From db44a8987c5670d3bde1e6e58d90dc2a55e9bb0b Mon Sep 17 00:00:00 2001 From: Xin Xu Date: Mon, 4 Nov 2024 15:38:01 +0100 Subject: [PATCH 1/5] fix: security profile check when installing certificate Signed-off-by: Xin Xu --- lib/ocpp/v201/charge_point.cpp | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/ocpp/v201/charge_point.cpp b/lib/ocpp/v201/charge_point.cpp index 8fc4f5387..2cbba633a 100644 --- a/lib/ocpp/v201/charge_point.cpp +++ b/lib/ocpp/v201/charge_point.cpp @@ -3594,11 +3594,19 @@ void ChargePoint::handle_install_certificate_req(Call const auto msg = call.msg; InstallCertificateResponse response; - const auto result = this->evse_security->install_ca_certificate( + if (this->device_model->get_value(ControllerComponentVariables::SecurityProfile) <= 1) + { + response.status = InstallCertificateStatusEnum::Rejected; + response.statusInfo = StatusInfo(); + response.statusInfo->reasonCode = "Invalid security profile"; + response.statusInfo->additionalInfo = "SecurityProfileTooLowForCertificateHandling"; + } + else + { + const auto result = this->evse_security->install_ca_certificate( msg.certificate.get(), ocpp::evse_security_conversions::from_ocpp_v201(msg.certificateType)); - response.status = ocpp::evse_security_conversions::to_ocpp_v201(result); - - if (response.status == InstallCertificateStatusEnum::Accepted) { + response.status = ocpp::evse_security_conversions::to_ocpp_v201(result); + if (response.status == InstallCertificateStatusEnum::Accepted) { const auto& security_event = ocpp::security_events::RECONFIGURATIONOFSECURITYPARAMETERS; std::string tech_info = "Installed certificate: " + conversions::install_certificate_use_enum_to_string(msg.certificateType); @@ -3616,6 +3624,8 @@ void ChargePoint::handle_delete_certificate_req(Call c const auto msg = call.msg; DeleteCertificateResponse response; + // shall we allow deletion when low security level? + const auto certificate_hash_data = ocpp::evse_security_conversions::from_ocpp_v201(msg.certificateHashData); const auto status = this->evse_security->delete_certificate(certificate_hash_data); From dbae9b969938f0dc3e2db2c02a16d5b1b05309a4 Mon Sep 17 00:00:00 2001 From: Xin Xu Date: Wed, 6 Nov 2024 15:33:26 +0100 Subject: [PATCH 2/5] fix: reject two cert types Signed-off-by: Xin Xu --- lib/ocpp/v201/charge_point.cpp | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/lib/ocpp/v201/charge_point.cpp b/lib/ocpp/v201/charge_point.cpp index 2cbba633a..bdf919f64 100644 --- a/lib/ocpp/v201/charge_point.cpp +++ b/lib/ocpp/v201/charge_point.cpp @@ -3594,26 +3594,25 @@ void ChargePoint::handle_install_certificate_req(Call const auto msg = call.msg; InstallCertificateResponse response; - if (this->device_model->get_value(ControllerComponentVariables::SecurityProfile) <= 1) - { + if ((msg.certificateType == InstallCertificateUseEnum::CSMSRootCertificate || + msg.certificateType == InstallCertificateUseEnum::ManufacturerRootCertificate) && + this->device_model->get_value(ControllerComponentVariables::SecurityProfile) <= 1) { response.status = InstallCertificateStatusEnum::Rejected; response.statusInfo = StatusInfo(); response.statusInfo->reasonCode = "Invalid security profile"; response.statusInfo->additionalInfo = "SecurityProfileTooLowForCertificateHandling"; - } - else - { + } else { const auto result = this->evse_security->install_ca_certificate( - msg.certificate.get(), ocpp::evse_security_conversions::from_ocpp_v201(msg.certificateType)); + msg.certificate.get(), ocpp::evse_security_conversions::from_ocpp_v201(msg.certificateType)); response.status = ocpp::evse_security_conversions::to_ocpp_v201(result); if (response.status == InstallCertificateStatusEnum::Accepted) { - const auto& security_event = ocpp::security_events::RECONFIGURATIONOFSECURITYPARAMETERS; - std::string tech_info = - "Installed certificate: " + conversions::install_certificate_use_enum_to_string(msg.certificateType); - this->security_event_notification_req(CiString<50>(security_event), CiString<255>(tech_info), true, - utils::is_critical(security_event)); + const auto& security_event = ocpp::security_events::RECONFIGURATIONOFSECURITYPARAMETERS; + std::string tech_info = + "Installed certificate: " + conversions::install_certificate_use_enum_to_string(msg.certificateType); + this->security_event_notification_req(CiString<50>(security_event), CiString<255>(tech_info), true, + utils::is_critical(security_event)); + } } - ocpp::CallResult call_result(response, call.uniqueId); this->send(call_result); } @@ -3624,8 +3623,6 @@ void ChargePoint::handle_delete_certificate_req(Call c const auto msg = call.msg; DeleteCertificateResponse response; - // shall we allow deletion when low security level? - const auto certificate_hash_data = ocpp::evse_security_conversions::from_ocpp_v201(msg.certificateHashData); const auto status = this->evse_security->delete_certificate(certificate_hash_data); From 1a0429823c25850bfa9a1d40f1b26a959c0a6b81 Mon Sep 17 00:00:00 2001 From: Xin Xu Date: Wed, 13 Nov 2024 14:40:40 +0100 Subject: [PATCH 3/5] fix: add component variables in security controller Signed-off-by: Xin Xu --- .../standardized/SecurityCtrlr.json | 32 +++++++++++++++++++ include/ocpp/v201/charge_point.hpp | 5 +++ .../ocpp/v201/ctrlr_component_variables.hpp | 2 ++ lib/ocpp/v201/charge_point.cpp | 31 +++++++++++++++--- lib/ocpp/v201/ctrlr_component_variables.cpp | 14 ++++++++ 5 files changed, 79 insertions(+), 5 deletions(-) diff --git a/config/v201/component_config/standardized/SecurityCtrlr.json b/config/v201/component_config/standardized/SecurityCtrlr.json index ab13d92f4..547b9f690 100644 --- a/config/v201/component_config/standardized/SecurityCtrlr.json +++ b/config/v201/component_config/standardized/SecurityCtrlr.json @@ -177,6 +177,38 @@ "maximum": 3, "default": "1", "type": "integer" + }, + "AllowCSMSRootCertificateInstallWhenLowSecurityProfile": { + "variable_name": "AllowCSMSRootCertificateInstallWhenLowSecurityProfile", + "characteristics": { + "supportsMonitoring": true, + "dataType": "boolean" + }, + "attributes": [ + { + "type": "Actual", + "mutability": "ReadWrite" + } + ], + "description": "The flag that indicates if installation of CSMSRootCertificate is allowed when security profile is 1.", + "default": true, + "type": "boolean" + }, + "AllowManufacturerRootCertificateInstallWhenLowSecurityProfile": { + "variable_name": "AllowManufacturerRootCertificateInstallWhenLowSecurityProfile", + "characteristics": { + "supportsMonitoring": true, + "dataType": "boolean" + }, + "attributes": [ + { + "type": "Actual", + "mutability": "ReadWrite" + } + ], + "description": "The flag that indicates if installation of ManufacturerRootCertificate is allowed when security profile is 1.", + "default": true, + "type": "boolean" } }, "required": [ diff --git a/include/ocpp/v201/charge_point.hpp b/include/ocpp/v201/charge_point.hpp index 2bd12cf01..4a29d9bb9 100644 --- a/include/ocpp/v201/charge_point.hpp +++ b/include/ocpp/v201/charge_point.hpp @@ -782,6 +782,11 @@ class ChargePoint : public ChargePointInterface, private ocpp::ChargingStationBa /// If \param persist is set to true, the change will be persisted across a reboot void execute_change_availability_request(ChangeAvailabilityRequest request, bool persist); + /// \brief Helper function to determine if a certificate installation should be rejected + /// \param cert_type is the certificate type to be checked + /// \return true if it should be rejected + bool should_reject_certificate_install(InstallCertificateUseEnum cert_type) const; + protected: std::shared_ptr smart_charging_handler; diff --git a/include/ocpp/v201/ctrlr_component_variables.hpp b/include/ocpp/v201/ctrlr_component_variables.hpp index 93af79ac1..9f21f329b 100644 --- a/include/ocpp/v201/ctrlr_component_variables.hpp +++ b/include/ocpp/v201/ctrlr_component_variables.hpp @@ -201,6 +201,8 @@ extern const ComponentVariable& MaxCertificateChainSize; extern const ComponentVariable& UpdateCertificateSymlinks; extern const RequiredComponentVariable& OrganizationName; extern const RequiredComponentVariable& SecurityProfile; +extern const ComponentVariable& AllowCSMSRootCertificateInstallWhenLowSecurityProfile; +extern const ComponentVariable& AllowManufacturerRootCertificateInstallWhenLowSecurityProfile; extern const ComponentVariable& ACPhaseSwitchingSupported; extern const ComponentVariable& SmartChargingCtrlrAvailable; extern const ComponentVariable& SmartChargingCtrlrEnabled; diff --git a/lib/ocpp/v201/charge_point.cpp b/lib/ocpp/v201/charge_point.cpp index bdf919f64..c879f4da1 100644 --- a/lib/ocpp/v201/charge_point.cpp +++ b/lib/ocpp/v201/charge_point.cpp @@ -3588,19 +3588,40 @@ void ChargePoint::handle_get_installed_certificate_ids_req(Callsend(call_result); } +bool ChargePoint::should_reject_certificate_install(InstallCertificateUseEnum cert_type) const { + const int security_profile = this->device_model->get_value(ControllerComponentVariables::SecurityProfile); + + if (security_profile > 1) { + return false; + } + switch (cert_type) { + case InstallCertificateUseEnum::CSMSRootCertificate: + return !this->device_model + ->get_optional_value( + ControllerComponentVariables::AllowCSMSRootCertificateInstallWhenLowSecurityProfile) + .value_or(true); + + case InstallCertificateUseEnum::ManufacturerRootCertificate: + return !this->device_model + ->get_optional_value( + ControllerComponentVariables::AllowManufacturerRootCertificateInstallWhenLowSecurityProfile) + .value_or(true); + default: + return false; + } +} + void ChargePoint::handle_install_certificate_req(Call call) { EVLOG_debug << "Received InstallCertificateRequest: " << call.msg << "\nwith messageId: " << call.uniqueId; const auto msg = call.msg; InstallCertificateResponse response; - if ((msg.certificateType == InstallCertificateUseEnum::CSMSRootCertificate || - msg.certificateType == InstallCertificateUseEnum::ManufacturerRootCertificate) && - this->device_model->get_value(ControllerComponentVariables::SecurityProfile) <= 1) { + if (should_reject_certificate_install(msg.certificateType)) { response.status = InstallCertificateStatusEnum::Rejected; response.statusInfo = StatusInfo(); - response.statusInfo->reasonCode = "Invalid security profile"; - response.statusInfo->additionalInfo = "SecurityProfileTooLowForCertificateHandling"; + response.statusInfo->reasonCode = "LowSecurityProfile"; + response.statusInfo->additionalInfo = "SecurityProfileTooLowForCertificateInstall"; } else { const auto result = this->evse_security->install_ca_certificate( msg.certificate.get(), ocpp::evse_security_conversions::from_ocpp_v201(msg.certificateType)); diff --git a/lib/ocpp/v201/ctrlr_component_variables.cpp b/lib/ocpp/v201/ctrlr_component_variables.cpp index 2b564b18f..8e93c52b5 100644 --- a/lib/ocpp/v201/ctrlr_component_variables.cpp +++ b/lib/ocpp/v201/ctrlr_component_variables.cpp @@ -1116,6 +1116,20 @@ const RequiredComponentVariable& SecurityProfile = { "SecurityProfile", }), }; +const ComponentVariable& AllowCSMSRootCertificateInstallWhenLowSecurityProfile = { + ControllerComponents::SecurityCtrlr, + std::nullopt, + std::optional({ + "AllowCSMSRootCertificateInstallWhenLowSecurityProfile", + }), +}; +const ComponentVariable& AllowManufacturerRootCertificateInstallWhenLowSecurityProfile = { + ControllerComponents::SecurityCtrlr, + std::nullopt, + std::optional({ + "AllowCSMSRootCertificateInstallWhenLowSecurityProfile", + }), +}; const ComponentVariable& ACPhaseSwitchingSupported = { ControllerComponents::SmartChargingCtrlr, std::nullopt, From 4cb4a8a40dde0971ad512dc927a548ab1461a03d Mon Sep 17 00:00:00 2001 From: Xin Xu Date: Thu, 14 Nov 2024 14:21:02 +0100 Subject: [PATCH 4/5] fix: rework on comments Signed-off-by: Xin Xu --- .../standardized/InternalCtrlr.json | 32 +++++++++++++++++++ .../standardized/SecurityCtrlr.json | 32 ------------------- include/ocpp/v201/charge_point.hpp | 6 ++-- .../ocpp/v201/ctrlr_component_variables.hpp | 4 +-- lib/ocpp/v201/charge_point.cpp | 24 +++++++------- lib/ocpp/v201/ctrlr_component_variables.cpp | 28 ++++++++-------- 6 files changed, 62 insertions(+), 64 deletions(-) diff --git a/config/v201/component_config/standardized/InternalCtrlr.json b/config/v201/component_config/standardized/InternalCtrlr.json index 28ce3b60f..45d77cca0 100644 --- a/config/v201/component_config/standardized/InternalCtrlr.json +++ b/config/v201/component_config/standardized/InternalCtrlr.json @@ -770,6 +770,38 @@ "minimum": 1, "default": "60", "type": "integer" + }, + "AllowCSMSRootCertInstallWhenSecurityProfile1": { + "variable_name": "AllowCSMSRootCertInstallWhenSecurityProfile1", + "characteristics": { + "supportsMonitoring": true, + "dataType": "boolean" + }, + "attributes": [ + { + "type": "Actual", + "mutability": "ReadOnly" + } + ], + "description": "The flag that indicates if installation of CSMSRootCertificate is allowed when security profile is 1.", + "default": true, + "type": "boolean" + }, + "AllowMFRootCertInstallWhenSecurityProfile1": { + "variable_name": "AllowMFRootCertInstallWhenSecurityProfile1", + "characteristics": { + "supportsMonitoring": true, + "dataType": "boolean" + }, + "attributes": [ + { + "type": "Actual", + "mutability": "ReadOnly" + } + ], + "description": "The flag that indicates if installation of ManufacturerRootCertificate is allowed when security profile is 1.", + "default": true, + "type": "boolean" } }, "required": [ diff --git a/config/v201/component_config/standardized/SecurityCtrlr.json b/config/v201/component_config/standardized/SecurityCtrlr.json index 547b9f690..ab13d92f4 100644 --- a/config/v201/component_config/standardized/SecurityCtrlr.json +++ b/config/v201/component_config/standardized/SecurityCtrlr.json @@ -177,38 +177,6 @@ "maximum": 3, "default": "1", "type": "integer" - }, - "AllowCSMSRootCertificateInstallWhenLowSecurityProfile": { - "variable_name": "AllowCSMSRootCertificateInstallWhenLowSecurityProfile", - "characteristics": { - "supportsMonitoring": true, - "dataType": "boolean" - }, - "attributes": [ - { - "type": "Actual", - "mutability": "ReadWrite" - } - ], - "description": "The flag that indicates if installation of CSMSRootCertificate is allowed when security profile is 1.", - "default": true, - "type": "boolean" - }, - "AllowManufacturerRootCertificateInstallWhenLowSecurityProfile": { - "variable_name": "AllowManufacturerRootCertificateInstallWhenLowSecurityProfile", - "characteristics": { - "supportsMonitoring": true, - "dataType": "boolean" - }, - "attributes": [ - { - "type": "Actual", - "mutability": "ReadWrite" - } - ], - "description": "The flag that indicates if installation of ManufacturerRootCertificate is allowed when security profile is 1.", - "default": true, - "type": "boolean" } }, "required": [ diff --git a/include/ocpp/v201/charge_point.hpp b/include/ocpp/v201/charge_point.hpp index 4a29d9bb9..63435d69b 100644 --- a/include/ocpp/v201/charge_point.hpp +++ b/include/ocpp/v201/charge_point.hpp @@ -782,10 +782,10 @@ class ChargePoint : public ChargePointInterface, private ocpp::ChargingStationBa /// If \param persist is set to true, the change will be persisted across a reboot void execute_change_availability_request(ChangeAvailabilityRequest request, bool persist); - /// \brief Helper function to determine if a certificate installation should be rejected + /// \brief Helper function to determine if a certificate installation should be allowed /// \param cert_type is the certificate type to be checked - /// \return true if it should be rejected - bool should_reject_certificate_install(InstallCertificateUseEnum cert_type) const; + /// \return true if it should be allowed + bool should_allow_certificate_install(InstallCertificateUseEnum cert_type) const; protected: std::shared_ptr smart_charging_handler; diff --git a/include/ocpp/v201/ctrlr_component_variables.hpp b/include/ocpp/v201/ctrlr_component_variables.hpp index 9f21f329b..5172d29f1 100644 --- a/include/ocpp/v201/ctrlr_component_variables.hpp +++ b/include/ocpp/v201/ctrlr_component_variables.hpp @@ -201,8 +201,8 @@ extern const ComponentVariable& MaxCertificateChainSize; extern const ComponentVariable& UpdateCertificateSymlinks; extern const RequiredComponentVariable& OrganizationName; extern const RequiredComponentVariable& SecurityProfile; -extern const ComponentVariable& AllowCSMSRootCertificateInstallWhenLowSecurityProfile; -extern const ComponentVariable& AllowManufacturerRootCertificateInstallWhenLowSecurityProfile; +extern const ComponentVariable& AllowCSMSRootCertInstallWhenSecurityProfile1; +extern const ComponentVariable& AllowMFRootCertInstallWhenSecurityProfile1; extern const ComponentVariable& ACPhaseSwitchingSupported; extern const ComponentVariable& SmartChargingCtrlrAvailable; extern const ComponentVariable& SmartChargingCtrlrEnabled; diff --git a/lib/ocpp/v201/charge_point.cpp b/lib/ocpp/v201/charge_point.cpp index c879f4da1..e90f8cbf1 100644 --- a/lib/ocpp/v201/charge_point.cpp +++ b/lib/ocpp/v201/charge_point.cpp @@ -3588,26 +3588,24 @@ void ChargePoint::handle_get_installed_certificate_ids_req(Callsend(call_result); } -bool ChargePoint::should_reject_certificate_install(InstallCertificateUseEnum cert_type) const { +bool ChargePoint::should_allow_certificate_install(InstallCertificateUseEnum cert_type) const { const int security_profile = this->device_model->get_value(ControllerComponentVariables::SecurityProfile); if (security_profile > 1) { - return false; + return true; } switch (cert_type) { case InstallCertificateUseEnum::CSMSRootCertificate: - return !this->device_model - ->get_optional_value( - ControllerComponentVariables::AllowCSMSRootCertificateInstallWhenLowSecurityProfile) - .value_or(true); + return this->device_model + ->get_optional_value(ControllerComponentVariables::AllowCSMSRootCertInstallWhenSecurityProfile1) + .value_or(true); case InstallCertificateUseEnum::ManufacturerRootCertificate: - return !this->device_model - ->get_optional_value( - ControllerComponentVariables::AllowManufacturerRootCertificateInstallWhenLowSecurityProfile) - .value_or(true); + return this->device_model + ->get_optional_value(ControllerComponentVariables::AllowMFRootCertInstallWhenSecurityProfile1) + .value_or(true); default: - return false; + return true; } } @@ -3617,11 +3615,11 @@ void ChargePoint::handle_install_certificate_req(Call const auto msg = call.msg; InstallCertificateResponse response; - if (should_reject_certificate_install(msg.certificateType)) { + if (!should_allow_certificate_install(msg.certificateType)) { response.status = InstallCertificateStatusEnum::Rejected; response.statusInfo = StatusInfo(); response.statusInfo->reasonCode = "LowSecurityProfile"; - response.statusInfo->additionalInfo = "SecurityProfileTooLowForCertificateInstall"; + response.statusInfo->additionalInfo = "CertificateInstallationNotAllowedWhenSecurityProfile1"; } else { const auto result = this->evse_security->install_ca_certificate( msg.certificate.get(), ocpp::evse_security_conversions::from_ocpp_v201(msg.certificateType)); diff --git a/lib/ocpp/v201/ctrlr_component_variables.cpp b/lib/ocpp/v201/ctrlr_component_variables.cpp index 8e93c52b5..b3c115e3a 100644 --- a/lib/ocpp/v201/ctrlr_component_variables.cpp +++ b/lib/ocpp/v201/ctrlr_component_variables.cpp @@ -359,6 +359,20 @@ const ComponentVariable& ResumeTransactionsOnBoot = { "ResumeTransactionsOnBoot", }), }; +const ComponentVariable& AllowCSMSRootCertInstallWhenSecurityProfile1 = { + ControllerComponents::InternalCtrlr, + std::nullopt, + std::optional({ + "AllowCSMSRootCertInstallWhenSecurityProfile1", + }), +}; +const ComponentVariable& AllowMFRootCertInstallWhenSecurityProfile1 = { + ControllerComponents::InternalCtrlr, + std::nullopt, + std::optional({ + "AllowMFRootCertInstallWhenSecurityProfile1", + }), +}; const ComponentVariable& AlignedDataCtrlrEnabled = { ControllerComponents::AlignedDataCtrlr, std::nullopt, @@ -1116,20 +1130,6 @@ const RequiredComponentVariable& SecurityProfile = { "SecurityProfile", }), }; -const ComponentVariable& AllowCSMSRootCertificateInstallWhenLowSecurityProfile = { - ControllerComponents::SecurityCtrlr, - std::nullopt, - std::optional({ - "AllowCSMSRootCertificateInstallWhenLowSecurityProfile", - }), -}; -const ComponentVariable& AllowManufacturerRootCertificateInstallWhenLowSecurityProfile = { - ControllerComponents::SecurityCtrlr, - std::nullopt, - std::optional({ - "AllowCSMSRootCertificateInstallWhenLowSecurityProfile", - }), -}; const ComponentVariable& ACPhaseSwitchingSupported = { ControllerComponents::SmartChargingCtrlr, std::nullopt, From 7f3ce1fc54261612a5fc6cb103589dbb5ef414b9 Mon Sep 17 00:00:00 2001 From: Xin Xu Date: Fri, 15 Nov 2024 14:41:13 +0100 Subject: [PATCH 5/5] fix: rename config variables Signed-off-by: Xin Xu --- .../v201/component_config/standardized/InternalCtrlr.json | 8 ++++---- include/ocpp/v201/ctrlr_component_variables.hpp | 4 ++-- lib/ocpp/v201/charge_point.cpp | 8 ++++---- lib/ocpp/v201/ctrlr_component_variables.cpp | 8 ++++---- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/config/v201/component_config/standardized/InternalCtrlr.json b/config/v201/component_config/standardized/InternalCtrlr.json index 45d77cca0..d743ad569 100644 --- a/config/v201/component_config/standardized/InternalCtrlr.json +++ b/config/v201/component_config/standardized/InternalCtrlr.json @@ -771,8 +771,8 @@ "default": "60", "type": "integer" }, - "AllowCSMSRootCertInstallWhenSecurityProfile1": { - "variable_name": "AllowCSMSRootCertInstallWhenSecurityProfile1", + "AllowCSMSRootCertInstallWithUnsecureConnection": { + "variable_name": "AllowCSMSRootCertInstallWithUnsecureConnection", "characteristics": { "supportsMonitoring": true, "dataType": "boolean" @@ -787,8 +787,8 @@ "default": true, "type": "boolean" }, - "AllowMFRootCertInstallWhenSecurityProfile1": { - "variable_name": "AllowMFRootCertInstallWhenSecurityProfile1", + "AllowMFRootCertInstallWithUnsecureConnection": { + "variable_name": "AllowMFRootCertInstallWithUnsecureConnection", "characteristics": { "supportsMonitoring": true, "dataType": "boolean" diff --git a/include/ocpp/v201/ctrlr_component_variables.hpp b/include/ocpp/v201/ctrlr_component_variables.hpp index 5172d29f1..6f3dad8bb 100644 --- a/include/ocpp/v201/ctrlr_component_variables.hpp +++ b/include/ocpp/v201/ctrlr_component_variables.hpp @@ -201,8 +201,8 @@ extern const ComponentVariable& MaxCertificateChainSize; extern const ComponentVariable& UpdateCertificateSymlinks; extern const RequiredComponentVariable& OrganizationName; extern const RequiredComponentVariable& SecurityProfile; -extern const ComponentVariable& AllowCSMSRootCertInstallWhenSecurityProfile1; -extern const ComponentVariable& AllowMFRootCertInstallWhenSecurityProfile1; +extern const ComponentVariable& AllowCSMSRootCertInstallWithUnsecureConnection; +extern const ComponentVariable& AllowMFRootCertInstallWithUnsecureConnection; extern const ComponentVariable& ACPhaseSwitchingSupported; extern const ComponentVariable& SmartChargingCtrlrAvailable; extern const ComponentVariable& SmartChargingCtrlrEnabled; diff --git a/lib/ocpp/v201/charge_point.cpp b/lib/ocpp/v201/charge_point.cpp index e90f8cbf1..d460eab74 100644 --- a/lib/ocpp/v201/charge_point.cpp +++ b/lib/ocpp/v201/charge_point.cpp @@ -3597,12 +3597,12 @@ bool ChargePoint::should_allow_certificate_install(InstallCertificateUseEnum cer switch (cert_type) { case InstallCertificateUseEnum::CSMSRootCertificate: return this->device_model - ->get_optional_value(ControllerComponentVariables::AllowCSMSRootCertInstallWhenSecurityProfile1) + ->get_optional_value(ControllerComponentVariables::AllowCSMSRootCertInstallWithUnsecureConnection) .value_or(true); case InstallCertificateUseEnum::ManufacturerRootCertificate: return this->device_model - ->get_optional_value(ControllerComponentVariables::AllowMFRootCertInstallWhenSecurityProfile1) + ->get_optional_value(ControllerComponentVariables::AllowMFRootCertInstallWithUnsecureConnection) .value_or(true); default: return true; @@ -3618,8 +3618,8 @@ void ChargePoint::handle_install_certificate_req(Call if (!should_allow_certificate_install(msg.certificateType)) { response.status = InstallCertificateStatusEnum::Rejected; response.statusInfo = StatusInfo(); - response.statusInfo->reasonCode = "LowSecurityProfile"; - response.statusInfo->additionalInfo = "CertificateInstallationNotAllowedWhenSecurityProfile1"; + response.statusInfo->reasonCode = "UnsecureConnection"; + response.statusInfo->additionalInfo = "CertificateInstallationNotAllowedWithUnsecureConnection"; } else { const auto result = this->evse_security->install_ca_certificate( msg.certificate.get(), ocpp::evse_security_conversions::from_ocpp_v201(msg.certificateType)); diff --git a/lib/ocpp/v201/ctrlr_component_variables.cpp b/lib/ocpp/v201/ctrlr_component_variables.cpp index b3c115e3a..474abb1dc 100644 --- a/lib/ocpp/v201/ctrlr_component_variables.cpp +++ b/lib/ocpp/v201/ctrlr_component_variables.cpp @@ -359,18 +359,18 @@ const ComponentVariable& ResumeTransactionsOnBoot = { "ResumeTransactionsOnBoot", }), }; -const ComponentVariable& AllowCSMSRootCertInstallWhenSecurityProfile1 = { +const ComponentVariable& AllowCSMSRootCertInstallWithUnsecureConnection = { ControllerComponents::InternalCtrlr, std::nullopt, std::optional({ - "AllowCSMSRootCertInstallWhenSecurityProfile1", + "AllowCSMSRootCertInstallWithUnsecureConnection", }), }; -const ComponentVariable& AllowMFRootCertInstallWhenSecurityProfile1 = { +const ComponentVariable& AllowMFRootCertInstallWithUnsecureConnection = { ControllerComponents::InternalCtrlr, std::nullopt, std::optional({ - "AllowMFRootCertInstallWhenSecurityProfile1", + "AllowMFRootCertInstallWithUnsecureConnection", }), }; const ComponentVariable& AlignedDataCtrlrEnabled = {