Merge pull request EVerest#29 from US-JOET/enable_security_profile_2

Final MRE script; includes certificate configuration

demo-iso15118-2-ac-plus-ocpp201.sp2.sh

@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+
+DEMO_COMPOSE_FILE_NAME='docker-compose.ocpp201.sp2.yml'
+DEMO_DIR="$(mktemp -d)"
+
+delete_temporary_directory() { rm -rf "${DEMO_DIR}"; }
+trap delete_temporary_directory EXIT
+
+if [[ ! "${DEMO_DIR}" || ! -d "${DEMO_DIR}" ]]; then
+    echo 'Error: Failed to create a temporary directory for the demo.'
+    exit 1
+fi
+
+download_demo_file() {
+    local -r repo_file_path="$1"
+    local -r repo_raw_url='https://raw.githubusercontent.com/everest/everest-demo/main'
+    local -r destination_path="${DEMO_DIR}/${repo_file_path}"
+
+    echo "Downloading ${repo_raw_url}/${repo_file_path} to ${destination_path}"
+
+    mkdir -p "$(dirname ${destination_path})"
+    curl -s -o "${destination_path}" "${repo_raw_url}/${repo_file_path}"
+    if [[ "$?" != 0 ]]; then
+        echo "Error: Failed to retrieve \"${repo_file_path}\" from the demo"
+	echo 'repository. If this issue persists, please report this as an'
+	echo 'issue in the EVerest project:'
+	echo '    https://github.com/EVerest/EVerest/issues'
+	exit 1
+    fi
+}
+
+echo "Cloning EVerest into ${DEMO_DIR}/everest-demo"
+cd ${DEMO_DIR}
+git clone https://github.com/US-JOET/everest-demo.git everest-demo
+pushd everest-demo
+git checkout --track origin/enable_security_profile_2
+popd
+
+echo "Cloning MaEVe CSMS into ${DEMO_DIR}/maeve-csms and starting it"
+git clone https://github.com/thoughtworks/maeve-csms.git maeve-csms
+cp everest-demo/manager/cached_certs_correct_name.tar.gz maeve-csms
+pushd maeve-csms
+
+echo "Copying certs into ${DEMO_DIR}/maeve-csms/config/certificates"
+tar xzvf cached_certs_correct_name.tar.gz
+cp dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem config/certificates/root-V2G-cert.pem
+cp dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem config/certificates/cpo_sub_ca1.pem
+cp dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem config/certificates/cpo_sub_ca2.pem
+cp dist/etc/everest/certs/client/csms/CSMS_LEAF.pem config/certificates/csms.pem
+cp dist/etc/everest/certs/client/csms/CSMS_LEAF.key config/certificates/csms.key
+cp dist/etc/everest/certs/client/csms/CPO_SUB_CA1.key config/certificates/cpo_sub_ca1.key
+cp dist/etc/everest/certs/client/csms/CPO_SUB_CA2.key config/certificates/cpo_sub_ca2.key
+cat config/certificates/cpo_sub_ca1.pem config/certificates/cpo_sub_ca2.pem > config/certificates/trust.pem
+
+echo "Validating that the certificates are set up correctly"
+openssl verify -show_chain -CAfile config/certificates/root-V2G-cert.pem -untrusted config/certificates/trust.pem config/certificates/csms.pem
+
+echo "Starting the CSMS"
+docker compose up -d
+echo "MaEVe CSMS started, adding charge station. Note that profiles in MaEVe start with 0 so SP 1 == OCPP SP 2"
+curl http://localhost:9410/api/v0/cs/cp001 -H 'content-type: application/json' \
+    -d '{"securityProfile": 1, "base64SHA256Password": "3oGi4B5I+Y9iEkYtL7xvuUxrvGOXM/X2LQrsCwf/knA="}'
+
+echo "Charge station added, adding user token"
+curl http://localhost:9410/api/v0/token -H 'content-type: application/json' -d '{
+  "countryCode": "GB",
+  "partyId": "TWK",
+  "type": "RFID",
+  "uid": "DEADBEEF",
+  "contractId": "GBTWK012345678V",
+  "issuer": "Thoughtworks",
+  "valid": true,
+  "cacheMode": "ALWAYS"
+}'
+
+echo "User token added, starting EVerest..."
+popd
+pushd everest-demo
+docker compose --project-name everest-ac-demo \
+	       --file "${DEMO_COMPOSE_FILE_NAME}" up -d --wait
+ls -al manager
+docker cp manager/cached_certs_correct_name.tar.gz everest-ac-demo-manager-1:/workspace/
+docker exec everest-ac-demo-manager-1 /bin/bash -c "tar xzvf cached_certs_correct_name.tar.gz"
+
+echo "Configured everest certs, validating that the chain is set up correctly"
+docker exec everest-ac-demo-manager-1 /bin/bash -c "openssl verify -show_chain -CAfile dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA1.pem --untrusted dist/etc/everest/certs/ca/csms/CPO_SUB_CA2.pem dist/etc/everest/certs/client/csms/CSMS_LEAF.pem"
+echo "Copying bundle over to root (confusing!) https://github.com/EVerest/everest-demo/issues/25#issuecomment-1988895630"
+docker exec everest-ac-demo-manager-1 /bin/bash -c "cp dist/etc/everest/certs/ca/v2g/V2G_CA_BUNDLE.pem dist/etc/everest/certs/ca/v2g/V2G_ROOT_CA.pem"
+
+echo "Copying device DB, configured to SecurityProfile: 2"
+docker cp manager/device_model_storage_maeve_sp2.db everest-ac-demo-manager-1:/workspace/dist/share/everest/modules/OCPP201/device_model_storage.db
+
+echo "All configuration done, please run 'docker exec -it everest-ac-demo-manager-1 /bin/bash' and then (in the container) 'sh ./build/run-scripts/run-sil-ocpp201.sh'"
+echo "Note that this is currently expected to fail https://github.com/EVerest/everest-demo/issues/25#issuecomment-1991954008"

docker-compose.ocpp201.sp2.yml

@@ -0,0 +1,35 @@
+version: "3.6"
+
+services:
+  mqtt-server:
+    image: ghcr.io/everest/everest-demo/mqtt-server:${TAG}
+    platform: linux/x86_64
+    logging:
+      driver: none
+
+  manager:
+    image: ghcr.io/everest/everest-demo/manager:${TAG}
+    platform: linux/x86_64
+    deploy:
+      resources:
+        limits:
+          cpus: "${EVEREST_MANAGER_CPUS}"
+          memory: "${EVEREST_MANAGER_MEMORY}"
+    depends_on:
+      - mqtt-server
+    environment:
+      - MQTT_SERVER_ADDRESS=mqtt-server
+    # entrypoint: "sh ./build/run-scripts/run-sil-ocpp201.sh"
+    entrypoint: "tail -f /dev/null"
+    sysctls:
+      - net.ipv6.conf.all.disable_ipv6=0
+
+  nodered:
+    image: ghcr.io/everest/everest-demo/nodered:${TAG}
+    depends_on:
+      - mqtt-server
+    ports:
+      - 1880:1880
+    environment:
+      - MQTT_SERVER_ADDRESS=mqtt-server
+      - FLOWS=/config/config-sil-two-evse-flow.json