Implemented OCPP 1.6j security extension (#1)

* Added required fixes for PR lorenzodonini/ocpp-go/266

* revert `CertificateHashData` to be 40 chars long instead of 20

Author: AhmedAbouelkher

go.mod

@@ -5,12 +5,12 @@ go 1.16
 require (
 	github.com/Shopify/toxiproxy v2.1.4+incompatible
 	github.com/go-playground/locales v0.12.1 // indirect
-	github.com/go-playground/universal-translator v0.16.0 // indirect
+	github.com/go-playground/universal-translator v0.16.0
 	github.com/gorilla/mux v1.7.3
 	github.com/gorilla/websocket v1.4.1
 	github.com/kr/pretty v0.1.0 // indirect
 	github.com/leodido/go-urn v1.1.0 // indirect
-	github.com/relvacode/iso8601 v1.3.0 // indirect
+	github.com/relvacode/iso8601 v1.3.0
 	github.com/sirupsen/logrus v1.4.2
 	github.com/stretchr/testify v1.8.0
 	golang.org/x/sys v0.0.0-20220804214406-8e32c043e418 // indirect

ocpp1.6/certificates/delete_certificate.go

@@ -39,8 +39,7 @@ type DeleteCertificateRequest struct {
 // This field definition of the DeleteCertificate response payload, sent by the Charging Station to the CSMS in response to a DeleteCertificateRequest.
 // In case the request was invalid, or couldn't be processed, an error will be sent instead.
 type DeleteCertificateResponse struct {
-	Status     DeleteCertificateStatus `json:"status" validate:"required,deleteCertificateStatus16"`
-	StatusInfo *types.StatusInfo       `json:"statusInfo,omitempty" validate:"omitempty"`
+	Status DeleteCertificateStatus `json:"status" validate:"required,deleteCertificateStatus16"`
 }
 
 // The CSMS requests the Charging Station to delete a specific installed certificate by sending a DeleteCertificateRequest.

ocpp1.6/certificates/get_installed_certificates.go

@@ -36,9 +36,8 @@ type GetInstalledCertificateIdsRequest struct {
 
 // The field definition of the GetInstalledCertificateIds response payload sent by the Charging Station to the CSMS in response to a GetInstalledCertificateIdsRequest.
 type GetInstalledCertificateIdsResponse struct {
-	Status                   GetInstalledCertificateStatus    `json:"status" validate:"required,getInstalledCertificateStatus16"`
-	StatusInfo               *types.StatusInfo                `json:"statusInfo,omitempty" validate:"omitempty"`
-	CertificateHashDataChain []types.CertificateHashDataChain `json:"certificateHashData,omitempty" validate:"omitempty,dive"`
+	Status              GetInstalledCertificateStatus `json:"status" validate:"required,getInstalledCertificateStatus16"`
+	CertificateHashData []types.CertificateHashData   `json:"certificateHashData,omitempty" validate:"omitempty,dive"`
 }
 
 // To facilitate the management of the Charging Station’s installed certificates, a method of retrieving the installed certificates is provided.

ocpp1.6/certificates/install_certificate.go

@@ -39,8 +39,7 @@ type InstallCertificateRequest struct {
 // This field definition of the InstallCertificate response payload, sent by the Charging Station to the CSMS in response to a InstallCertificateRequest.
 // In case the request was invalid, or couldn't be processed, an error will be sent instead.
 type InstallCertificateResponse struct {
-	Status     InstallCertificateStatus `json:"status" validate:"required,installCertificateStatus16"`
-	StatusInfo *types.StatusInfo        `json:"statusInfo,omitempty" validate:"omitempty"`
+	Status InstallCertificateStatus `json:"status" validate:"required,installCertificateStatus16"`
 }
 
 // The CSMS requests the Charging Station to install a new certificate by sending an InstallCertificateRequest.

ocpp1.6/extendedtriggermessage/extended_trigger_message.go

@@ -28,13 +28,13 @@ type ExtendedTriggerMessageType string
 type ExtendedTriggerMessageStatus string
 
 const (
-	ExtendedTriggerMessageTypeBootNotification               ExtendedTriggerMessageType = "BootNotification"               // This contains the field definition of a diagnostics log file
-	ExtendedTriggerMessageTypeLogStatusNotification          ExtendedTriggerMessageType = "LogStatusNotification"          // Sent by the CSMS to the Charging Station to request that the Charging Station uploads the security log
-	ExtendedTriggerMessageTypeHeartbeat                      ExtendedTriggerMessageType = "Heartbeat"                      // Accepted this log upload. This does not mean the log file is uploaded is successfully, the Charging Station will now start the log file upload.
-	ExtendedTriggerMessageTypeMeterValues                    ExtendedTriggerMessageType = "MeterValues"                    // Log update request rejected.
-	ExtendedTriggerMessageTypeSignChargingStationCertificate ExtendedTriggerMessageType = "SignChargingStationCertificate" // Accepted this log upload, but in doing this has canceled an ongoing log file upload.
-	ExtendedTriggerMessageTypeFirmwareStatusNotification     ExtendedTriggerMessageType = "FirmwareStatusNotification"     // Accepted this log upload, but in doing this has canceled an ongoing log file upload.
-	ExtendedTriggerMessageTypeStatusNotification             ExtendedTriggerMessageType = "StatusNotification"             // Accepted this log upload, but in doing this has canceled an ongoing log file upload.
+	ExtendedTriggerMessageTypeBootNotification               ExtendedTriggerMessageType = "BootNotification"           // This contains the field definition of a diagnostics log file
+	ExtendedTriggerMessageTypeLogStatusNotification          ExtendedTriggerMessageType = "LogStatusNotification"      // Sent by the CSMS to the Charging Station to request that the Charging Station uploads the security log
+	ExtendedTriggerMessageTypeHeartbeat                      ExtendedTriggerMessageType = "Heartbeat"                  // Accepted this log upload. This does not mean the log file is uploaded is successfully, the Charging Station will now start the log file upload.
+	ExtendedTriggerMessageTypeMeterValues                    ExtendedTriggerMessageType = "MeterValues"                // Log update request rejected.
+	ExtendedTriggerMessageTypeSignChargingStationCertificate ExtendedTriggerMessageType = "SignChargePointCertificate" // Accepted this log upload, but in doing this has canceled an ongoing log file upload.
+	ExtendedTriggerMessageTypeFirmwareStatusNotification     ExtendedTriggerMessageType = "FirmwareStatusNotification" // Accepted this log upload, but in doing this has canceled an ongoing log file upload.
+	ExtendedTriggerMessageTypeStatusNotification             ExtendedTriggerMessageType = "StatusNotification"         // Accepted this log upload, but in doing this has canceled an ongoing log file upload.
 
 	ExtendedTriggerMessageStatusAccepted       ExtendedTriggerMessageStatus = "Accepted"
 	ExtendedTriggerMessageStatusRejected       ExtendedTriggerMessageStatus = "Rejected"

ocpp1.6/securefirmware/signed_update_firmware_status_notitfication.go

@@ -30,12 +30,28 @@ const (
 	FirmwareStatusInstallVerificationFailed FirmwareStatus = "InstallVerificationFailed"
 	FirmwareStatusInvalidSignature          FirmwareStatus = "InvalidSignature"
 	FirmwareStatusSignatureVerified         FirmwareStatus = "SignatureVerified"
+	FirmwareStatusCertificateVerified       FirmwareStatus = "CertificateVerified"
+	FirmwareStatusInvalidCertificate        FirmwareStatus = "InvalidCertificate"
+	FirmwareStatusRevokedCertificate        FirmwareStatus = "RevokedCertificate"
 )
 
 func isValidFirmwareStatus(fl validator.FieldLevel) bool {
 	status := FirmwareStatus(fl.Field().String())
 	switch status {
-	case FirmwareStatusDownloaded, FirmwareStatusDownloadFailed, FirmwareStatusDownloading, FirmwareStatusDownloadScheduled, FirmwareStatusDownloadPaused, FirmwareStatusIdle, FirmwareStatusInstallationFailed, FirmwareStatusInstalling, FirmwareStatusInstalled, FirmwareStatusInstallRebooting, FirmwareStatusInstallScheduled, FirmwareStatusInstallVerificationFailed, FirmwareStatusInvalidSignature, FirmwareStatusSignatureVerified:
+	case FirmwareStatusDownloaded,
+		FirmwareStatusDownloadFailed,
+		FirmwareStatusDownloading,
+		FirmwareStatusDownloadScheduled,
+		FirmwareStatusDownloadPaused,
+		FirmwareStatusIdle,
+		FirmwareStatusInstallationFailed,
+		FirmwareStatusInstalling,
+		FirmwareStatusInstalled,
+		FirmwareStatusInstallRebooting,
+		FirmwareStatusInstallScheduled,
+		FirmwareStatusInstallVerificationFailed,
+		FirmwareStatusInvalidSignature,
+		FirmwareStatusSignatureVerified:
 		return true
 	default:
 		return false

ocpp1.6/security/certificate_signed.go

@@ -32,14 +32,12 @@ func isValidCertificateSignedStatus(fl validator.FieldLevel) bool {
 
 // The field definition of the CertificateSignedRequest PDU sent by the CSMS to the Charging Station.
 type CertificateSignedRequest struct {
-	CertificateChain  string                      `json:"certificateChain" validate:"required,max=10000"`
-	TypeOfCertificate types.CertificateSigningUse `json:"certificateType,omitempty" validate:"omitempty,certificateSigningUse16"`
+	CertificateChain string `json:"certificateChain" validate:"required,max=10000"`
 }
 
 // The field definition of the CertificateSignedResponse payload sent by the Charging Station to the CSMS in response to a CertificateSignedRequest.
 type CertificateSignedResponse struct {
-	Status     CertificateSignedStatus `json:"status" validate:"required,certificateSignedStatus16"`
-	StatusInfo *types.StatusInfo       `json:"statusInfo,omitempty" validate:"omitempty"`
+	Status CertificateSignedStatus `json:"status" validate:"required,certificateSignedStatus16"`
 }
 
 // During the a certificate update procedure, the CSMS sends a new certificate, signed by a CA,
@@ -69,6 +67,7 @@ func (c CertificateSignedResponse) GetFeatureName() string {
 }
 
 // Creates a new CertificateSignedRequest, containing all required fields. Additional optional fields may be set afterwards.
+// The maximum size of this field is be limited by the configuration key: CertificateSignedMaxSize
 func NewCertificateSignedRequest(certificateChain string) *CertificateSignedRequest {
 	return &CertificateSignedRequest{CertificateChain: certificateChain}
 }

ocpp1.6/security/sign_certificate.go

@@ -19,8 +19,7 @@ type SignCertificateRequest struct {
 // This field definition of the SignCertificate response payload, sent by the CSMS to the Charging Station in response to a SignCertificateRequest.
 // In case the request was invalid, or couldn't be processed, an error will be sent instead.
 type SignCertificateResponse struct {
-	Status     types.GenericStatus `json:"status" validate:"required,genericStatus16"` // Specifies whether the CSMS can process the request.
-	StatusInfo *types.StatusInfo   `json:"statusInfo,omitempty" validate:"omitempty"`  // Detailed status information.
+	Status types.GenericStatus `json:"status" validate:"required,genericStatus16"` // Specifies whether the CSMS can process the request.
 }
 
 // If a Charging Station detected, that its certificate is due to expire, it will generate a new public/private key pair,

ocpp1.6/types/security_extension.go

@@ -86,20 +86,3 @@ type CertificateHashData struct {
 	IssuerKeyHash  string            `json:"issuerKeyHash" validate:"required,max=128"`
 	SerialNumber   string            `json:"serialNumber" validate:"required,max=40"`
 }
-
-// CertificateHashDataChain
-type CertificateHashDataChain struct {
-	CertificateType          CertificateUse        `json:"certificateType" validate:"required,certificateUse"`
-	CertificateHashData      CertificateHashData   `json:"certificateHashData" validate:"required"`
-	ChildCertificateHashData []CertificateHashData `json:"childCertificateHashData,omitempty" validate:"omitempty,dive"`
-}
-
-func isValidHashAlgorithmType(fl validator.FieldLevel) bool {
-	algorithm := HashAlgorithmType(fl.Field().String())
-	switch algorithm {
-	case SHA256, SHA384, SHA512:
-		return true
-	default:
-		return false
-	}
-}

ocpp1.6/types/types.go

@@ -11,7 +11,6 @@ const (
 )
 
 type PropertyViolation struct {
-	error
 	Property string
 }
 
@@ -333,5 +332,4 @@ func init() {
 	_ = Validate.RegisterValidation("certificateSigningUse16", isValidCertificateSigningUse)
 	_ = Validate.RegisterValidation("isValidCertificateUse", isValidCertificateUse)
 	_ = Validate.RegisterValidation("genericStatus16", isValidGenericStatus)
-	_ = Validate.RegisterValidation("hashAlgorithm16", isValidHashAlgorithmType)
 }