- Signature creation and verification has been fixed and works now properly. Has been tested against various industry OEMs and suppliers. SecurityUtils.java class was substantially revised as part of fixing the signature creation and verification process and extended signature logging
- Introduced a new abstract method setMandatoryFieldsForFailedRes() in ServerState which makes sure that for each response the mandatory fields are set properly according to the standard in case a FAILED response code is sent
- Introduced a fix in WaitForAuthorizationReq which makes sure that a possible challenge is only checked for if the chosen payment option is „Contract“ (and TLS is used)
- Saves now the payment option selected by the EVCC (in state WaitForPaymentServiceSelectionReq) in the SECCs communication session for later reference
- To avoid possible race conditions, the transport layer threads needed to be started AFTER the SECC session handler has been initialized. Otherwise the situation might occur that the UDPServer is receiving a UDP client packet and tries to access the MessageHandler object before this object has been created by the SECC session handler.
- generateCertificates.sh Shell-Script now includes variables to ease the setting of certificates’ validity periods. Renaming of some certificates (e.g. provLeaf.cert -> cpsLeaf.cert) and keys. All certificates are now also generated in DER encoded form. MOSubCA2 private key is now also created as a PKCS#8 DER encoded file as RISE V2G needs this format to read the private key from file and sign SalesTariffs.
- EVCCConfig.properties and SECCConfig.properties have additional property „SignatureVerificationLog“ which enables extended logging information to debug signature creation and verification processes
- Catched a (theoretically) possible ClassCastException in WaitForChargeParameterDiscoveryRes in case the EVCC signalizes an EnergyTransferMode (AC or DC) which does not fit to the EVSEChargeParameter sent by the SECC later on
- Made sure that by default the sum of the individual time intervals described in the PMaxSchedule and SalesTariff provided in the ChargeParameterDiscoveryRes message are equal to 24 hours as demanded by a requirement.
- Renaming of some methods in IBackendInterface for clarity and consistency
- Provided a correctly formatted EVSE-ID in DummyACEVSEController and DummyDCEVSEController
- Corrected the service name of CertificateUpdate service and CertificateInstallation service to „Service“ according to the standard
- Edited GlobalValues so that the string value returned for each global value only needs to be edited once in this file (less error prone)
- shortend all IDs of reference signature headers to 3 characters like the example given in Annex J (because some embedded systems might restrict the length to 3 characters)
- SecurityUtils: minor additional checks in verifySignature() method
- avoided NullPointerException when incoming message does not have ISO 15118 schema (for example DINSPEC 70121 XSD schema for DC charging)
- made sure optional parameters of ServiceDiscoveryRes are not empty when sent
- added logging message which shows which payment option was chosen by EVCC
- added optional parameter EVSEIsolationStatus in DCEVSEStatus as some EVCC systems tend to need this value according to testival
- bug fix: applied correct private key for signing sales tariff (must be MOSub2CA private key)
- made sure EVCC does not choose contract based payment if SECC offers it although no TLS communication is set up
- caching result of getContractCertificateStatus() in communication session object to further reduce cryptographic computation overhead
- added another property to file EVCCConfig.properties and SECCConfig.properties called 'XMLRepresentationOfMessages' to allow to easily switch between verbose debugging (showing XML representation of sent messages) and less verbose logging information
- added ResponseCode 'OK_CertificateExpiresSoon' on SECC side when receiving ContractCertificate with PaymentDetailsReq
- modified TLSClient to initiate TLS handshake right when initializing TLSClient (instead of when sending first message), thus enabling the check for the correct domain component "CPO" of the SECC certificate
- validates now provisioning certificate chain and checks for correct domain component "CPS" of provisioning leaf certificate
- added SecurityUtils function to get contract certificate from EVCC keystore
- added SecurityUtils function to get validity period of contract certificate
- added SecurityUtils function to also check for correct domain component when checking validity of certificate
- implemented a correct check if certificate update or installation is needed upon receiving PaymentServiceSelectionRes on EVCC side
Marc Mültin
Marc Mültin