From ced1606d63fff5150a2a14f1518cc9d731535e37 Mon Sep 17 00:00:00 2001 From: Shankari Date: Mon, 11 Nov 2024 09:38:23 -0800 Subject: [PATCH 1/8] REFACTOR STEP 1: Ensure that the UI only supports ISO The fact that the non-ISO login options were available in the demo labeled ISO was just confusing. Also set up the infastructure to apply patches, and applied at least one patch to start with. Changed the nodered flow to use the appropriate case for the payment method. Testing done: - Ran `bash demo-iso15118-2-ocpp-201.sh -3` - Plugged in with PnC - Charging started Signed-off-by: Shankari --- demo-iso15118-2-ocpp-201.sh | 18 ++++++++++++++++-- maeve/maeve-csms-no-wss.patch | 8 -------- ...h => enable_payment_method_in_python.patch} | 0 .../config/config-sil-iso15118-ac-flow.json | 2 +- 4 files changed, 17 insertions(+), 11 deletions(-) rename manager/{enable_payment_method.patch => enable_payment_method_in_python.patch} (100%) diff --git a/demo-iso15118-2-ocpp-201.sh b/demo-iso15118-2-ocpp-201.sh index 0491e960..229ab7a6 100755 --- a/demo-iso15118-2-ocpp-201.sh +++ b/demo-iso15118-2-ocpp-201.sh @@ -36,7 +36,7 @@ DEMO_CSMS=maeve # loop through positional options/arguments -while getopts ':r:b:c123h' option; do +while getopts ':r:b:123ch' option; do case "$option" in r) DEMO_REPO="$OPTARG" ;; b) DEMO_BRANCH="$OPTARG" ;; @@ -89,6 +89,7 @@ cd "${DEMO_DIR}" || exit 1 echo "Cloning EVerest from ${DEMO_REPO} into ${DEMO_DIR}/everest-demo" git clone --branch "${DEMO_BRANCH}" "${DEMO_REPO}" everest-demo +# cp -r "${DEMO_REPO}" everest-demo if [[ "$DEMO_CSMS" == maeve ]]; then echo "Cloning ${DEMO_CSMS} CSMS from ${MAEVE_REPO} into ${DEMO_DIR}/${DEMO_CSMS}-csms and starting it" @@ -223,7 +224,20 @@ fi pushd everest-demo || exit 1 echo "API calls to CSMS finished, Starting everest" docker compose --project-name everest-ac-demo --file "${DEMO_COMPOSE_FILE_NAME}" up -d --wait -docker cp config-sil-ocpp201-pnc.yaml everest-ac-demo-manager-1:/ext/source/config/config-sil-ocpp201-pnc.yaml +docker cp manager/config-sil-ocpp201-pnc.yaml everest-ac-demo-manager-1:/ext/source/config/config-sil-ocpp201-pnc.yaml + +echo "Configuring and restarting nodered" +docker cp nodered/config/config-sil-iso15118-ac-flow.json everest-ac-demo-nodered-1:/config/config-sil-two-evse-flow.json +docker restart everest-ac-demo-nodered-1 + +echo "Copying over EVerest patches" +docker cp manager/enable_payment_method_in_python.patch everest-ac-demo-manager-1:/tmp/ + +echo "Now applying the patches" +docker cp manager/enable_evcc_logging.cfg everest-ac-demo-manager-1:/ext/source/build/dist/etc/everest/default_logging.cfg +docker exec everest-ac-demo-manager-1 /bin/bash -c "apk add patch" +docker exec everest-ac-demo-manager-1 /bin/bash -c "cd /ext && patch -p0 -i /tmp/enable_payment_method_in_python.patch" + if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then docker cp manager/cached_certs_correct_name_emaid.tar.gz everest-ac-demo-manager-1:/ext/source/build docker exec everest-ac-demo-manager-1 /bin/bash -c "pushd /ext/source/build && tar xf cached_certs_correct_name_emaid.tar.gz" diff --git a/maeve/maeve-csms-no-wss.patch b/maeve/maeve-csms-no-wss.patch index 30e57a7f..3d3ca746 100644 --- a/maeve/maeve-csms-no-wss.patch +++ b/maeve/maeve-csms-no-wss.patch @@ -19,11 +19,3 @@ index b2d93e6..f0e675a 100644 - "--mqtt-addr" - "mqtt://mqtt:1883" - "--manager-api-addr" -@@ -55,7 +47,6 @@ services: - - "9312" - ports: - - "80:9310" -- - "443:9311" - volumes: - - type: bind - source: ./config/certificates diff --git a/manager/enable_payment_method.patch b/manager/enable_payment_method_in_python.patch similarity index 100% rename from manager/enable_payment_method.patch rename to manager/enable_payment_method_in_python.patch diff --git a/nodered/config/config-sil-iso15118-ac-flow.json b/nodered/config/config-sil-iso15118-ac-flow.json index 6c31b43d..b8f0f716 100644 --- a/nodered/config/config-sil-iso15118-ac-flow.json +++ b/nodered/config/config-sil-iso15118-ac-flow.json @@ -2093,7 +2093,7 @@ "options": [ { "label": "AC ISO15118-2", - "value": "sleep 1;iso_wait_slac_matched;iso_start_v2g_session ExternalPayment,AC_three_phase_core;iso_wait_pwr_ready;iso_draw_power_regulated 16,3;sleep 36000#iso_stop_charging;iso_wait_v2g_session_stopped;unplug#iso_pause_charging;iso_wait_for_resume#iso_start_bcb_toogle 3;iso_wait_pwm_is_running;iso_start_v2g_session ExternalPayment,AC_three_phase_core;iso_wait_pwr_ready;iso_draw_power_regulated 16,3;sleep 36000", + "value": "sleep 1;iso_wait_slac_matched;iso_start_v2g_session externalPayment,AC_three_phase_core;iso_wait_pwr_ready;iso_draw_power_regulated 16,3;sleep 36000#iso_stop_charging;iso_wait_v2g_session_stopped;unplug#iso_pause_charging;iso_wait_for_resume#iso_start_bcb_toogle 3;iso_wait_pwm_is_running;iso_start_v2g_session externalPayment,AC_three_phase_core;iso_wait_pwr_ready;iso_draw_power_regulated 16,3;sleep 36000", "type": "str" }, { From 579a5f3dedb134a70ead236b50c2cb6daf4f34df Mon Sep 17 00:00:00 2001 From: Shankari Date: Mon, 11 Nov 2024 10:11:36 -0800 Subject: [PATCH 2/8] REFACTOR STEP 2: Add additional command options Before this, if we wanted to make changes to the demo, we used to comment code in/out. Let's make those switches available as command line arguments to avoid editing the script constantly. Testing done: - Ran `bash demo-iso15118-2-ocpp-201.sh -r $PWD -1` - and `bash demo-iso15118-2-ocpp-201.sh -r $PWD -1 -m` and everything launched both times. Signed-off-by: Shankari --- demo-iso15118-2-ocpp-201.sh | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/demo-iso15118-2-ocpp-201.sh b/demo-iso15118-2-ocpp-201.sh index 229ab7a6..a1ba1d62 100755 --- a/demo-iso15118-2-ocpp-201.sh +++ b/demo-iso15118-2-ocpp-201.sh @@ -11,7 +11,7 @@ MAEVE_BRANCH="set_charging_profile" CITRINEOS_REPO="https://github.com/citrineos/citrineos-core.git" CITRINEOS_BRANCH="feature/everest-demo" - +START_OPTION="auto" usage="usage: $(basename "$0") [-r ] [-b ] [-c ] [1|2|3] [-h] @@ -21,12 +21,13 @@ Pro Tip: to use a local copy of this everest-demo repo, provide the current directory to the -r option (e.g., '-r \$(pwd)'). where: - -r URL to everest-demo repo to use (default: $DEMO_REPO) + -r URL to everest-demo repo to use (default: $DEMO_REPO, "$PWD" uses the current dir) -b Branch of everest-demo repo to use (default: $DEMO_BRANCH) -1 OCPP v2.0.1 Security Profile 1 -2 OCPP v2.0.1 Security Profile 2 -3 OCPP v2.0.1 Security Profile 3 -c Use CitrineOS CSMS (default: MaEVe) + -m Start the manager manually (useful while debugging to stop and restart) -h Show this message" @@ -36,7 +37,7 @@ DEMO_CSMS=maeve # loop through positional options/arguments -while getopts ':r:b:123ch' option; do +while getopts ':r:b:123chm' option; do case "$option" in r) DEMO_REPO="$OPTARG" ;; b) DEMO_BRANCH="$OPTARG" ;; @@ -47,6 +48,7 @@ while getopts ':r:b:123ch' option; do 3) DEMO_VERSION="v2.0.1-sp3" DEMO_COMPOSE_FILE_NAME="docker-compose.ocpp201.yml" ;; c) DEMO_CSMS="citrineos" ;; + m) START_OPTION="manual" ;; h) echo -e "$usage"; exit ;; \?) echo -e "illegal option: -$OPTARG\n" >&2 echo -e "$usage" >&2 @@ -88,8 +90,11 @@ cd "${DEMO_DIR}" || exit 1 echo "Cloning EVerest from ${DEMO_REPO} into ${DEMO_DIR}/everest-demo" -git clone --branch "${DEMO_BRANCH}" "${DEMO_REPO}" everest-demo -# cp -r "${DEMO_REPO}" everest-demo +if [[ "$DEMO_REPO" =~ "http" || "$DEMO_REPO" =~ "git" ]]; then + git clone --branch "${DEMO_BRANCH}" "${DEMO_REPO}" everest-demo +else + cp -r "$DEMO_REPO" everest-demo +fi if [[ "$DEMO_CSMS" == maeve ]]; then echo "Cloning ${DEMO_CSMS} CSMS from ${MAEVE_REPO} into ${DEMO_DIR}/${DEMO_CSMS}-csms and starting it" @@ -278,7 +283,12 @@ if [[ "$DEMO_CSMS" == 'citrineos' ]]; then fi fi -if [[ "$DEMO_VERSION" =~ v2.0.1 ]]; then - echo "Starting software in the loop simulation" +if [[ "$START_OPTION" == "auto" ]]; then + echo "Starting software in the loop simulation automatically" docker exec everest-ac-demo-manager-1 sh /ext/source/build/run-scripts/run-sil-ocpp201-pnc.sh +else + echo "Please start the software in the loop simulation manually by running" + echo "on your laptop: docker exec -it everest-ac-demo-manager-1 /bin/bash" + echo "in the container: sh /ext/source/build/run-scripts/run-sil-ocpp201-pnc.sh" + echo "You can now stop and restart the manager without re-creating the container" fi From 821ac3cbf7070b84fdd2a67942b0452c445ba2d8 Mon Sep 17 00:00:00 2001 From: Shankari Date: Mon, 11 Nov 2024 14:00:42 -0800 Subject: [PATCH 3/8] REFACTOR STEP 3: Move maeve configuration to a script The citrine setup scripts are already pulled out, pulling out maeve as well to prep for a more significant refactor later. Testing done: `bash demo-iso15118-2-ocpp-201.sh -r $PWD -3 -m` and successfully connected to maeve ``` 2024-11-11 21:59:26.836301 [INFO] ocpp:OCPP201 :: Connecting TLS websocket to uri: wss://host.docker.internal/ws/cp001 with security-profile 3 2024-11-11 21:59:26.886329 [INFO] evse_security:E :: Requesting key/pair: CSMS 2024-11-11 21:59:27.216402 [INFO] ocpp:OCPP201 :: OCPP client successfully connected to TLS websocket server 2024-11-11 21:59:27.228421 [INFO] ocpp:OCPP201 :: Received BootNotificationResponse: { "currentTime": "2024-11-11T21:59:27.000Z", "interval": 300, "status": "Accepted" } with messageId: 9327a063-11c5-4946-9ec4-96631fd09adb ``` Signed-off-by: Shankari --- demo-iso15118-2-ocpp-201.sh | 29 ++--------------------------- maeve/add-charger-and-rfid-card.sh | 30 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 27 deletions(-) create mode 100755 maeve/add-charger-and-rfid-card.sh diff --git a/demo-iso15118-2-ocpp-201.sh b/demo-iso15118-2-ocpp-201.sh index a1ba1d62..fcc91a6e 100755 --- a/demo-iso15118-2-ocpp-201.sh +++ b/demo-iso15118-2-ocpp-201.sh @@ -145,33 +145,8 @@ if [[ "$DEMO_CSMS" == maeve ]]; then echo "Waiting 5s for MaEVe CSMS to start..." sleep 5 - if [[ "$DEMO_VERSION" =~ sp1 ]]; then - echo "MaEVe CSMS started, adding charge station with Security Profile 1 (note: profiles in MaEVe start with 0 so SP-0 == OCPP SP-1)" - curl http://localhost:9410/api/v0/cs/cp001 -H 'content-type: application/json' \ - -d '{"securityProfile": 0, "base64SHA256Password": "3oGi4B5I+Y9iEkYtL7xvuUxrvGOXM/X2LQrsCwf/knA="}' - elif [[ "$DEMO_VERSION" =~ sp2 ]]; then - echo "MaEVe CSMS started, adding charge station with Security Profile 2 (note: profiles in MaEVe start with 0 so SP-1 == OCPP SP-2)" - curl http://localhost:9410/api/v0/cs/cp001 -H 'content-type: application/json' \ - -d '{"securityProfile": 1, "base64SHA256Password": "3oGi4B5I+Y9iEkYtL7xvuUxrvGOXM/X2LQrsCwf/knA="}' - elif [[ "$DEMO_VERSION" =~ sp3 ]]; then - echo "MaEVe CSMS started, adding charge station with Security Profile 3 (note: profiles in MaEVe start with 0 so SP-2 == OCPP SP-3)" - curl http://localhost:9410/api/v0/cs/cp001 -H 'content-type: application/json' -d '{"securityProfile": 2}' - fi - - echo "Charge station added, adding user token" - - curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d '{ - "countryCode": "GB", - "partyId": "TWK", - "type": "RFID", - "uid": "DEADBEEF", - "contractId": "GBTWK012345678V", - "issuer": "Thoughtworks", - "valid": true, - "cacheMode": "ALWAYS" - }' - - curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d '{"countryCode": "UK", "partyId": "Switch", "contractId": "UKSWI123456789G", "uid": "UKSWI123456789G", "issuer": "Switch", "valid": true, "cacheMode": "ALWAYS"}' + echo "Adding a charger and RFID card to maeve" + source ../everest-demo/maeve/add-charger-and-rfid-card.sh popd || exit 1 fi diff --git a/maeve/add-charger-and-rfid-card.sh b/maeve/add-charger-and-rfid-card.sh new file mode 100755 index 00000000..9463618e --- /dev/null +++ b/maeve/add-charger-and-rfid-card.sh @@ -0,0 +1,30 @@ +echo "While running subscript, DEMO_VERSION is " $DEMO_VERSION + +if [[ "$DEMO_VERSION" =~ sp1 ]]; then + echo "MaEVe CSMS started, adding charge station with Security Profile 1 (note: profiles in MaEVe start with 0 so SP-0 == OCPP SP-1)" + curl http://localhost:9410/api/v0/cs/cp001 -H 'content-type: application/json' \ + -d '{"securityProfile": 0, "base64SHA256Password": "3oGi4B5I+Y9iEkYtL7xvuUxrvGOXM/X2LQrsCwf/knA="}' +elif [[ "$DEMO_VERSION" =~ sp2 ]]; then + echo "MaEVe CSMS started, adding charge station with Security Profile 2 (note: profiles in MaEVe start with 0 so SP-1 == OCPP SP-2)" + curl http://localhost:9410/api/v0/cs/cp001 -H 'content-type: application/json' \ + -d '{"securityProfile": 1, "base64SHA256Password": "3oGi4B5I+Y9iEkYtL7xvuUxrvGOXM/X2LQrsCwf/knA="}' +elif [[ "$DEMO_VERSION" =~ sp3 ]]; then + echo "MaEVe CSMS started, adding charge station with Security Profile 3 (note: profiles in MaEVe start with 0 so SP-2 == OCPP SP-3)" + curl http://localhost:9410/api/v0/cs/cp001 -H 'content-type: application/json' -d '{"securityProfile": 2}' +fi + +echo "Charge station added, adding user token" + +curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d '{ + "countryCode": "GB", + "partyId": "TWK", + "type": "RFID", + "uid": "DEADBEEF", + "contractId": "GBTWK012345678V", + "issuer": "Thoughtworks", + "valid": true, + "cacheMode": "ALWAYS" +}' + +curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d '{"countryCode": "UK", "partyId": "Switch", "contractId": "UKSWI123456789G", "uid": "UKSWI123456789G", "issuer": "Switch", "valid": true, "cacheMode": "ALWAYS"}' + From 2a82485f0012735be8406ed1b0215f879350fc38 Mon Sep 17 00:00:00 2001 From: Shankari Date: Mon, 11 Nov 2024 15:29:03 -0800 Subject: [PATCH 4/8] REFACTOR STEP 4: Pull out the code to copy the certs over To simplify the script and make it easier to refactor. Testing done: - maeve starts up and the manager connects to it - citrineos does not start up, but that is unchanged from the main branch Will punt on debugging citrineos until we have rolled forward - maeve testing ``` 2024-11-11 22:43:40.693974 [INFO] ocpp:OCPP201 :: Using certificate: "/ext/source/build/dist/etc/everest/certs/client/csms/CSMS_LEAF.pem" 2024-11-11 22:43:40.694660 [INFO] ocpp:OCPP201 :: Using key file: "/ext/source/build/dist/etc/everest/certs/client/csms/CSMS_LEAF.key" 2024-11-11 22:43:40.701120 [INFO] evse_security:E :: Building new certificate hierarchy! 2024-11-11 22:43:40.780705 [INFO] evse_security:E :: Requesting certificate file: [CSMS] file:"/ext/source/build/dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem" 2024-11-11 22:43:40.737677 [DEBG] ocpp:OCPP201 :: Loading ca csms bundle to verify server certificate: /ext/source/build/dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem 2024-11-11 22:43:40.823477 [INFO] evse_security:E :: Requesting certificate file: [CSMS] file:"/ext/source/build/dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem" 2024-11-11 22:43:40.909915 [INFO] evse_security:E :: Requesting key/pair: V2G 2024-11-11 22:43:40.913828 [INFO] evse_security:E :: TPM Key: false 2024-11-11 22:43:40.924600 [WARN] evse_security:E static std::string evse_security::OpenSSLSupplier::x509_get_responder_url(evse_security::X509Handle*) :: Could not retrieve OCSP Responder URL from certificate 2024-11-11 22:43:40.927839 [INFO] ocpp:OCPP201 :: OCPP client successfully connected to TLS websocket server 2024-11-11 22:43:40.940441 [INFO] ocpp:OCPP201 :: Received BootNotificationResponse: { "currentTime": "2024-11-11T22:43:40.000Z", "interval": 300, "status": "Accepted" } with messageId: 351ad980-332b-4c63-9ba4-0a1a07250928 ``` - citrine testing ``` Cloning EVerest from /Users/kshankar/Desktop/data/joet-everest/everest-demo into /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.khZGzAKt/everest-demo Cloning CitrineOS CSMS from https://github.com/citrineos/citrineos-core.git into /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.khZGzAKt/citrineos-csms and starting it Cloning into 'citrineos-csms'... remote: Enumerating objects: 16467, done. remote: Counting objects: 100% (303/303), done. remote: Compressing objects: 100% (221/221), done. remote: Total 16467 (delta 139), reused 161 (delta 70), pack-reused 16164 (from 1) Receiving objects: 100% (16467/16467), 5.06 MiB | 2.60 MiB/s, done. Resolving deltas: 100% (10384/10384), done. /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.khZGzAKt/citrineos-csms /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.khZGzAKt Copying certs into /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.khZGzAKt/citrineos-csms/Server/data/certificates /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.khZGzAKt/citrineos-csms/Server /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.khZGzAKt/citrineos-csms /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.khZGzAKt ``` Citrine failure on both main and this branch ``` 127.9 npm verbose exit 0 127.9 npm info ok 131.7 npm verbose exit 1 131.7 npm verbose code 1 ------ failed to solve: process "/bin/sh -c npm install --workspaces --verbose && npm run compile --workspaces --verbose" did not complete successfully: exit code: 1 Failed to start CitrineOS. ``` Signed-off-by: Shankari --- citrineos/copy-certs.sh | 22 +++++++++++++++++++ demo-iso15118-2-ocpp-201.sh | 43 ++++--------------------------------- maeve/copy-certs.sh | 14 ++++++++++++ 3 files changed, 40 insertions(+), 39 deletions(-) create mode 100644 citrineos/copy-certs.sh create mode 100644 maeve/copy-certs.sh diff --git a/citrineos/copy-certs.sh b/citrineos/copy-certs.sh new file mode 100644 index 00000000..0ab9c55d --- /dev/null +++ b/citrineos/copy-certs.sh @@ -0,0 +1,22 @@ + echo "Copying certs into ${DEMO_DIR}/citrineos-csms/Server/data/certificates" + tar xf cached_certs_correct_name_emaid.tar.gz + + # Leaf key + cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key Server/data/certificates/leafKey.pem + + #Cert chain + cat dist/etc/everest/certs/client/csms/CSMS_LEAF.pem \ + dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ + dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ + > Server/data/certificates/certChain.pem + + # SubCA + cp dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.key Server/data/certificates/subCAKey.pem + + #TrustedSubCAChain + cat dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ + dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ + > Server/data/certificates/rootCertificate.pem + + #ACME key + cp ../everest-demo/citrineos/acme_account_key.pem Server/data/certificates/acme_account_key.pem diff --git a/demo-iso15118-2-ocpp-201.sh b/demo-iso15118-2-ocpp-201.sh index fcc91a6e..3c3eb81f 100755 --- a/demo-iso15118-2-ocpp-201.sh +++ b/demo-iso15118-2-ocpp-201.sh @@ -104,20 +104,8 @@ if [[ "$DEMO_CSMS" == maeve ]]; then cp ../everest-demo/manager/cached_certs_correct_name_emaid.tar.gz . - # Set up certificates for SP2 and SP3 if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then - echo "Copying certs into ${DEMO_DIR}/maeve-csms/config/certificates" - tar xf cached_certs_correct_name_emaid.tar.gz - cat dist/etc/everest/certs/client/csms/CSMS_LEAF.pem \ - dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ - dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ - > config/certificates/csms.pem - cat dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ - dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ - > config/certificates/trust.pem - cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key config/certificates/csms.key - cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem - cp dist/etc/everest/certs/ca/mo/MO_ROOT_CA.pem config/certificates/root-MO-cert.pem + source ../everest-demo/maeve/copy-certs.sh echo "Validating that the certificates are set up correctly" openssl verify -show_chain \ @@ -160,29 +148,7 @@ if [[ "$DEMO_CSMS" == 'citrineos' ]]; then cp ../everest-demo/manager/cached_certs_correct_name_emaid.tar.gz . mkdir -p Server/data/certificates - - echo "Copying certs into ${DEMO_DIR}/citrineos-csms/Server/data/certificates" - tar xf cached_certs_correct_name_emaid.tar.gz - - # Leaf key - cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key Server/data/certificates/leafKey.pem - - #Cert chain - cat dist/etc/everest/certs/client/csms/CSMS_LEAF.pem \ - dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ - dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ - > Server/data/certificates/certChain.pem - - # SubCA - cp dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.key Server/data/certificates/subCAKey.pem - - #TrustedSubCAChain - cat dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ - dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ - > Server/data/certificates/rootCertificate.pem - - #ACME key - cp ../everest-demo/citrineos/acme_account_key.pem Server/data/certificates/acme_account_key.pem + source ../everest-demo/citrineos/copy-certs.sh pushd Server || exit 1 echo "Starting the CitrineOS CSMS" @@ -192,13 +158,12 @@ if [[ "$DEMO_CSMS" == 'citrineos' ]]; then echo "Failed to start CitrineOS." exit 1 fi + popd || exit 1 echo "Adding a charger and RFID card to CitrineOS" - ../../everest-demo/citrineos/add-charger-and-rfid-card.sh + ../everest-demo/citrineos/add-charger-and-rfid-card.sh popd || exit 1 - popd || exit 1 - fi pushd everest-demo || exit 1 diff --git a/maeve/copy-certs.sh b/maeve/copy-certs.sh new file mode 100644 index 00000000..4a94c2ea --- /dev/null +++ b/maeve/copy-certs.sh @@ -0,0 +1,14 @@ + # Set up certificates for SP2 and SP3 + echo "Copying certs into ${DEMO_DIR}/maeve-csms/config/certificates" + tar xf cached_certs_correct_name_emaid.tar.gz + cat dist/etc/everest/certs/client/csms/CSMS_LEAF.pem \ + dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ + dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ + > config/certificates/csms.pem + cat dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem \ + dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ + > config/certificates/trust.pem + cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key config/certificates/csms.key + cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem + cp dist/etc/everest/certs/ca/mo/MO_ROOT_CA.pem config/certificates/root-MO-cert.pem + From 86b1ea8ae7cbd1e8beaf7a42f53f8d752ec2e967 Mon Sep 17 00:00:00 2001 From: Shankari Date: Mon, 11 Nov 2024 17:14:26 -0800 Subject: [PATCH 5/8] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20=F0=9F=94=A5STEP=205:?= =?UTF-8?q?=20Remove=20duplicate=20code;=20ensure=20DRY?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before this change, the citrine and maeve parts of the demo were essentially copies of each other - they performed very similar tasks but due to subtle differences, the steps were long if-guarded blocks of code. This commit builds on 2a82485f0012735be8406ed1b0215f879350fc38 and 821ac3cbf7070b84fdd2a67942b0452c445ba2d8 to identify the common tasks and pull them out into separate scripts. The tasks then represent a "CSMS access layer" or common interface. The details of the CSMS are hidden from the top-level demo script. Support for other CSMSes can be added by adding a new directory and implementing these scripts. Testing done: - With the build and run commands in the script commented out and exiting right after "start the CSMS"
Maeve ``` Cloning into 'maeve-csms'... remote: Enumerating objects: 3775, done. remote: Counting objects: 100% (1108/1108), done. remote: Compressing objects: 100% (362/362), done. remote: Total 3775 (delta 853), reused 886 (delta 742), pack-reused 2667 (from 1) Receiving objects: 100% (3775/3775), 1.30 MiB | 511.00 KiB/s, done. Resolving deltas: 100% (2700/2700), done. /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.URcdIGCA/maeve-csms /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.URcdIGCA Copying certs into /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.URcdIGCA/maeve-csms/config/certificates Validating that the certificates are set up correctly config/certificates/csms.pem: OK Chain: depth=0: CN=host.docker.internal, O=EVerest, C=DE, DC=CPO (untrusted) depth=1: CN=CPOSubCA2, O=EVerest, C=DE, DC=V2G (untrusted) depth=2: CN=CPOSubCA1, O=EVerest, C=DE, DC=V2G (untrusted) depth=3: CN=V2GRootCA, O=EVerest, C=DE, DC=V2G Patching the CSMS to enable EVerest organization patching file docker-compose.yml Patching the CSMS to enable local mo root patching file 'config/manager/config.toml' Patching the CSMS to enable local mo root patching file 'manager/handlers/ocpp201/authorize.go' Build and run Waiting 5s for maeve services to finish starting... Adding a charger and RFID card to maeve While running subscript, DEMO_VERSION is v2.0.1-sp3 MaEVe CSMS started, adding charge station with Security Profile 3 (note: profiles in MaEVe start with 0 so SP-2 == OCPP SP-3) curl: (7) Failed to connect to localhost port 9410 after 0 ms: Couldn't connect to server Charge station added, adding user token curl: (7) Failed to connect to localhost port 9410 after 0 ms: Couldn't connect to server curl: (7) Failed to connect to localhost port 9410 after 0 ms: Couldn't connect to server /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.URcdIGCA ```
CitrineOS ``` Cloning into 'citrineos-csms'... remote: Enumerating objects: 16467, done. remote: Counting objects: 100% (303/303), done. remote: Compressing objects: 100% (221/221), done. remote: Total 16467 (delta 139), reused 161 (delta 70), pack-reused 16164 (from 1) Receiving objects: 100% (16467/16467), 5.07 MiB | 898.00 KiB/s, done. Resolving deltas: 100% (10346/10346), done. /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.wBOfhaXf/citrineos-csms /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.wBOfhaXf Copying certs into /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.wBOfhaXf/citrineos-csms/Server/data/certificates Validating that the certificates are set up correctly Server/data/certificates/certChain.pem: OK Chain: depth=0: CN=host.docker.internal, O=EVerest, C=DE, DC=CPO (untrusted) depth=1: CN=CPOSubCA2, O=EVerest, C=DE, DC=V2G (untrusted) depth=2: CN=CPOSubCA1, O=EVerest, C=DE, DC=V2G (untrusted) depth=3: CN=V2GRootCA, O=EVerest, C=DE, DC=V2G No patches to apply Build and run Waiting 5s for citrineos services to finish starting... Adding a charger and RFID card to citrineos Received Token: Failed to retrieve access token. ```
- After putting everything back in
MaEVe starts and charges ``` Build and run WARN[0000] The "UID" variable is not set. Defaulting to a blank string. WARN[0000] The "GID" variable is not set. Defaulting to a blank string. WARN[0000] The "UID" variable is not set. Defaulting to a blank string. WARN[0000] The "GID" variable is not set. Defaulting to a blank string. [+] Building 3.3s (35/35) FINISHED docker:desktop-linux => [manager internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 947B 0.0s => [gateway] resolve image config for docker-image://docker.io/docker/dockerfile:1.2 1.3s => [manager auth] docker/dockerfile:pull token for registry-1.docker.io 0.0s => CACHED [gateway] docker-image://docker.io/docker/dockerfile:1.2@sha256:e2a8561e419ab1ba6b2fe6cbdf49fd92b95912df1cf7d 0.0s => [manager internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [manager internal] load build definition from Dockerfile 0.0s => [gateway internal] load metadata for gcr.io/distroless/static:nonroot 0.7s ... [+] Running 5/5 ✔ Network maeve-csms Created 0.1s ✔ Container maeve-csms-firestore-1 Healthy 0.1s ✔ Container maeve-csms-mqtt-1 Healthy 0.1s ✔ Container maeve-csms-manager-1 Healthy 0.1s ✔ Container maeve-csms-gateway-1 Created 0.1s Waiting 5s for maeve services to finish starting... Adding a charger and RFID card to maeve While running subscript, DEMO_VERSION is v2.0.1-sp3 MaEVe CSMS started, adding charge station with Security Profile 3 (note: profiles in MaEVe start with 0 so SP-2 == OCPP SP-3) Charge station added, adding user token API calls to CSMS finished, Starting everest 2024-11-12 01:05:17.068938 [INFO] ocpp:OCPP201 :: Received BootNotificationResponse: { "currentTime": "2024-11-12T01:05:17.000Z", "interval": 300, "status": "Accepted" } with messageId: a9c9100f-ba3b-4000-bd5e-09ae2b3f4699 2024-11-12 01:05:17.501430 [WARN] ocpp:OCPP201 void ocpp::v201::OcspUpdater::updater_thread_loop() :: libocpp: OCSP status update failed: CSMS rejected certificate status update: (No status info provided), will retry. 2024-11-12 01:05:22.543468 [INFO] evse_security:E :: Requesting key/pair: V2G 2024-11-12 01:05:22.547168 [INFO] evse_security:E :: TPM Key: false ```
Citrine fails like on master ``` No patches to apply Build and run /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.62Qi7Bp5/citrineos-csms/Server /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.62Qi7Bp5/citrineos-csms /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.62Qi7Bp5 WARN[0000] /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.62Qi7Bp5/citrineos-csms/Server/docker-compose.yml: `version` is obsolete [+] Building 8.5s (22/26) docker:desktop-linux => [directus internal] load build definition from directus.Dockerfile 0.0s => => transferring dockerfile: 887B 0.0s => [directus internal] load metadata for docker.io/directus/directus:10.10.5 1.0s => [directus auth] directus/directus:pull token for registry-1.docker.io 0.0s => [directus internal] load .dockerignore 0.0s => => transferring context: 314B 0.0s ... => [citrine build 4/5] RUN npm install --workspaces --verbose && npm run compile --workspaces --verbose 93.2s => => # npm verbose logfile logs-max:10 dir:/root/.npm/_logs/2024-11-12T01_10_43_406Z- => => # npm verbose logfile /root/.npm/_logs/2024-11-12T01_10_43_406Z-debug-0.log => => # > @citrineos/certificates@1.2.3 clean => => # > rm -rf dist/* tsconfig.tsbuildinfo => => # npm verbose exit 0 => => # npm info ok 116.8 npm verbose exit 0 116.8 npm info ok 121.5 npm verbose exit 1 121.5 npm verbose code 1 ------ failed to solve: process "/bin/sh -c npm install --workspaces --verbose && npm run compile --workspaces --verbose" did not complete successfully: exit code: 1 Failed to start citrineos ```
Signed-off-by: Shankari --- citrineos/apply-patches.sh | 1 + citrineos/build-and-run.sh | 11 +++ demo-iso15118-2-ocpp-201.sh | 135 +++++++++++------------------------- maeve/apply-patches.sh | 15 ++++ maeve/build-and-run.sh | 6 ++ 5 files changed, 73 insertions(+), 95 deletions(-) create mode 100644 citrineos/apply-patches.sh create mode 100644 citrineos/build-and-run.sh create mode 100644 maeve/apply-patches.sh create mode 100644 maeve/build-and-run.sh diff --git a/citrineos/apply-patches.sh b/citrineos/apply-patches.sh new file mode 100644 index 00000000..7d5eb293 --- /dev/null +++ b/citrineos/apply-patches.sh @@ -0,0 +1 @@ +echo "No patches to apply" diff --git a/citrineos/build-and-run.sh b/citrineos/build-and-run.sh new file mode 100644 index 00000000..9b6126ab --- /dev/null +++ b/citrineos/build-and-run.sh @@ -0,0 +1,11 @@ +echo "Build and run" + +pushd Server || exit 1 + +docker compose build +if ! docker compose --project-name ${DEMO_CSMS}-csms up -d --wait; then + echo "Failed to start ${DEMO_CSMS}" + exit 1 +fi + +popd || exit 1 diff --git a/demo-iso15118-2-ocpp-201.sh b/demo-iso15118-2-ocpp-201.sh index 3c3eb81f..2195c5d9 100755 --- a/demo-iso15118-2-ocpp-201.sh +++ b/demo-iso15118-2-ocpp-201.sh @@ -34,7 +34,8 @@ where: DEMO_VERSION= DEMO_COMPOSE_FILE_NAME= DEMO_CSMS=maeve - +DEMO_CSMS_REPO=$MAEVE_REPO +DEMO_CSMS_BRANCH=$MAEVE_BRANCH # loop through positional options/arguments while getopts ':r:b:123chm' option; do @@ -47,7 +48,9 @@ while getopts ':r:b:123chm' option; do DEMO_COMPOSE_FILE_NAME="docker-compose.ocpp201.yml" ;; 3) DEMO_VERSION="v2.0.1-sp3" DEMO_COMPOSE_FILE_NAME="docker-compose.ocpp201.yml" ;; - c) DEMO_CSMS="citrineos" ;; + c) DEMO_CSMS="citrineos" + DEMO_CSMS_REPO=$CITRINEOS_REPO + DEMO_CSMS_BRANCH=$CITRINEOS_BRANCH ;; m) START_OPTION="manual" ;; h) echo -e "$usage"; exit ;; \?) echo -e "illegal option: -$OPTARG\n" >&2 @@ -78,12 +81,14 @@ delete_temporary_directory() { rm -rf "${DEMO_DIR}"; } trap delete_temporary_directory EXIT -echo "DEMO REPO: $DEMO_REPO" -echo "DEMO BRANCH: $DEMO_BRANCH" -echo "DEMO VERSION: $DEMO_VERSION" -echo "DEMO CONFIG: $DEMO_COMPOSE_FILE_NAME" -echo "DEMO DIR: $DEMO_DIR" -echo "DEMO CSMS: $DEMO_CSMS" +echo "DEMO REPO: $DEMO_REPO" +echo "DEMO BRANCH: $DEMO_BRANCH" +echo "DEMO VERSION: $DEMO_VERSION" +echo "DEMO CONFIG: $DEMO_COMPOSE_FILE_NAME" +echo "DEMO DIR: $DEMO_DIR" +echo "DEMO CSMS: $DEMO_CSMS" +echo "DEMO CSMS REPO: $DEMO_CSMS_REPO" +echo "DEMO CSMS BRANCH: $DEMO_CSMS_BRANCH" cd "${DEMO_DIR}" || exit 1 @@ -96,75 +101,33 @@ else cp -r "$DEMO_REPO" everest-demo fi -if [[ "$DEMO_CSMS" == maeve ]]; then - echo "Cloning ${DEMO_CSMS} CSMS from ${MAEVE_REPO} into ${DEMO_DIR}/${DEMO_CSMS}-csms and starting it" - git clone --branch "${MAEVE_BRANCH}" "${MAEVE_REPO}" ${DEMO_CSMS}-csms +# BEGIN: Setting up the CSMS + echo "Cloning ${DEMO_CSMS} CSMS from ${DEMO_CSMS_REPO} into ${DEMO_DIR}/${DEMO_CSMS}-csms and starting it" + git clone --branch "${DEMO_CSMS_BRANCH}" "${DEMO_CSMS_REPO}" ${DEMO_CSMS}-csms - pushd maeve-csms || exit 1 + pushd ${DEMO_CSMS}-csms || exit 1 cp ../everest-demo/manager/cached_certs_correct_name_emaid.tar.gz . if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then - source ../everest-demo/maeve/copy-certs.sh - - echo "Validating that the certificates are set up correctly" - openssl verify -show_chain \ - -CAfile config/certificates/root-V2G-cert.pem \ - -untrusted config/certificates/trust.pem \ - config/certificates/csms.pem - - echo "Patching the CSMS to enable EVerest organization" - patch -p1 -i ../everest-demo/maeve/maeve-csms-everest-org.patch - - echo "Patching the CSMS to enable local mo root" - patch -p1 -i ../everest-demo/maeve/maeve-csms-local-mo-root.patch - - echo "Patching the CSMS to enable local mo root" - patch -p1 -i ../everest-demo/maeve/maeve-csms-ignore-ocsp.patch - - else - echo "Patching the CSMS to disable WSS" - patch -p1 -i ../everest-demo/maeve/maeve-csms-no-wss.patch + source ../everest-demo/${DEMO_CSMS}/copy-certs.sh fi - docker compose build - docker compose up -d - - echo "Waiting 5s for MaEVe CSMS to start..." - sleep 5 - - echo "Adding a charger and RFID card to maeve" - source ../everest-demo/maeve/add-charger-and-rfid-card.sh - - popd || exit 1 -fi - -if [[ "$DEMO_CSMS" == 'citrineos' ]]; then - echo "Cloning CitrineOS CSMS from ${CITRINEOS_REPO} into ${DEMO_DIR}/citrineos-csms and starting it" - git clone --branch "${CITRINEOS_BRANCH}" "${CITRINEOS_REPO}" citrineos-csms - - pushd citrineos-csms || exit 1 - - cp ../everest-demo/manager/cached_certs_correct_name_emaid.tar.gz . + source ../everest-demo/${DEMO_CSMS}/apply-patches.sh - mkdir -p Server/data/certificates - source ../everest-demo/citrineos/copy-certs.sh + source ../everest-demo/${DEMO_CSMS}/build-and-run.sh - pushd Server || exit 1 - echo "Starting the CitrineOS CSMS" - cat ./docker-compose.yml - docker compose -f ./docker-compose.yml build - if ! docker compose --project-name citrineos-csms -f ./docker-compose.yml up -d --wait; then - echo "Failed to start CitrineOS." - exit 1 - fi - popd || exit 1 + # note that docker compose --wait only waits for the + # containers to be up, not necessarily the services in those + # containers. + echo "Waiting 5s for ${DEMO_CSMS} services to finish starting..." + sleep 5 - echo "Adding a charger and RFID card to CitrineOS" - ../everest-demo/citrineos/add-charger-and-rfid-card.sh + echo "Adding a charger and RFID card to ${DEMO_CSMS}" + source ../everest-demo/${DEMO_CSMS}/add-charger-and-rfid-card.sh popd || exit 1 -fi +# END: Setting up the CSMS pushd everest-demo || exit 1 echo "API calls to CSMS finished, Starting everest" @@ -191,36 +154,18 @@ if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then docker exec everest-ac-demo-manager-1 /bin/bash -c "pushd /ext/source/build && openssl verify -show_chain -CAfile dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem dist/etc/everest/certs/client/csms/CSMS_LEAF.pem" fi -if [[ "$DEMO_CSMS" == 'maeve' ]]; then - if [[ "$DEMO_VERSION" =~ sp1 ]]; then - echo "Copying device DB, configured to SecurityProfile: 1" - docker cp manager/device_model_storage_maeve_sp1.db \ - everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db - elif [[ "$DEMO_VERSION" =~ sp2 ]]; then - echo "Copying device DB, configured to SecurityProfile: 2" - docker cp manager/device_model_storage_maeve_sp2.db \ - everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db - elif [[ "$DEMO_VERSION" =~ sp3 ]]; then - echo "Copying device DB, configured to SecurityProfile: 3" - docker cp manager/device_model_storage_maeve_sp3.db \ - everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db - fi -fi - -if [[ "$DEMO_CSMS" == 'citrineos' ]]; then - if [[ "$DEMO_VERSION" =~ sp1 ]]; then - echo "Copying device DB, configured to SecurityProfile: 1" - docker cp manager/device_model_storage_citrineos_sp1.db \ - everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db - elif [[ "$DEMO_VERSION" =~ sp2 ]]; then - echo "Copying device DB, configured to SecurityProfile: 2" - docker cp manager/device_model_storage_citrineos_sp2.db \ - everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db - elif [[ "$DEMO_VERSION" =~ sp3 ]]; then - echo "Copying device DB, configured to SecurityProfile: 3" - docker cp manager/device_model_storage_citrineos_sp3.db \ - everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db - fi +if [[ "$DEMO_VERSION" =~ sp1 ]]; then +echo "Copying device DB, configured to SecurityProfile: 1" +docker cp manager/device_model_storage_${DEMO_CSMS}_sp1.db \ + everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db +elif [[ "$DEMO_VERSION" =~ sp2 ]]; then +echo "Copying device DB, configured to SecurityProfile: 2" +docker cp manager/device_model_storage_${DEMO_CSMS}_sp2.db \ + everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db +elif [[ "$DEMO_VERSION" =~ sp3 ]]; then +echo "Copying device DB, configured to SecurityProfile: 3" +docker cp manager/device_model_storage_${DEMO_CSMS}_sp3.db \ + everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db fi if [[ "$START_OPTION" == "auto" ]]; then diff --git a/maeve/apply-patches.sh b/maeve/apply-patches.sh new file mode 100644 index 00000000..172bdf70 --- /dev/null +++ b/maeve/apply-patches.sh @@ -0,0 +1,15 @@ + if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then + echo "Patching the CSMS to enable EVerest organization" + patch -p1 -i ../everest-demo/maeve/maeve-csms-everest-org.patch + + echo "Patching the CSMS to enable local mo root" + patch -p1 -i ../everest-demo/maeve/maeve-csms-local-mo-root.patch + + echo "Patching the CSMS to enable local mo root" + patch -p1 -i ../everest-demo/maeve/maeve-csms-ignore-ocsp.patch + + else + echo "Patching the CSMS to disable WSS" + patch -p1 -i ../everest-demo/maeve/maeve-csms-no-wss.patch + fi + diff --git a/maeve/build-and-run.sh b/maeve/build-and-run.sh new file mode 100644 index 00000000..0a6b3901 --- /dev/null +++ b/maeve/build-and-run.sh @@ -0,0 +1,6 @@ +echo "Build and run" +docker compose build +if ! docker compose --project-name ${DEMO_CSMS}-csms up -d --wait; then + echo "Failed to start ${DEMO_CSMS}" + exit 1 +fi From 20d0d3b4bedecc70c1d0da259ef254f563138cf4 Mon Sep 17 00:00:00 2001 From: Shankari Date: Mon, 11 Nov 2024 17:21:23 -0800 Subject: [PATCH 6/8] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20=F0=9F=94=92=EF=B8=8FV?= =?UTF-8?q?alidate=20in=20the=20lower=20level=20+=20add=20validation=20to?= =?UTF-8?q?=20Citrine?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Move the validation to the lower level since the directory structure is different - Add code to copy the real root over to citrine - Add validation to citrine As an aside, I wonder if this weird configuration (the actual root CA isn't there?!) is the reason that the self-signed certs are not working with Citrine. Need to investigate once we roll forward. Testing done: as part of 86b1ea8ae7cbd1e8beaf7a42f53f8d752ec2e967 Signed-off-by: Shankari --- citrineos/copy-certs.sh | 11 +++++++++++ maeve/copy-certs.sh | 6 ++++++ 2 files changed, 17 insertions(+) mode change 100644 => 100755 citrineos/copy-certs.sh diff --git a/citrineos/copy-certs.sh b/citrineos/copy-certs.sh old mode 100644 new mode 100755 index 0ab9c55d..23419f64 --- a/citrineos/copy-certs.sh +++ b/citrineos/copy-certs.sh @@ -1,3 +1,5 @@ + mkdir -p Server/data/certificates + echo "Copying certs into ${DEMO_DIR}/citrineos-csms/Server/data/certificates" tar xf cached_certs_correct_name_emaid.tar.gz @@ -18,5 +20,14 @@ dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem \ > Server/data/certificates/rootCertificate.pem + #Actual root cert + cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem Server/data/certificates/root-V2G-cert.pem + #ACME key cp ../everest-demo/citrineos/acme_account_key.pem Server/data/certificates/acme_account_key.pem + + echo "Validating that the certificates are set up correctly" + openssl verify -show_chain \ + -CAfile Server/data/certificates/root-V2G-cert.pem \ + -untrusted Server/data/certificates/rootCertificate.pem \ + Server/data/certificates/certChain.pem diff --git a/maeve/copy-certs.sh b/maeve/copy-certs.sh index 4a94c2ea..696af0de 100644 --- a/maeve/copy-certs.sh +++ b/maeve/copy-certs.sh @@ -12,3 +12,9 @@ cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem cp dist/etc/everest/certs/ca/mo/MO_ROOT_CA.pem config/certificates/root-MO-cert.pem + echo "Validating that the certificates are set up correctly" + openssl verify -show_chain \ + -CAfile config/certificates/root-V2G-cert.pem \ + -untrusted config/certificates/trust.pem \ + config/certificates/csms.pem + From 940a158c0ec03b3384b47706371ee07a74da8db2 Mon Sep 17 00:00:00 2001 From: Shankari Date: Mon, 11 Nov 2024 21:09:49 -0800 Subject: [PATCH 7/8] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20=F0=9F=90=9B=20Ensure?= =?UTF-8?q?=20that=20the=20demo=20code=20does=20not=20silently=20fail?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Several of the options in the demo do not actually work For example: - Citrine fails to build (even on main) - SP1 (and SP2) won't work with TLS https://github.com/EVerest/everest-demo/issues/78#issuecomment-2468520655 Fixes: - Error out before Citrine build with a message indicating that it is not supported - Patch the config for SP1 and SP2 to disable TLS Testing done: - Citrine ``` Cloning citrineos CSMS from https://github.com/citrineos/citrineos-core.git into /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.I8ClXLLd/citrineos-csms and starting it Cloning into 'citrineos-csms'... remote: Enumerating objects: 16467, done. remote: Counting objects: 100% (303/303), done. remote: Compressing objects: 100% (221/221), done. remote: Total 16467 (delta 139), reused 161 (delta 70), pack-reused 16164 (from 1) Receiving objects: 100% (16467/16467), 5.07 MiB | 969.00 KiB/s, done. Resolving deltas: 100% (10346/10346), done. /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.I8ClXLLd/citrineos-csms /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.I8ClXLLd Copying certs into /var/folders/y5/cx3cfzrd2q116myv9ly86sw1rnlmdj/T/tmp.I8ClXLLd/citrineos-csms/Server/data/certificates Validating that the certificates are set up correctly Server/data/certificates/certChain.pem: OK Chain: depth=0: CN=host.docker.internal, O=EVerest, C=DE, DC=CPO (untrusted) depth=1: CN=CPOSubCA2, O=EVerest, C=DE, DC=V2G (untrusted) depth=2: CN=CPOSubCA1, O=EVerest, C=DE, DC=V2G (untrusted) depth=3: CN=V2GRootCA, O=EVerest, C=DE, DC=V2G No patches to apply Build and run CitrineOS does not currently build due to issues with npm dependencies. It is disabled until we roll forward. Apologies for the inconvenience! ``` - Maeve ``` Successfully copied 84.5kB to everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db Successfully copied 3.07kB to everest-ac-demo-manager-1:/tmp/ /ext/source /workspace patching file config/config-sil-ocpp201-pnc.yaml ``` And then charging with EIM was successful Signed-off-by: Shankari --- citrineos/build-and-run.sh | 3 +++ demo-iso15118-2-ocpp-201.sh | 4 ++++ manager/disable_iso_tls.patch | 11 +++++++++++ 3 files changed, 18 insertions(+) create mode 100644 manager/disable_iso_tls.patch diff --git a/citrineos/build-and-run.sh b/citrineos/build-and-run.sh index 9b6126ab..5d9d55ab 100644 --- a/citrineos/build-and-run.sh +++ b/citrineos/build-and-run.sh @@ -1,5 +1,8 @@ echo "Build and run" +echo "CitrineOS does not currently build due to issues with npm dependencies. It is disabled until we roll forward. Apologies for the inconvenience!" +exit 1 + pushd Server || exit 1 docker compose build diff --git a/demo-iso15118-2-ocpp-201.sh b/demo-iso15118-2-ocpp-201.sh index 2195c5d9..bdfb629c 100755 --- a/demo-iso15118-2-ocpp-201.sh +++ b/demo-iso15118-2-ocpp-201.sh @@ -158,10 +158,14 @@ if [[ "$DEMO_VERSION" =~ sp1 ]]; then echo "Copying device DB, configured to SecurityProfile: 1" docker cp manager/device_model_storage_${DEMO_CSMS}_sp1.db \ everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db +docker cp manager/disable_iso_tls.patch everest-ac-demo-manager-1:/tmp/ +docker exec everest-ac-demo-manager-1 /bin/bash -c "pushd /ext/source && patch -p0 -i /tmp/disable_iso_tls.patch" elif [[ "$DEMO_VERSION" =~ sp2 ]]; then echo "Copying device DB, configured to SecurityProfile: 2" docker cp manager/device_model_storage_${DEMO_CSMS}_sp2.db \ everest-ac-demo-manager-1:/ext/source/build/dist/share/everest/modules/OCPP201/device_model_storage.db +docker cp manager/disable_iso_tls.patch everest-ac-demo-manager-1:/tmp/ +docker exec everest-ac-demo-manager-1 /bin/bash -c "pushd /ext/source && patch -p0 -i /tmp/disable_iso_tls.patch" elif [[ "$DEMO_VERSION" =~ sp3 ]]; then echo "Copying device DB, configured to SecurityProfile: 3" docker cp manager/device_model_storage_${DEMO_CSMS}_sp3.db \ diff --git a/manager/disable_iso_tls.patch b/manager/disable_iso_tls.patch new file mode 100644 index 00000000..2db455d9 --- /dev/null +++ b/manager/disable_iso_tls.patch @@ -0,0 +1,11 @@ +--- /tmp/config-sil-ocpp201-pnc.yaml ++++ config/config-sil-ocpp201-pnc.yaml +@@ -14,7 +14,7 @@ + config_module: + device: auto + supported_ISO15118_2: true +- tls_active: true ++ tls_active: false + is_cert_install_needed: false + evse_manager_1: + module: EvseManager From a62883191fdee306d68420117c4e85c04524e578 Mon Sep 17 00:00:00 2001 From: Shankari Date: Mon, 11 Nov 2024 22:55:49 -0800 Subject: [PATCH 8/8] =?UTF-8?q?=F0=9F=8E=A8=20Fix=20codacy=20issues;=20spe?= =?UTF-8?q?cify=20shell=20and=20quote=20vars?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix issues flagged by codacy These were primarily - no default shell specified for all the newly added subscripts - added bash - some environment variables were not quoted - quoted them Signed-off-by: Shankari --- citrineos/apply-patches.sh | 2 ++ citrineos/build-and-run.sh | 4 +++- citrineos/copy-certs.sh | 2 ++ demo-iso15118-2-ocpp-201.sh | 2 +- maeve/add-charger-and-rfid-card.sh | 2 ++ maeve/apply-patches.sh | 2 ++ maeve/build-and-run.sh | 4 +++- maeve/copy-certs.sh | 2 ++ 8 files changed, 17 insertions(+), 3 deletions(-) diff --git a/citrineos/apply-patches.sh b/citrineos/apply-patches.sh index 7d5eb293..4f04324b 100644 --- a/citrineos/apply-patches.sh +++ b/citrineos/apply-patches.sh @@ -1 +1,3 @@ +#!/usr/bin/env bash + echo "No patches to apply" diff --git a/citrineos/build-and-run.sh b/citrineos/build-and-run.sh index 5d9d55ab..0bce42b8 100644 --- a/citrineos/build-and-run.sh +++ b/citrineos/build-and-run.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + echo "Build and run" echo "CitrineOS does not currently build due to issues with npm dependencies. It is disabled until we roll forward. Apologies for the inconvenience!" @@ -6,7 +8,7 @@ exit 1 pushd Server || exit 1 docker compose build -if ! docker compose --project-name ${DEMO_CSMS}-csms up -d --wait; then +if ! docker compose --project-name "${DEMO_CSMS}"-csms up -d --wait; then echo "Failed to start ${DEMO_CSMS}" exit 1 fi diff --git a/citrineos/copy-certs.sh b/citrineos/copy-certs.sh index 23419f64..cfb504c2 100755 --- a/citrineos/copy-certs.sh +++ b/citrineos/copy-certs.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + mkdir -p Server/data/certificates echo "Copying certs into ${DEMO_DIR}/citrineos-csms/Server/data/certificates" diff --git a/demo-iso15118-2-ocpp-201.sh b/demo-iso15118-2-ocpp-201.sh index bdfb629c..ede39f73 100755 --- a/demo-iso15118-2-ocpp-201.sh +++ b/demo-iso15118-2-ocpp-201.sh @@ -21,7 +21,7 @@ Pro Tip: to use a local copy of this everest-demo repo, provide the current directory to the -r option (e.g., '-r \$(pwd)'). where: - -r URL to everest-demo repo to use (default: $DEMO_REPO, "$PWD" uses the current dir) + -r URL to everest-demo repo to use (default: $DEMO_REPO, '$PWD' uses the current dir) -b Branch of everest-demo repo to use (default: $DEMO_BRANCH) -1 OCPP v2.0.1 Security Profile 1 -2 OCPP v2.0.1 Security Profile 2 diff --git a/maeve/add-charger-and-rfid-card.sh b/maeve/add-charger-and-rfid-card.sh index 9463618e..c4f7f505 100755 --- a/maeve/add-charger-and-rfid-card.sh +++ b/maeve/add-charger-and-rfid-card.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + echo "While running subscript, DEMO_VERSION is " $DEMO_VERSION if [[ "$DEMO_VERSION" =~ sp1 ]]; then diff --git a/maeve/apply-patches.sh b/maeve/apply-patches.sh index 172bdf70..aa984d87 100644 --- a/maeve/apply-patches.sh +++ b/maeve/apply-patches.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + if [[ "$DEMO_VERSION" =~ sp2 || "$DEMO_VERSION" =~ sp3 ]]; then echo "Patching the CSMS to enable EVerest organization" patch -p1 -i ../everest-demo/maeve/maeve-csms-everest-org.patch diff --git a/maeve/build-and-run.sh b/maeve/build-and-run.sh index 0a6b3901..ea5a88b3 100644 --- a/maeve/build-and-run.sh +++ b/maeve/build-and-run.sh @@ -1,6 +1,8 @@ +#!/usr/bin/env bash + echo "Build and run" docker compose build -if ! docker compose --project-name ${DEMO_CSMS}-csms up -d --wait; then +if ! docker compose --project-name "${DEMO_CSMS}"-csms up -d --wait; then echo "Failed to start ${DEMO_CSMS}" exit 1 fi diff --git a/maeve/copy-certs.sh b/maeve/copy-certs.sh index 696af0de..7b408e30 100644 --- a/maeve/copy-certs.sh +++ b/maeve/copy-certs.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + # Set up certificates for SP2 and SP3 echo "Copying certs into ${DEMO_DIR}/maeve-csms/config/certificates" tar xf cached_certs_correct_name_emaid.tar.gz