EVerest Config Option

config/everest/everest-patch.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ "$#" -lt 1 ] ; then
+  echo "Usage: $0 <Security Profile>"
+  echo "Where <Security Profile> is: 1, 2, or 3."
+  exit 1
+fi
+
+SP=$1
+
+if [[ $SP == 2 || $SP == 3 ]]; then
+  echo "Patching the CSMS to enable EVerest organization"
+  patch -p1 -i config/everest/maeve-csms-everest-org.patch
+
+  echo "Patching the CSMS to enable local mo root"
+  patch -p1 -i config/everest/maeve-csms-local-mo-root.patch
+
+  echo "Patching the CSMS to enable local mo root"
+  patch -p1 -i config/everest/maeve-csms-ignore-ocsp.patch
+fi

config/everest/maeve-csms-everest-org.patch

@@ -0,0 +1,13 @@
+diff --git a/docker-compose.yml b/docker-compose.yml
+index b2d93e6..fa3a1ff 100644
+--- a/docker-compose.yml
++++ b/docker-compose.yml
+@@ -47,6 +47,8 @@ services:
+       - "/certificates/csms.key"
+       - "--tls-trust-cert"
+       - "/certificates/trust.pem"
++      - "--org-name"
++      - "EVerest"
+       - "--mqtt-addr"
+       - "mqtt://mqtt:1883"
+       - "--manager-api-addr"

config/everest/maeve-csms-ignore-ocsp.patch

@@ -0,0 +1,32 @@
+diff --git a/manager/handlers/ocpp201/authorize.go b/manager/handlers/ocpp201/authorize.go
+index 5df2305..0db9f79 100644
+--- a/manager/handlers/ocpp201/authorize.go
++++ b/manager/handlers/ocpp201/authorize.go
+@@ -38,7 +38,12 @@ func (a AuthorizeHandler) HandleCall(ctx context.Context, chargeStationId string
+ 		if req.Certificate != nil {
+ 			_, err = a.CertificateValidationService.ValidatePEMCertificateChain(ctx, []byte(*req.Certificate), req.IdToken.IdToken)
+			idTokenInfo.Status, certificateStatus = handleCertificateValidationError(err)
+-			if err != nil {
++			if err.Error() == "failed to perform ocsp check after 1 attempts" {
++				var tempStatus = types.AuthorizeCertificateStatusEnumTypeAccepted
++				certificateStatus = &tempStatus
++				idTokenInfo.Status = types.AuthorizationStatusEnumTypeAccepted
++				span.SetAttributes(attribute.String("authorize.cert_warn", "No OCSP, but ignoring for testing purpose."))
++			} else if err != nil {
+ 				span.SetAttributes(attribute.String("authorize.cert_error", err.Error()))
+ 			}
+ 		}
+@@ -46,7 +46,12 @@ func (a AuthorizeHandler) HandleCall(ctx context.Context, chargeStationId string
+ 		if req.Iso15118CertificateHashData != nil {
+ 			_, err := a.CertificateValidationService.ValidateHashedCertificateChain(ctx, *req.Iso15118CertificateHashData)
+			idTokenInfo.Status, certificateStatus = handleCertificateValidationError(err)
+-			if err != nil {
++			if err.Error() == "failed to perform ocsp check after 1 attempts" {
++				var tempStatus = types.AuthorizeCertificateStatusEnumTypeAccepted
++				certificateStatus = &tempStatus
++				idTokenInfo.Status = types.AuthorizationStatusEnumTypeAccepted
++				span.SetAttributes(attribute.String("authorize.cert_warn", "No OCSP, but ignoring for testing purpose."))
++			} else if err != nil {
+ 				span.SetAttributes(attribute.String("authorize.cert_error", err.Error()))
+ 			}
+ 		}

config/everest/maeve-csms-local-mo-root.patch

@@ -0,0 +1,19 @@
+diff --git a/config/manager/config.toml b/config/manager/config.toml
+index 3fa49ec..668eda9 100644
+--- a/config/manager/config.toml
++++ b/config/manager/config.toml
+@@ -19,12 +19,8 @@ firestore.project_id = "*detect-project-id*"
+ type = "ocsp"
+
+ [contract_cert_validator.ocsp.root_certs]
+-type = "opcp"
+-opcp.url = "https://open.plugncharge-test.hubject.com"
+-opcp.ttl = "24h"
+-opcp.auth.type = "hubject_test_token"
+-opcp.auth.hubject_test_token.url = "https://hubject.stoplight.io/api/v1/projects/cHJqOjk0NTg5/nodes/6bb8b3bc79c2e-authorization-token"
+-opcp.auth.hubject_test_token.ttl = "6h"
++type = "file"
++file.files = ["/certificates/root-MO-cert.pem"]
+
+ [contract_cert_provider]
+ type = "opcp"

config/everest/maeve-csms-no-wss.patch

@@ -0,0 +1,29 @@
+diff --git a/docker-compose.yml b/docker-compose.yml
+index b2d93e6..f0e675a 100644
+--- a/docker-compose.yml
++++ b/docker-compose.yml
+@@ -37,16 +37,8 @@ services:
+       - "serve"
+       - "--ws-addr"
+       - ":9310"
+-      - "--wss-addr"
+-      - ":9311"
+       - "--status-addr"
+       - ":9312"
+-      - "--tls-server-cert"
+-      - "/certificates/csms.pem"
+-      - "--tls-server-key"
+-      - "/certificates/csms.key"
+-      - "--tls-trust-cert"
+-      - "/certificates/trust.pem"
+       - "--mqtt-addr"
+       - "mqtt://mqtt:1883"
+       - "--manager-api-addr"
+@@ -55,7 +47,6 @@ services:
+       - "9312"
+     ports:
+       - "80:9310"
+-      - "443:9311"
+     volumes:
+       - type: bind
+         source: ./config/certificates

gateway/cmd/serve.go

@@ -7,6 +7,10 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
+	"net/url"
+	"os"
+	"time"
+
 	"github.com/spf13/cobra"
 	"github.com/subnova/slog-exporter/slogtrace"
 	"github.com/thoughtworks/maeve-csms/gateway/registry"
@@ -21,9 +25,6 @@ import (
 	"golang.org/x/exp/slog"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
-	"net/url"
-	"os"
-	"time"
 )
 
 var (
@@ -149,7 +150,22 @@ var serveCmd = &cobra.Command{
 		wsServer := server.New("ws", wsAddr, nil, websocketHandler)
 		var wssServer *server.Server
 
-		if wssAddr != "" {
+		certs := []string{tlsServerCert, tlsServerKey}
+		certs = append(certs, tlsTrustCert...)
+		certsProvided := false
+		slog.Info("Checking to see what certs were provided...")
+		for _, cert := range certs {
+			_, err := os.ReadFile(cert)
+			if err == nil {
+				slog.Info("Found at least one cert:", cert)
+				certsProvided = true
+				break
+			}
+		}
+
+		if !certsProvided {
+			slog.Warn("no certs were provided, WSS will be closed")
+		} else if wssAddr != "" {
 			if tlsServerCert == "" {
 				return fmt.Errorf("no tls server cert specified for wss connection")
 			}