diff --git a/.gitignore b/.gitignore index 371867f..09590e7 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,5 @@ RISE-V2G-SECC/cpsCertChain.p12 RISE-V2G-SECC/moCertChain.p12 /.metadata/ /.recommenders/ +.idea +*.iml diff --git a/RISE-V2G-Certificates/generateCertificates.sh b/RISE-V2G-Certificates/generateCertificates.sh index 667e45a..ba27540 100644 --- a/RISE-V2G-Certificates/generateCertificates.sh +++ b/RISE-V2G-Certificates/generateCertificates.sh @@ -247,7 +247,7 @@ openssl pkcs8 -topk8 -in privateKeys/moSubCA2.key -inform PEM -passin file:passp # IMPORTANT: Concatenate in such a way that the chain leads from the leaf certificate to the root (excluding), this means here: first parameter of the cat command is the sub-CA certificate which signs the leaf certificate (in this case cpoSubCA2.pem). Otherwise the Java method getCertificateChain() which is called on the keystore will only return the leaf certificate! cat certs/cpoSubCA2Cert.pem certs/cpoSubCA1Cert.pem > certs/intermediateCPOCACerts.pem # Put the seccCertificate, the private key associated with the seccCertificate as well as the intermediate sub-CA certificates in a PKCS12 container with the -certfile switch. -openssl pkcs12 -export -inkey privateKeys/secc.key -in certs/seccCert.pem -name secc_cert -certfile certs/intermediateCPOCACerts.pem -caname mo_subca_2 -caname mo_subca_1 -aes128 -passin file:passphrase.txt -passout file:passphrase.txt -out keystores/cpoCertChain.p12 +openssl pkcs12 -export -inkey privateKeys/secc.key -in certs/seccCert.pem -name secc_cert -certfile certs/intermediateCPOCACerts.pem -caname mo_subca_2 -caname mo_subca_1 -aes128 -passin file:passphrase.txt -passout file:passphrase.txt -out keystores/cpoCertChain.p12 keytool -importkeystore -srckeystore keystores/cpoCertChain.p12 -srcstoretype pkcs12 -srcstorepass:file passphrase.txt -srcalias secc_cert -destalias secc_cert -destkeystore keystores/seccKeystore.jks -storepass:file passphrase.txt -noprompt # # 18.2) EVCC keystore needs to initally hold the OEM provisioning certificate (contract certificate will be installed with ISO 15118 message exchange) diff --git a/RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/states/WaitForCertificateInstallationReq.java b/RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/states/WaitForCertificateInstallationReq.java index 06d9fc1..7ef307e 100644 --- a/RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/states/WaitForCertificateInstallationReq.java +++ b/RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/states/WaitForCertificateInstallationReq.java @@ -25,6 +25,7 @@ package com.v2gclarity.risev2g.secc.states; import java.security.KeyPair; import java.security.cert.X509Certificate; +import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.util.HashMap; @@ -76,7 +77,7 @@ public class WaitForCertificateInstallationReq extends ServerState { ContractSignatureEncryptedPrivateKeyType encryptedContractCertPrivateKey = SecurityUtils.encryptContractCertPrivateKey( (ECPublicKey) SecurityUtils.getCertificate(certificateInstallationReq.getOEMProvisioningCert()).getPublicKey(), - ecKeyPair, + (ECPrivateKey) ecKeyPair.getPrivate(), getCommSessionContext().getBackendInterface().getContractCertificatePrivateKey()); certificateInstallationRes.setContractSignatureCertChain(saContractCertificateChain); diff --git a/RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/states/WaitForCertificateUpdateReq.java b/RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/states/WaitForCertificateUpdateReq.java index c6a17ca..6e80784 100644 --- a/RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/states/WaitForCertificateUpdateReq.java +++ b/RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/states/WaitForCertificateUpdateReq.java @@ -24,6 +24,7 @@ package com.v2gclarity.risev2g.secc.states; import java.security.KeyPair; +import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.util.HashMap; @@ -72,7 +73,7 @@ public class WaitForCertificateUpdateReq extends ServerState { ContractSignatureEncryptedPrivateKeyType encryptedContractCertPrivateKey = SecurityUtils.encryptContractCertPrivateKey( (ECPublicKey) SecurityUtils.getCertificate(certificateUpdateReq.getContractSignatureCertChain().getCertificate()).getPublicKey(), - ecdhKeyPair, + (ECPrivateKey) ecdhKeyPair.getPrivate(), getCommSessionContext().getBackendInterface().getContractCertificatePrivateKey()); /* diff --git a/RISE-V2G-Shared/src/main/java/com/v2gclarity/risev2g/shared/utils/SecurityUtils.java b/RISE-V2G-Shared/src/main/java/com/v2gclarity/risev2g/shared/utils/SecurityUtils.java index dadfbea..a6a696f 100644 --- a/RISE-V2G-Shared/src/main/java/com/v2gclarity/risev2g/shared/utils/SecurityUtils.java +++ b/RISE-V2G-Shared/src/main/java/com/v2gclarity/risev2g/shared/utils/SecurityUtils.java @@ -1381,16 +1381,16 @@ public final class SecurityUtils { * @param certificateECPublicKey The public key of either the OEM provisioning certificate (in case of * CertificateInstallation) or the to be updated contract certificate * (in case of CertificateUpdate) - * @param ecKeyPair The EC keypair + * @param dhPrivateKey The DH private key * @param contractCertPrivateKey The private key of the contract certificate * @return The encrypted private key of the to be installed contract certificate */ public static ContractSignatureEncryptedPrivateKeyType encryptContractCertPrivateKey( ECPublicKey certificateECPublicKey, - KeyPair ecKeyPair, + ECPrivateKey dhPrivateKey, ECPrivateKey contractCertPrivateKey) { // Generate the shared secret by using the public key of either OEMProvCert or ContractCert - byte[] sharedSecret = generateSharedSecret((ECPrivateKey) ecKeyPair.getPrivate(), certificateECPublicKey); + byte[] sharedSecret = generateSharedSecret(dhPrivateKey, certificateECPublicKey); if (sharedSecret == null) { getLogger().error("Shared secret could not be generated");