TC_A_07_CSMS — TLS - Client-side certificate - valid certificate
TC_A_07_CSMS — TLS - Client-side certificate - valid certificate
Source: OCPP 2.0.1 Part 6 — Test Cases (Core & Advanced Security, FINAL, 2023-06-30) — Functional block A. Security, page 335.
Identification
| Field | Value |
|---|---|
| Test case name | TLS - Client-side certificate - valid certificate |
| Test case Id | TC_A_07_CSMS |
| Use case Id(s) | A00 |
| Requirement(s) | A00.FR.409,A00.FR.410,A00.FR.415,A00.FR.416,A00.FR.421 |
| System under test | CSMS |
| Functional block | A. Security |
Description
The Charging Station uses a client-side certificate to identify itself to the CSMS, when using security profile 3.
Purpose
To verify whether the CSMS is able to receive a client certificate provided by a Charging Station and setup a secured WebSocket connection.
Prerequisite(s)
The CSMS supports security profile 3
Before (Preparations)
Configuration State:
- N/a
Memory State:
- N/a
Reusable State(s):
- N/a
Main (Test scenario)
| Charging Station | CSMS |
|---|---|
| 1. The OCTT terminates the connection and initiates a TLS handshake and sends a Client Hello to the CSMS. | 2. The CSMS responds with a Server Hello; With the <Configured server certificate> |
| 3. The OCTT performs the following actions: Send <Configured client certificate> Client Key Exchange Certificate verify Change Cipher Spec Finished | 4. The CSMS performs the following actions: Change Cipher Spec Finished |
| 5. The OCTT sends a HTTP upgrade request to the CSMS | 6. The CSMS upgrades the connection to a (secured) WebSocket connection. |
| 7. The OCTT sends a BootNotificationRequest; with reason PowerUp chargingStation.model <Configured model> chargingStation.vendorName <Configured vendorName> | 8. The CSMS responds with a BootNotificationResponse |
| 9. The OCTT notifies the CSMS about the current state of all connectors.; Message: StatusNotificationRequest; - connectorStatus Available; Message: NotifyEventRequest; - trigger Delta; - actualValue "Available"; - component.name "Connector"; - variable.name "AvailabilityState" | 10. The CSMS responds accordingly. |
Tool validations
Step 3:
The OCTT validates the following before finishing the TLS handshake:
- The CSMS must use TLS version 1.2 or above At least the following set of cipher suites must be supported: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 AND TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 AND TLS_RSA_WITH_AES_128_GCM_SHA256 AND TLS_RSA_WITH_AES_256_GCM_SHA384
Step 8:
Message: BootNotificationResponse with status Accepted
Post scenario validations
- N/a