TC_A_04_CS — TLS - server-side certificate - Valid certificate
TC_A_04_CS — TLS - server-side certificate - Valid certificate
Source: OCPP 2.0.1 Part 6 — Test Cases (Core & Advanced Security, FINAL, 2023-06-30) — Functional block A. Security, page 7.
Identification
| Field | Value |
|---|---|
| Test case name | TLS - server-side certificate - Valid certificate |
| Test case Id | TC_A_04_CS |
| Use case Id(s) | A00 |
| Requirement(s) | A00.FR.309,A00.FR.312,A00.FR.313,A00.FR.319,A00.FR.321,A00.FR.412,A00.FR.422 |
| System under test | Charging Station |
| Functional block | A. Security |
Description
The CSMS uses a server-side certificate to identify itself to the Charging Station, when using security profile 2 or 3.
Purpose
To verify whether the Charging Station is able to receive a server certificate provided by the CSMS and setup a secured WebSocket connection.
Prerequisite(s)
- The charging station supports security profile 2 and/or 3
- The active NetworkConnectionProfile uses either security profile 2 OR 3.
Before (Preparations)
Configuration State:
- N/a
Memory State:
- N/a
Reusable State(s):
- State is Booting
Main (Test scenario)
| Charging Station | CSMS |
|---|---|
| 1. The Charging Station initiates a TLS handshake and sends a Client Hello to the OCTT. | 2. The OCTT responds with a Server Hello; With the <Configured server certificate> |
| 3. The Charging Station performs the following actions: Send client certificate Client Key Exchange Certificate verify Change Cipher Spec Finished; Note(s):; - The client certificate is only sent when the Charging Station uses security profile 3. | 4. The OCTT performs the following actions: Change Cipher Spec Finished |
| 5. The Charging Station sends a HTTP upgrade request to the OCTT; Note(s):; - The HTTP request only contains a username/password combination when the Charging Station uses security profile 2. | 6. The OCTT upgrades the connection to a (secured) WebSocket connection. |
| 7. The Charging Station sends a BootNotificationRequest | 8. The OCTT responds with a BootNotificationResponse; with status Accepted |
| 9. The Charging Station notifies the CSMS about the current state of all connectors. | 10. The OCTT responds accordingly. |
Tool validations
Step 2:
The OCTT validates the following before sending the server certificate:
- The Charging Station must use TLS version 1.2 or above At least the following set of cipher suites must be supported: (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 AND TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) OR (TLS_RSA_WITH_AES_128_GCM_SHA256 AND TLS_RSA_WITH_AES_256_GCM_SHA384)
Step 9:
Message: StatusNotificationRequest
- connectorStatus Available Message: NotifyEventRequest
- eventData[0].trigger Delta
- eventData[0].actualValue "Available"
- eventData[0].component.name "Connector"
- eventData[0].variable.name "AvailabilityState"
Post scenario validations
- N/a