Closed peter279k closed 3 years ago
Thanks for the question.
Just so I understand correctly: you want the VTN to check the VEN's IP address that it is making the request from?
OpenADR has no concept of using IP addresses for any verification, so that is not possible using OpenADR. The OpenADR way to authenticate VENs and VTNs is to use X509 certificates, which OpenLEADR already supports. Please see the documentation here: https://openleadr.org/docs/message_signing.html. The registration_info
dict will contain a fingerprint
element that you can use to verify the certificate and thereby the VEN.
If you really want to use IP address checking, you can try if the following solution would work for you.
You could add the VEN's IP address to the registration_info
dict that the VTN receives in its on_create_party_registration
handler. This would be done in the openleadr.service.vtn_service.VTNService.handler
method; I already added the VEN's secure fingerprint in there if it is connecting over HTTPS.
You could use these lines:
if message_type == 'oadrCreatePartyRegistration':
message_payload['ip_address'] = request.remote
If you insert these between line 71 and 72 of the openleadr/service/vtn_service.py
of the current main
branch of openleadr-python, you should then have the VEN's IP address in the registration_info
dict in your on_create_party_registration
handler.
I hope this helps. If anything is unclear, please let me know.
Hi @stan-janssen, thanks for your reply.
In addition to verify VEN device with IP addresses during oadrQueryRegistration sending, I also need to identify VEN IP addresses because different VEN devices have the different events.
Is there any other ways to identify VEN devices without IP addresses?
I figure out another way is: creating the VEN id and VEN name whitelists and store them to the database.
Once the oadrQueryRegistration sending happens, it will check whether above VEN id or VEN name is valid during the oadrCreatePartyRegistration
message sending. It's similar with this registration approach.
Do you have another OpenADR way to verify/identify VEN devices?
There are a few options for identifying the VENs in OpenADR during registration:
venName
: you can set this up in the OpenLEADR using client = OpenADRClient(ven_name='ven001')
. On the VTN side, the venName will be included in the registration_info
dict (which is called payload
in the documentation example you refer to). You should then look up that venName in your database, assign a venID
and registrationID
and return than. From then on, the Ven will always identify itself using its venID
. So when you want to add an Event, you add an event for a specific ven_id
in OpenLEADR (see here).venID
. Instead of letting the VTN assign a venID to you the VEN, you can configure the venID in the OpenADRClient as well. The VTN can then check the venID
field in the registration_info
dict.registration_info['fingerprint']
field. You should pre-configure the fingerprints in your VTN database to check. If you start your OpenADRClient with SSL certificates, it will print its fingerprint on startup. Alternatively, you can get the fingerprint by using the fingerprint
command line utility that you get when you install openleadr
: see this documentation. This is the recommended setup, but it requires you to run both your VEN and VTN using SSL, for which you need some certificates. You can use the dummy certificates that I supply in this repository to get started.My recommendation is that you create a mapping between ven_name and ven_id in your VTN database. For each of your vens, you assign a unique ven_name. IN your on_create_party_registration
handler, you look up the ven_name and return the ven_id and a registration_id. This will set the ven_id on the VEN as well. After that, you assign events by their ven_id.
When you get that working, you can experiment with certificates for additional security.
I hope this helps!
Hi @stan-janssen. Thanks for reply and help!
Closed because I think these recommendations are proper way to do that :)!
As title, I try to use the registration approach to send oadrQueryRegistration message payload to VTN.
I need to let VTN know VEN device IP addresses via above oadrQueryRegistration message payload because these VEN devices are located behind the energy management server.
I need to know energy management server IP and VEN device IP so that I can verify this VEN device on VTN.
Is it possible to do that during VEN oadrQueryRegistration registration message payload sending?