TC_A_08_CSMS — TLS - Client-side certificate - Invalid certificate
TC_A_08_CSMS — TLS - Client-side certificate - Invalid certificate
Source: OCPP 2.0.1 Part 6 — Test Cases (Core & Advanced Security, FINAL, 2023-06-30) — Functional block A. Security, page 337.
Identification
| Field | Value |
|---|---|
| Test case name | TLS - Client-side certificate - Invalid certificate |
| Test case Id | TC_A_08_CSMS |
| Use case Id(s) | A00 |
| Requirement(s) | A00.FR.405,A00.FR.407,A00.FR.409,A00.FR.410 |
| System under test | CSMS |
| Functional block | A. Security |
Description
The Charging Station uses a client-side certificate to identify itself to the CSMS, when using security profile 3.
Purpose
To verify whether the CSMS is able to terminate the connection when the received client certificate is invalid.
Prerequisite(s)
- The CSMS supports security profile 3
- This testcase can be executed multiple times, using different kinds of invalid certificates: Unknown certificate expired certificate certificate with commonName that does not equal the serial number of the Charging Station.
Before (Preparations)
Configuration State:
- N/a
Memory State:
- N/a
Reusable State(s):
- N/a
Main (Test scenario)
| Charging Station | CSMS |
|---|---|
| 1. The OCTT initiates a TLS handshake and sends a Client Hello to the CSMS. | 2. The CSMS responds with a Server Hello; With a server certificate |
| 3. The OCTT performs the following actions: Send <Configured invalid client certificate> Client Key Exchange Certificate verify Change Cipher Spec Finished | 4. The CSMS deems the client certificate invalid and terminates the connection. |
| 5. The OCTT initiates a TLS handshake and sends a Client Hello to the CSMS. | 6. The CSMS responds with a Server Hello; With a server certificate |
| 7. The OCTT performs the following actions: Send <Configured client certificate> Client Key Exchange Certificate verify Change Cipher Spec Finished | 8. The CSMS performs the following actions: Change Cipher Spec Finished |
| 9. The OCTT sends a HTTP upgrade request to the CSMS | 10. The CSMS upgrades the connection to a (secured) WebSocket connection. |
| 11. The OCTT sends a BootNotificationRequest; with reason PowerUp chargingStation.model <Configured model> chargingStation.vendorName <Configured vendorName> | 12. The CSMS responds with a BootNotificationResponse |
| 13. The OCTT notifies the CSMS about the current state of all connectors.; Message: StatusNotificationRequest; - connectorStatus Available; Message: NotifyEventRequest; - trigger Delta; - actualValue "Available"; - component.name "Connector"; - variable.name "AvailabilityState" | 14. The CSMS responds accordingly. |
Tool validations
Step 12:
Message: BootNotificationResponse with status Accepted
Post scenario validations
- N/a