13.2.22. evse_security¶
This interface provides security related functions and access to secure storage that an EVSE needs to provide. This includes the handling of all security related functions specified within OCPP and ISO15118. The modules that implement this interface are responsible for checking the validity period of the leaf certificates and initiate certificate signing request if leaf certificates are about to expire.
13.2.22.1. Commands¶
install_ca_certificate:string
Command to install a new CA certificate
certificate:string <required>
A PEM encoded X.509 certificate.
certificate_type:string <required> (evse_security-CaCertificateType)
Indicates the type of the certificate
There is an extended definition for this object here.
Result:string (evse_security-InstallCertificateResult)
Result of the attempt to install a CA certificate
There is an extended definition for this object here.
delete_certificate:string
Command to delete a certificate
certificate_hash_data:object <required> (evse_security-CertificateHashData)
Indicates the certificate that should be deleted
There is an extended definition for this object here.
Result:string (evse_security-DeleteCertificateResult)
Result of the attempt to delete a certificate
There is an extended definition for this object here.
update_leaf_certificate:string
Command to install or update SECC or CSMS leaf certificate
certificate_chain:string <required>
Leaf certificate or certificate chain that should be installed
certificate_type:string <required> (evse_security-LeafCertificateType)
Indicates the type of the certificate
There is an extended definition for this object here.
Result:string (evse_security-InstallCertificateResult)
Result of the attempt to install or update a leaf certificate
There is an extended definition for this object here.
verify_certificate:string
Command to verify the given certificate
certificate_chain:string <required>
Leaf certificate or certificate chain that is to be verified
certificate_type:string <required> (evse_security-LeafCertificateType)
Indicates the type of the certificate
There is an extended definition for this object here.
Result:string (evse_security-CertificateValidationResult)
Result of the verification
There is an extended definition for this object here.
get_installed_certificates:object
Command to retrieve installed certificates of the EVSE
certificate_types:array <required>
Types of certificates to be retrieved
array_item:string (evse_security-CertificateType)
There is an extended definition for this object here.
Result:object (evse_security-GetInstalledCertificatesResult)
Indicates the result of the command and optional certificate hash data
There is an extended definition for this object here.
get_v2g_ocsp_request_data:object
Command to retrieve the OCSP request data of the V2G certificates. Contains OCSP data for each certificate that is present in the chain (excluding the root).
Result:object (evse_security-OCSPRequestDataList)
The OCSP request data of all V2G CA certificates including the Sub CAs (exluding the root)
There is an extended definition for this object here.
get_mo_ocsp_request_data:object
Command to retrieve the OCSP request data of the given MO certificate chain. Contains OCSP data for each certificate that is present in the chain (excluding the root)
certificate_chain:string <required>
Certificate chain for which the OCSP data is retrieved
Result:object (evse_security-OCSPRequestDataList)
The OCSP request data of the given certificate chain. Contains OCSP data for each certificate in the given chain.
There is an extended definition for this object here.
update_ocsp_cache:void
Command to update the OCSP cache with the given data
certificate_hash_data:object <required> (evse_security-CertificateHashData)
Certificate hash data that identifies the certificate for which the cache should be updated
There is an extended definition for this object here.
ocsp_response:string <required>
OCSPResponse class as defined in IETF RFC 6960. DER and then base64 encoded
is_ca_certificate_installed:boolean
Command that indicates of the given CA certificate type is installed
certificate_type:string <required> (evse_security-CaCertificateType)
Specifies that CA certificate type
There is an extended definition for this object here.
Result:boolean
True if CA certificate is installed, else false
generate_certificate_signing_request:object
Command to generate a certificate signing request for the given use
certificate_type:string <required> (evse_security-LeafCertificateType)
Specifies the leaf certificate type
There is an extended definition for this object here.
country:string <required>
Specifies the country name (C) of the certificate
organization:string <required>
Specifies the organization name (O) of the certificate
common:string <required>
Specifies the common name (CN) of the certificate
use_tpm:boolean <required>
Specifies if the CSR should store the private key on the TPM
Result:object (evse_security-GetCertificateSignRequestResult)
The certificate signing request in PEM format
There is an extended definition for this object here.
get_leaf_certificate_info:object
Command to get the paths of the certificate and the respective key
certificate_type:string <required> (evse_security-LeafCertificateType)
Specifies the leaf certificate type
There is an extended definition for this object here.
encoding:string <required> (evse_security-EncodingFormat)
Specifies the encoding of the key
There is an extended definition for this object here.
include_ocsp:boolean <required>
Specifies whether per-certificate OCSP data is also requested
Result:object (evse_security-GetCertificateInfoResult)
The response to the requested command
There is an extended definition for this object here.
get_all_valid_certificates_info:object
Finds the latest valid leafs, for each root certificate that is present on the filesystem, and returns all the newest valid leafs that are present for different roots
certificate_type:string <required> (evse_security-LeafCertificateType)
Specifies the leaf certificate type
There is an extended definition for this object here.
encoding:string <required> (evse_security-EncodingFormat)
Specifies the encoding of the key
There is an extended definition for this object here.
include_ocsp:boolean <required>
Specifies whether per-certificate OCSP data is also requested
Result:object (evse_security-GetCertificateFullInfoResult)
The response to the requested command
There is an extended definition for this object here.
get_verify_file:string
Command to get the file path of a CA bundle that can be used for verification
certificate_type:string <required> (evse_security-CaCertificateType)
Specifies that CA certificate type
There is an extended definition for this object here.
Result:string
The path of the CA bundle file
get_leaf_expiry_days_count:integer
Command to get the days count until the given leaf certificate expires. If no leaf certificate is installed this command will return 0
certificate_type:string <required> (evse_security-LeafCertificateType)
Indicates the type of the certificate
There is an extended definition for this object here.
Result:integer
days count until given leaf certificate expires
verify_file_signature:boolean
Verify the file at the given path using the provided certificate and signature
file_path:string <required>
Path to the file that should be verified
signing_certificate:string <required>
Certificate with which the file was signed. PEM encoded X.509 certificate
signature:string <required>
Base64 encoded file signature
Result:boolean
True if verification succeeded, false if not