11.2.19. evse_security¶
This interface provides security related functions and access to secure storage that an EVSE needs to provide. This includes the handling of all security related functions specified within OCPP and ISO15118. The modules that implement this interface are responsible for checking the validity period of the leaf certificates and initiate certificate signing request if leaf certificates are about to expire.
11.2.19.1. Commands¶
install_ca_certificate:string
Command to install a new CA certificate
certificate:string
A PEM encoded X.509 certificate.
certificate_type:string (evse_security-CaCertificateType)
Indicates the type of the certificate
There is an extended definition for this object here.
Result:string (evse_security-InstallCertificateResult)
Result of the attempt to install a CA certificate
There is an extended definition for this object here.
delete_certificate:string
Command to delete a certificate
certificate_hash_data:object (evse_security-CertificateHashData)
Indicates the certificate that should be deleted
There is an extended definition for this object here.
Result:string (evse_security-DeleteCertificateResult)
Result of the attempt to delete a certificate
There is an extended definition for this object here.
update_leaf_certificate:string
Command to install or update SECC or CSMS leaf certificate
certificate_chain:string
Leaf certificate or certificate chain that should be installed
certificate_type:string (evse_security-LeafCertificateType)
Indicates the type of the certificate
There is an extended definition for this object here.
Result:string (evse_security-InstallCertificateResult)
Result of the attempt to install or update a leaf certificate
There is an extended definition for this object here.
verify_certificate:string
Command to verify the given certificate
certificate_chain:string
Leaf certificate or certificate chain that is to be verified
certificate_type:string (evse_security-LeafCertificateType)
Indicates the type of the certificate
There is an extended definition for this object here.
Result:string (evse_security-InstallCertificateResult)
Result of the verification
There is an extended definition for this object here.
get_installed_certificates:object
Command to retrieve installed certificates of the EVSE
certificate_types:array
Types of certificates to be retrieved
items:
type:
$ref:
Result:object (evse_security-GetInstalledCertificatesResult)
Indicates the result of the command and optional certificate hash data
There is an extended definition for this object here.
get_ocsp_request_data:object
Command to retrieve the OCSP request data of the V2G certificates
Result:object (evse_security-OCSPRequestDataList)
The OCSP request data of all V2G CA certificates including Sub CAs
There is an extended definition for this object here.
update_ocsp_cache:void
Command to update the OCSP cache with the given data
certificate_hash_data:object (evse_security-CertificateHashData)
Certificate hash data that identifies the certificate for which the cache should be updated
There is an extended definition for this object here.
ocsp_response:string
OCSPResponse class as defined in IETF RFC 6960. DER and then base64 encoded
is_ca_certificate_installed:boolean
Command that indicates of the given CA certificate type is installed
certificate_type:string (evse_security-CaCertificateType)
Specifies that CA certificate type
There is an extended definition for this object here.
Result:boolean
True if CA certificate is installed, else false
generate_certificate_signing_request:string
Command to generate a certificate signing request for the given use
certificate_type:string (evse_security-LeafCertificateType)
Specifies the leaf certificate type
There is an extended definition for this object here.
country:string
Specifies the country name (C) of the certificate
organization:string
Specifies the organization name (O) of the certificate
common:string
Specifies the common name (CN) of the certificate
use_tpm:boolean
Specifies if the CSR should store the private key on the TPM
Result:string
The certificate signing request in PEM format
get_key_pair:object
Command to get the paths of the certificate and the respective key
certificate_type:string (evse_security-LeafCertificateType)
Specifies the leaf certificate type
There is an extended definition for this object here.
encoding:string (evse_security-EncodingFormat)
Specifies the encoding of the key
There is an extended definition for this object here.
Result:object (evse_security-GetKeyPairResult)
The response to the requested command
There is an extended definition for this object here.
get_verify_file:string
Command to get the file path of a CA bundle that can be used for verification
certificate_type:string (evse_security-CaCertificateType)
Specifies that CA certificate type
There is an extended definition for this object here.
Result:string
The path of the CA bundle file
get_leaf_expiry_days_count:integer
Command to get the days count until the given leaf certificate expires. If no leaf certificate is installed this command will return 0
certificate_type:string (evse_security-LeafCertificateType)
Indicates the type of the certificate
There is an extended definition for this object here.
Result:integer
days count until given leaf certificate expires
verify_file_signature:boolean
Verify the file at the given path using the provided certificate and signature
file_path:string
Path to the file that should be verified
signing_certificate:string
Certificate with which the file was signed. PEM encoded X.509 certificate
signature:string
Base64 encoded file signature
Result:boolean
True if verification succeeded, false if not