feat: implement OCPP 1.6 Security and OCPI/OICP gateway support

[fmandache]

Add comprehensive security features per OCPP 1.6 Security Whitepaper Edition 3 and roaming protocol support:

OCPP 1.6 Security Infrastructure:

• Add SecurityProfileConfiguration for profiles 0-3 (unsecured, basic auth, TLS, mTLS)
• Implement CertificateSigningService with Bouncy Castle PKI support
• Add SecurityRepository for certificate, security event, log file, and firmware management
• Create database schema with 4 security tables (certificate, security_event, log_file, firmware_update)

OCPP 1.6 Security Messages (11 message types):

• SignCertificate / CertificateSigned (PKI-based certificate signing)
• InstallCertificate / DeleteCertificate (certificate lifecycle)
• GetInstalledCertificateIds (certificate inventory)
• SecurityEventNotification (security event logging)
• SignedUpdateFirmware (cryptographically signed firmware updates)
• SignedFirmwareStatusNotification (firmware update status)
• GetLog / LogStatusNotification (diagnostic and security logs)
• ExtendedTriggerMessage (trigger security-related operations)

Security Features:

• Cryptographically secure certificate serial numbers (SecureRandom, 64-bit)
• CSR subject DN validation prevents charge point impersonation attacks
• Configurable certificate validity period (ocpp.security.certificate.validity.years)
• Certificate chain validation and storage with audit trail
• TLS/mTLS configuration with keystore/truststore support
• Security event correlation and logging

OCPI/OICP Gateway Layer (99 new files):

• Implement OCPI v2.2 for peer-to-peer roaming with CPOs and EMSPs
• Implement OICP v2.3 for Hubject eRoaming network integration
• Add OcppToOcpiAdapter and OcppToOicpAdapter for protocol translation
• CPO endpoints: locations, sessions, CDRs (charge detail records)
• EMSP endpoints: token authorization, remote start/stop
• Gateway partner management with secure token encryption
• Database tables: gateway_partner, gateway_token_mapping, gateway_session_mapping, gateway_cdr_mapping
• Gateway status monitoring and health checks

API & Documentation:

• Add OCPP_SECURITY_PROFILES.md with comprehensive TLS configuration guide
• Add GATEWAY.md with OCPI/OICP architecture and configuration examples
• Update README with OCPP 1.6 security features and roaming protocol support
• Configure TLS protocols (TLSv1.2+) and cipher suite support

Database Migrations:

• V1_0_9__gateway.sql: Add gateway tables and indexes
• V1_1_0__gateway_token_hash.sql: Add token encryption support
• V1_1_1__add_gateway_indexes.sql: Optimize gateway queries
• V1_1_2__ocpp16_security.sql: Add OCPP 1.6 security tables
• jOOQ code generation for type-safe database access

Dependencies:

• Add Bouncy Castle (bcprov-jdk18on, bcpkix-jdk18on) for X.509/PKI operations

Fixes #100

[juherr]

This pull request is awesome but so huge that the review is impossible.

You should try to make at least 3 different pull requests: ocpp security, oicp and ocpi.

[juherr]

I think you should move ocpi and oicp models in dedicated repositories (ie: steve-ocpi and steve-oicp) like it is already the case for the ocpp model located in steve-jaxb.

[goekay]

thanks for this great contribution. I agree though that the PR needs to be split into multiple atomic ones (one feature per PR). this is too huge of a PR to review property.

[fmandache]

also on my fork now fully implemented the OCPP 2.0.1, and added a simulator for the 2.0.1 charger so can test for certification. Let me see when i will get some time to split it.

[fmandache]

some conflict left as my commit adds extra functionality to the OCPP1.6 (the security ).

[juherr]

@fmandache Your contribution has potential, but it’s too big to merge as-is.
What’s your goal with this PR: upstream merge after adjustments, or keeping it as your own fork?
Both options are fine, I just need to know your intention.