13.2.21. evse_security¶

This interface provides security related functions and access to secure storage that an EVSE needs to provide. This includes the handling of all security related functions specified within OCPP and ISO15118. The modules that implement this interface are responsible for checking the validity period of the leaf certificates and initiate certificate signing request if leaf certificates are about to expire.

13.2.21.1. Commands¶

install_ca_certificate:string

Command to install a new CA certificate

certificate:string <required>

A PEM encoded X.509 certificate.

certificate_type:string <required> (evse_security-CaCertificateType)

Indicates the type of the certificate

There is an extended definition for this object here.

Result:string (evse_security-InstallCertificateResult)

Result of the attempt to install a CA certificate

There is an extended definition for this object here.

delete_certificate:string

Command to delete a certificate

certificate_hash_data:object <required> (evse_security-CertificateHashData)

Indicates the certificate that should be deleted

There is an extended definition for this object here.

Result:string (evse_security-DeleteCertificateResult)

Result of the attempt to delete a certificate

There is an extended definition for this object here.

update_leaf_certificate:string

Command to install or update SECC or CSMS leaf certificate

certificate_chain:string <required>

Leaf certificate or certificate chain that should be installed

certificate_type:string <required> (evse_security-LeafCertificateType)

Indicates the type of the certificate

There is an extended definition for this object here.

Result:string (evse_security-InstallCertificateResult)

Result of the attempt to install or update a leaf certificate

There is an extended definition for this object here.

verify_certificate:string

Command to verify the given certificate

certificate_chain:string <required>

Leaf certificate or certificate chain that is to be verified

certificate_type:string <required> (evse_security-LeafCertificateType)

Indicates the type of the certificate

There is an extended definition for this object here.

Result:string (evse_security-CertificateValidationResult)

Result of the verification

There is an extended definition for this object here.

get_installed_certificates:object

Command to retrieve installed certificates of the EVSE

certificate_types:array <required>

Types of certificates to be retrieved

array_item:string (evse_security-CertificateType)

There is an extended definition for this object here.

Result:object (evse_security-GetInstalledCertificatesResult)

Indicates the result of the command and optional certificate hash data

There is an extended definition for this object here.

get_v2g_ocsp_request_data:object

Command to retrieve the OCSP request data of the V2G certificates. Contains OCSP data for each certificate that is present in the chain (excluding the root).

Result:object (evse_security-OCSPRequestDataList)

The OCSP request data of all V2G CA certificates including the Sub CAs (exluding the root)

There is an extended definition for this object here.

get_mo_ocsp_request_data:object

Command to retrieve the OCSP request data of the given MO certificate chain. Contains OCSP data for each certificate that is present in the chain (excluding the root)

certificate_chain:string <required>

Certificate chain for which the OCSP data is retrieved

Result:object (evse_security-OCSPRequestDataList)

The OCSP request data of the given certificate chain. Contains OCSP data for each certificate in the given chain.

There is an extended definition for this object here.

update_ocsp_cache:void

Command to update the OCSP cache with the given data

certificate_hash_data:object <required> (evse_security-CertificateHashData)

Certificate hash data that identifies the certificate for which the cache should be updated

There is an extended definition for this object here.

ocsp_response:string <required>

OCSPResponse class as defined in IETF RFC 6960. DER and then base64 encoded

is_ca_certificate_installed:boolean

Command that indicates of the given CA certificate type is installed

certificate_type:string <required> (evse_security-CaCertificateType)

Specifies that CA certificate type

There is an extended definition for this object here.

Result:boolean

True if CA certificate is installed, else false

generate_certificate_signing_request:object

Command to generate a certificate signing request for the given use

certificate_type:string <required> (evse_security-LeafCertificateType)

Specifies the leaf certificate type

There is an extended definition for this object here.

country:string <required>

Specifies the country name (C) of the certificate

organization:string <required>

Specifies the organization name (O) of the certificate

common:string <required>

Specifies the common name (CN) of the certificate

use_tpm:boolean <required>

Specifies if the CSR should store the private key on the TPM

Result:object (evse_security-GetCertificateSignRequestResult)

The certificate signing request in PEM format

There is an extended definition for this object here.

get_leaf_certificate_info:object

Command to get the paths of the certificate and the respective key

certificate_type:string <required> (evse_security-LeafCertificateType)

Specifies the leaf certificate type

There is an extended definition for this object here.

encoding:string <required> (evse_security-EncodingFormat)

Specifies the encoding of the key

There is an extended definition for this object here.

include_ocsp:boolean <required>

Specifies whether per-certificate OCSP data is also requested

Result:object (evse_security-GetCertificateInfoResult)

The response to the requested command

There is an extended definition for this object here.

get_verify_file:string

Command to get the file path of a CA bundle that can be used for verification

certificate_type:string <required> (evse_security-CaCertificateType)

Specifies that CA certificate type

There is an extended definition for this object here.

Result:string

The path of the CA bundle file

get_leaf_expiry_days_count:integer

Command to get the days count until the given leaf certificate expires. If no leaf certificate is installed this command will return 0

certificate_type:string <required> (evse_security-LeafCertificateType)

Indicates the type of the certificate

There is an extended definition for this object here.

Result:integer

days count until given leaf certificate expires

verify_file_signature:boolean

Verify the file at the given path using the provided certificate and signature

file_path:string <required>

Path to the file that should be verified

signing_certificate:string <required>

Certificate with which the file was signed. PEM encoded X.509 certificate

signature:string <required>

Base64 encoded file signature

Result:boolean

True if verification succeeded, false if not

13.2.21. evse_security¶

13.2.21.1. Commands¶

Table of Contents

Previous topic

Next topic

This Page

Community