigningCertificate(
+     *                                            const ocpp::x509::Certificate&) */
+    ocpp::types::UpdateFirmwareStatusEnumType checkFirmwareSigningCertificate(const ocpp::x509::Certificate& signing_certificate) override;
+
     // API
 
     /** @brief Indicate a pending remote start transaction */

src/chargepoint/ChargePoint.cpp

@@ -291,6 +291,7 @@ bool ChargePoint::start()
         m_data_transfer_manager =
             std::make_unique<DataTransferManager>(m_events_handler, m_messages_converter, *m_msg_dispatcher, *m_msg_sender);
         m_maintenance_manager = std::make_unique<MaintenanceManager>(m_stack_config,
+                                                                     m_internal_config,
                                                                      m_events_handler,
                                                                      *m_worker_pool.get(),
                                                                      m_messages_converter,
@@ -645,19 +646,19 @@ bool ChargePoint::notifyFirmwareUpdateStatus(bool success)
 
 // Security extensions
 
-/** @copydoc bool IChargePoint::logSecurityEvent::logSecurityEvent(const std::string&, const std::string&, bool) */
+/** @copydoc bool IChargePoint::logSecurityEvent(const std::string&, const std::string&, bool) */
 bool ChargePoint::logSecurityEvent(const std::string& type, const std::string& message, bool critical)
 {
     return m_security_manager.logSecurityEvent(type, message, critical);
 }
 
-/** @copydoc bool IChargePoint::ISecurityManager::clearSecurityEvents() */
+/** @copydoc bool IChargePoint::clearSecurityEvents() */
 bool ChargePoint::clearSecurityEvents()
 {
     return m_security_manager.clearSecurityEvents();
 }
 
-/** @copydoc bool IChargePoint::ISecurityManager::signCertificate(const ocpp::x509::CertificateRequest&) */
+/** @copydoc bool IChargePoint::signCertificate(const ocpp::x509::CertificateRequest&) */
 bool ChargePoint::signCertificate(const ocpp::x509::CertificateRequest& csr)
 {
     bool ret = false;
@@ -688,7 +689,7 @@ bool ChargePoint::signCertificate(const ocpp::x509::CertificateRequest& csr)
     return ret;
 }
 
-/** @copydoc bool IChargePoint::ISecurityManager::signCertificate() */
+/** @copydoc bool IChargePoint::signCertificate() */
 bool ChargePoint::signCertificate()
 {
     bool ret = false;
@@ -719,6 +720,30 @@ bool ChargePoint::signCertificate()
     return ret;
 }
 
+/** @copydoc bool IChargePoint::notifySignedFirmwareUpdateStatus(ocpp::types::FirmwareStatusEnumType) */
+bool ChargePoint::notifySignedFirmwareUpdateStatus(ocpp::types::FirmwareStatusEnumType status)
+{
+    bool ret = false;
+
+    if (m_status_manager)
+    {
+        if (m_status_manager->getRegistrationStatus() != RegistrationStatus::Rejected)
+        {
+            ret = m_maintenance_manager->notifySignedFirmwareUpdateStatus(status);
+        }
+        else
+        {
+            LOG_ERROR << "Charge Point has not been accepted by Central System";
+        }
+    }
+    else
+    {
+        LOG_ERROR << "Stack is not started";
+    }
+
+    return ret;
+}
+
 /** @copydoc void RpcClient::IListener::rpcClientConnected() */
 void ChargePoint::rpcClientConnected()
 {
@@ -994,7 +1019,7 @@ bool ChargePoint::doConnect()
         else
         {
             // Use internal certificates
-            credentials.server_certificate_ca = m_security_manager.getCentralSystemCaCertificates();
+            credentials.server_certificate_ca = m_security_manager.getCaCertificates(CertificateUseEnumType::CentralSystemRootCertificate);
             if (security_profile == 3)
             {
                 std::string encrypted_private_key;

src/chargepoint/ChargePoint.h

@@ -159,18 +159,21 @@ class ChargePoint : public IChargePoint,
 
     // Security extensions
 
-    /** @copydoc bool IChargePoint::logSecurityEvent::logSecurityEvent(const std::string&, const std::string&, bool) */
+    /** @copydoc bool IChargePoint::logSecurityEvent(const std::string&, const std::string&, bool) */
     bool logSecurityEvent(const std::string& type, const std::string& message, bool critical) override;
 
-    /** @copydoc bool IChargePoint::ISecurityManager::clearSecurityEvents() */
+    /** @copydoc bool IChargePoint::clearSecurityEvents() */
     bool clearSecurityEvents() override;
 
-    /** @copydoc bool IChargePoint::ISecurityManager::signCertificate(const ocpp::x509::CertificateRequest&) */
+    /** @copydoc bool IChargePoint::signCertificate(const ocpp::x509::CertificateRequest&) */
     bool signCertificate(const ocpp::x509::CertificateRequest& csr) override;
 
-    /** @copydoc bool IChargePoint::ISecurityManager::signCertificate() */
+    /** @copydoc bool IChargePoint::signCertificate() */
     bool signCertificate() override;
 
+    /** @copydoc bool IChargePoint::notifySignedFirmwareUpdateStatus(ocpp::types::FirmwareStatusEnumType) */
+    bool notifySignedFirmwareUpdateStatus(ocpp::types::FirmwareStatusEnumType status) override;
+
     // RpcClient::IListener interface
 
     /** @copydoc void RpcClient::IListener::rpcClientConnected() */

src/chargepoint/config/InternalConfigKeys.h

@@ -42,6 +42,8 @@ static constexpr const char* LAST_CONNECTION_URL_KEY = "LastConnectionUrl";
 static constexpr const char* LAST_REGISTRATION_STATUS_KEY = "LastRegistrationStatus";
 /** @brief Configuration key : local list version */
 static constexpr const char* LOCAL_LIST_VERSION_KEY = "LocalListVersion";
+/** @brief Configuration key : signed firmware update request id */
+static constexpr const char* SIGNED_FW_UPDATE_ID_KEY = "SignedFirmwareUpdateId";
 
 } // namespace chargepoint
 } // namespace ocpp

src/chargepoint/interface/IChargePoint.h

@@ -246,6 +246,13 @@ class IChargePoint
      * @return true if the request has been sent and accepted, false otherwise
      */
     virtual bool signCertificate() = 0;
+
+    /**
+     * @brief Notify the end of a signed firmware update operation
+     * @param status Installation status (see FirmwareStatusEnumType documentation)
+     * @return true if the notification has been sent, false otherwise
+     */
+    virtual bool notifySignedFirmwareUpdateStatus(ocpp::types::FirmwareStatusEnumType status) = 0;
 };
 
 } // namespace chargepoint

src/chargepoint/interface/IChargePointEventsHandler.h

@@ -268,6 +268,15 @@ class IChargePointEventsHandler
      * @return true if at least 1 certificate has been installed, false otherwise
      */
     virtual bool hasChargePointCertificateInstalled() = 0;
+
+    /**
+     * @brief Called to check the firmware signing certificate against installed Manufacturer CA certificates
+     *        (Not used if InternalCertificateManagementEnabled = true)
+     * @param signing_certificate Certificate to check
+     * @return Check status (see UpdateFirmwareStatusEnumType enum)
+     */
+    virtual ocpp::types::UpdateFirmwareStatusEnumType checkFirmwareSigningCertificate(
+        const ocpp::x509::Certificate& signing_certificate) = 0;
 };
 
 } // namespace chargepoint