:orphan: .. _everest_interfaces_evse_security: ############# evse_security ############# | This interface provides security related functions and access to secure storage that an EVSE needs to provide. This includes the handling of all security related functions specified within OCPP and ISO15118. The modules that implement this interface are responsible for checking the validity period of the leaf certificates and initiate certificate signing request if leaf certificates are about to expire. ********* Variables ********* | **certificate_store_update**: *object* (:ref:`evse_security-CertificateStoreUpdate `) | Variable that indicates that the certificate store has been updated, i.e. either a certificate has been installed or deleted. This is used to notify other modules that the certificate store has changed. ******** Commands ******** | **install_ca_certificate**:*string* | Command to install a new CA certificate | **certificate**: *string* | A PEM encoded X.509 certificate. | **certificate_type**: *string* (:ref:`evse_security-CaCertificateType `) | Indicates the type of the certificate | **Result**: *string* (:ref:`evse_security-InstallCertificateResult `) | Result of the attempt to install a CA certificate | **delete_certificate**:*string* | Command to delete a certificate | **certificate_hash_data**: *object* (:ref:`evse_security-CertificateHashData `) | Indicates the certificate that should be deleted | **Result**: *string* (:ref:`evse_security-DeleteCertificateResult `) | Result of the attempt to delete a certificate | **update_leaf_certificate**:*string* | Command to install or update SECC or CSMS leaf certificate | **certificate_chain**: *string* | Leaf certificate or certificate chain that should be installed | **certificate_type**: *string* (:ref:`evse_security-LeafCertificateType `) | Indicates the type of the certificate | **Result**: *string* (:ref:`evse_security-InstallCertificateResult `) | Result of the attempt to install or update a leaf certificate | **verify_certificate**:*string* | Command to verify the given certificate | **certificate_chain**: *string* | Leaf certificate or certificate chain that is to be verified | **certificate_types**: *array* | Indicates the type of the certificate | **array_item**: *string* (:ref:`evse_security-LeafCertificateType `) | **Result**: *string* (:ref:`evse_security-CertificateValidationResult `) | Result of the verification | **get_installed_certificates**:*object* | Command to retrieve installed certificates of the EVSE | **certificate_types**: *array* | Types of certificates to be retrieved | **array_item**: *string* (:ref:`evse_security-CertificateType `) | **Result**: *object* (:ref:`evse_security-GetInstalledCertificatesResult `) | Indicates the result of the command and optional certificate hash data | **get_v2g_ocsp_request_data**:*object* | Command to retrieve the OCSP request data of the V2G certificates. Contains OCSP data for each certificate that is present in the chain (excluding the root). | **Result**: *object* (:ref:`evse_security-OCSPRequestDataList `) | The OCSP request data of all V2G CA certificates including the Sub CAs (excluding the root) | **get_mo_ocsp_request_data**:*object* | Command to retrieve the OCSP request data of the given MO certificate chain. Contains OCSP data for each certificate that is present in the chain (excluding the root) | **certificate_chain**: *string* | Certificate chain for which the OCSP data is retrieved | **Result**: *object* (:ref:`evse_security-OCSPRequestDataList `) | The OCSP request data of the given certificate chain. Contains OCSP data for each certificate in the given chain. | **update_ocsp_cache**:*void* | Command to update the OCSP cache with the given data | **certificate_hash_data**: *object* (:ref:`evse_security-CertificateHashData `) | Certificate hash data that identifies the certificate for which the cache should be updated | **ocsp_response**: *string* | OCSPResponse class as defined in IETF RFC 6960. DER and then base64 encoded | **is_ca_certificate_installed**:*boolean* | Command that indicates of the given CA certificate type is installed | **certificate_type**: *string* (:ref:`evse_security-CaCertificateType `) | Specifies that CA certificate type | **Result**: *boolean* | True if CA certificate is installed, else false | **generate_certificate_signing_request**:*object* | Command to generate a certificate signing request for the given use | **certificate_type**: *string* (:ref:`evse_security-LeafCertificateType `) | Specifies the leaf certificate type | **country**: *string* | Specifies the country name (C) of the certificate | **organization**: *string* | Specifies the organization name (O) of the certificate | **common**: *string* | Specifies the common name (CN) of the certificate | **use_tpm**: *boolean* | Specifies if the CSR should store the private key on the TPM | **Result**: *object* (:ref:`evse_security-GetCertificateSignRequestResult `) | The certificate signing request in PEM format | **get_leaf_certificate_info**:*object* | Command to get the paths of the certificate and the respective key | **certificate_type**: *string* (:ref:`evse_security-LeafCertificateType `) | Specifies the leaf certificate type | **encoding**: *string* (:ref:`evse_security-EncodingFormat `) | Specifies the encoding of the key | **include_ocsp**: *boolean* | Specifies whether per-certificate OCSP data is also requested | **Result**: *object* (:ref:`evse_security-GetCertificateInfoResult `) | The response to the requested command | **get_all_valid_certificates_info**:*object* | Finds the latest valid leafs, for each root certificate that is present on the filesystem, and returns all the newest valid leafs that are present for different roots | **certificate_type**: *string* (:ref:`evse_security-LeafCertificateType `) | Specifies the leaf certificate type | **encoding**: *string* (:ref:`evse_security-EncodingFormat `) | Specifies the encoding of the key | **include_ocsp**: *boolean* | Specifies whether per-certificate OCSP data is also requested | **Result**: *object* (:ref:`evse_security-GetCertificateFullInfoResult `) | The response to the requested command | **get_verify_file**:*string* | Command to get the file path of a CA bundle that can be used for verification | **certificate_type**: *string* (:ref:`evse_security-CaCertificateType `) | Specifies that CA certificate type | **Result**: *string* | The path of the CA bundle file | **get_verify_location**:*string* | Command to get the file path of the CA root directory that can be used for verification. Will also invoke c_rehash for that directory | **certificate_type**: *string* (:ref:`evse_security-CaCertificateType `) | Specifies that CA certificate type | **Result**: *string* | The path of the CA certificates directory | **get_leaf_expiry_days_count**:*integer* | Command to get the days count until the given leaf certificate expires. If no leaf certificate is installed this command will return 0 | **certificate_type**: *string* (:ref:`evse_security-LeafCertificateType `) | Indicates the type of the certificate | **Result**: *integer* | days count until given leaf certificate expires | **verify_file_signature**:*boolean* | Verify the file at the given path using the provided certificate and signature | **file_path**: *string* | Path to the file that should be verified | **signing_certificate**: *string* | Certificate with which the file was signed. PEM encoded X.509 certificate | **signature**: *string* | Base64 encoded file signature | **Result**: *boolean* | True if verification succeeded, false if not