Merge pull request #38 from c-jimenez/dev/security_optional_secure_notification

Add configuration key to enable/disable security events notifications

Author: c-jimenez

README.md

@@ -121,12 +121,12 @@ In the "Owner" column, "S" means that the configuration key behavior is handled
 | ChargingScheduleMaxPeriods | S | None |
 | ConnectorSwitch3to1PhaseSupported | S | None |
 | MaxChargingProfilesInstalled | S | None |
-| AdditionalRootCertificateCheck | S | OCPP 1.6 security whitepaper edition 2 configuration key : not implemented yet |
+| AdditionalRootCertificateCheck | U | None |
 | AuthorizationKey | S | None |
-| CertificateSignedMaxChainSize | S | OCPP 1.6 security whitepaper edition 2 configuration key : not implemented yet |
-| CertificateStoreMaxLength | S | OCPP 1.6 security whitepaper edition 2 configuration key : not implemented yet |
-| CpoName | S | OCPP 1.6 security whitepaper edition 2 configuration key : not implemented yet |
-| SecurityProfile | S | OCPP 1.6 security whitepaper edition 2 configuration key : not implemented yet |
+| CertificateSignedMaxChainSize | S | None |
+| CertificateStoreMaxLength | U | None |
+| CpoName | S | None |
+| SecurityProfile | S | None |
 
 ### OCPP security extensions
 
@@ -154,6 +154,8 @@ In Charge Point role, it can optionnaly handle the storage of the security event
 
 In Charge Point role, the user application can generate custom security events and defines its criticity so that they are forwarded to the Central System.
 
+In Charge Point role, the notification of security events can be enabled or disabled with the IChargePointConfig::securityEventNotificationEnabled() configuration. This can be usefull to disable them when the Central System does not implement the security extensions.
+
 #### Extended trigger messages
 
 **Open OCPP** support this feature for both Charge Point and Central System roles.

examples/common/config/ChargePointConfig.h

@@ -125,6 +125,8 @@ class ChargePointConfig : public ocpp::config::IChargePointConfig
 
     // Security
 
+    /** @brief Enabled security event notification */
+    bool securityEventNotificationEnabled() const override { return getBool("SecurityEventNotificationEnabled"); }
     /** @brief Maximum number of entries in the security log (0 = no security logs in database) */
     unsigned int securityLogMaxEntriesCount() const override { return get<unsigned int>("SecurityLogMaxEntriesCount"); };
 

examples/quick_start_chargepoint/config/quick_start_chargepoint.ini

@@ -29,6 +29,7 @@ MeterType=
 OperatingVoltage=230
 AuthentCacheMaxEntriesCount=1000
 LogMaxEntriesCount=2000
+SecurityEventNotificationEnabled=true
 SecurityLogMaxEntriesCount=1000
 
 [Ocpp]

examples/remote_chargepoint/config/remote_chargepoint.ini

@@ -29,6 +29,7 @@ MeterType=
 OperatingVoltage=230
 AuthentCacheMaxEntriesCount=1000
 LogMaxEntriesCount=2000
+SecurityEventNotificationEnabled=true
 SecurityLogMaxEntriesCount=1000
 
 [Ocpp]

examples/security_chargepoint/config/security_chargepoint.ini

@@ -29,6 +29,7 @@ MeterType=
 OperatingVoltage=230
 AuthentCacheMaxEntriesCount=1000
 LogMaxEntriesCount=2000
+SecurityEventNotificationEnabled=true
 SecurityLogMaxEntriesCount=1000
 
 [Ocpp]

src/chargepoint/interface/IChargePointConfig.h

@@ -118,6 +118,8 @@ class IChargePointConfig
 
     // Security
 
+    /** @brief Enabled security event notification */
+    virtual bool securityEventNotificationEnabled() const = 0;
     /** @brief Maximum number of entries in the security log (0 = no security logs in database) */
     virtual unsigned int securityLogMaxEntriesCount() const = 0;
 };

src/chargepoint/security/SecurityManager.cpp

@@ -73,6 +73,7 @@ SecurityManager::SecurityManager(const ocpp::config::IChargePointConfig&
       GenericMessageHandler<GetInstalledCertificateIdsReq, GetInstalledCertificateIdsConf>(GET_INSTALLED_CERTIFICATE_IDS_ACTION,
                                                                                            messages_converter),
       GenericMessageHandler<InstallCertificateReq, InstallCertificateConf>(INSTALL_CERTIFICATE_ACTION, messages_converter),
+      m_stack_config(stack_config),
       m_ocpp_config(ocpp_config),
       m_events_handler(events_handler),
       m_worker_pool(worker_pool),
@@ -197,32 +198,35 @@ bool SecurityManager::logSecurityEvent(const std::string& type, const std::strin
     {
         LOG_WARNING << "Security Event : type = " << type << ", message = " << message;
 
-        SecurityEventNotificationReq request;
-        request.type.assign(type);
-        request.timestamp = timestamp;
-        if (!message.empty())
+        if (m_stack_config.securityEventNotificationEnabled())
         {
-            request.techInfo.value().assign(message);
-        }
+            SecurityEventNotificationReq request;
+            request.type.assign(type);
+            request.timestamp = timestamp;
+            if (!message.empty())
+            {
+                request.techInfo.value().assign(message);
+            }
 
-        if (m_msg_sender)
-        {
-            // Stack is started, try to send the notification
-            SecurityEventNotificationConf response;
-            if (m_msg_sender->call(SECURITY_EVENT_NOTIFICATION_ACTION, request, response, &m_requests_fifo) == CallResult::Failed)
+            if (m_msg_sender)
             {
-                ret = false;
+                // Stack is started, try to send the notification
+                SecurityEventNotificationConf response;
+                if (m_msg_sender->call(SECURITY_EVENT_NOTIFICATION_ACTION, request, response, &m_requests_fifo) == CallResult::Failed)
+                {
+                    ret = false;
+                }
             }
-        }
-        else
-        {
-            // Stack is not started, queue the notification
-            rapidjson::Document payload;
-            payload.Parse("{}");
-            m_security_event_req_converter.setAllocator(&payload.GetAllocator());
-            if (m_security_event_req_converter.toJson(request, payload))
+            else
             {
-                m_requests_fifo.push(0, SECURITY_EVENT_NOTIFICATION_ACTION, payload);
+                // Stack is not started, queue the notification
+                rapidjson::Document payload;
+                payload.Parse("{}");
+                m_security_event_req_converter.setAllocator(&payload.GetAllocator());
+                if (m_security_event_req_converter.toJson(request, payload))
+                {
+                    m_requests_fifo.push(0, SECURITY_EVENT_NOTIFICATION_ACTION, payload);
+                }
             }
         }
     }

src/chargepoint/security/SecurityManager.h

@@ -159,6 +159,8 @@ class SecurityManager
                        std::string&                                 error_message) override;
 
   private:
+    /** @brief Stack configuration */
+    const ocpp::config::IChargePointConfig& m_stack_config;
     /** @brief Standard OCPP configuration */
     ocpp::config::IOcppConfig& m_ocpp_config;
     /** @brief User defined events handler */

src/tools/x509/X509Document.cpp

@@ -109,7 +109,10 @@ time_t X509Document::convertAsn1Time(const void* pasn1_time)
     const ASN1_TIME* asn1_time = reinterpret_cast<const ASN1_TIME*>(pasn1_time);
     struct tm        tm;
     ASN1_TIME_to_tm(asn1_time, &tm);
-    return mktime(&tm);
+    time_t timestamp = mktime(&tm);
+    timestamp += tm.tm_gmtoff;
+    timestamp -= (tm.tm_isdst * 3600);
+    return timestamp;
 }
 
 /** @brief Convert a string in ASN1_STRING format to a standard string representation */

tests/tools/test_workerthreadpool.cpp

@@ -28,6 +28,7 @@ TEST_SUITE("WorkerThreadPool class test suite")
     {
         WorkerThreadPool worker_thread_pool(3);
 
+        std::mutex   jobs_done_mutex;
         unsigned int jobs_done = 0;
 
         std::mutex              end_job1_mutex;
@@ -43,9 +44,10 @@ TEST_SUITE("WorkerThreadPool class test suite")
         worker_thread_pool.run<void>(job1);
         Waiter<void> waiter1 = worker_thread_pool.run<void>(job1);
 
-        auto job2 = [&jobs_done]
+        auto job2 = [&jobs_done, &jobs_done_mutex]
         {
             std::this_thread::sleep_for(std::chrono::milliseconds(25u));
+            std::lock_guard<std::mutex> lock(jobs_done_mutex);
             jobs_done++;
         };
         worker_thread_pool.run<void>(job2);