diff --git a/include/evse_security/evse_security.hpp b/include/evse_security/evse_security.hpp index fd32782..36520ab 100644 --- a/include/evse_security/evse_security.hpp +++ b/include/evse_security/evse_security.hpp @@ -114,16 +114,15 @@ class EvseSecurity { /// @brief Retrieves the certificate count applying the \p certificate_types filter. int get_count_of_installed_certificates(const std::vector& certificate_types); - /// @brief Retrieves the OCSP request data of the V2G certificates + /// @brief Command to retrieve the OCSP request data of the V2G certificates (V2G leaf and possibly SubCAs) /// @return contains OCSP request data - OCSPRequestDataList get_ocsp_request_data(); + OCSPRequestDataList get_v2g_ocsp_request_data(); /// @brief Retrieves the OCSP request data of the given \p certificate_chain /// @param certificate_chain PEM formatted certificate or certificate chain /// @param certificate_type type of the leaf certificate /// @return contains OCSP request data - OCSPRequestDataList get_ocsp_request_data(const std::string& certificate_chain, - const CaCertificateType certificate_type); + OCSPRequestDataList get_ocsp_request_data(const std::string& certificate_chain); /// @brief Updates the OCSP cache for the given \p certificate_hash_data with the given \p ocsp_response /// @param certificate_hash_data identifies the certificate for which the \p ocsp_response is specified diff --git a/lib/evse_security/evse_security.cpp b/lib/evse_security/evse_security.cpp index 224656b..d8affdd 100644 --- a/lib/evse_security/evse_security.cpp +++ b/lib/evse_security/evse_security.cpp @@ -621,17 +621,22 @@ int EvseSecurity::get_count_of_installed_certificates(const std::vector guard(EvseSecurity::security_mutex); OCSPRequestDataList response; std::vector ocsp_request_data_list; try { - X509CertificateBundle ca_bundle(this->ca_bundle_path_map.at(CaCertificateType::V2G), EncodingFormat::PEM); + const auto secc_key_pair = this->get_key_pair_internal(LeafCertificateType::V2G, EncodingFormat::PEM); + if (secc_key_pair.status != GetKeyPairStatus::Accepted or !secc_key_pair.pair.has_value()) { + return response; + } + + X509CertificateBundle leaf_bundle(secc_key_pair.pair.value().certificate, EncodingFormat::PEM); // Build hierarchy for the bundle - auto& hierarchy = ca_bundle.get_certficate_hierarchy(); + auto& hierarchy = leaf_bundle.get_certficate_hierarchy(); // Iterate cache, get hashes hierarchy.for_each([&](const X509Node& node) { @@ -653,8 +658,7 @@ OCSPRequestDataList EvseSecurity::get_ocsp_request_data() { return response; } -OCSPRequestDataList EvseSecurity::get_ocsp_request_data(const std::string& certificate_chain, - const CaCertificateType certificate_type) { +OCSPRequestDataList EvseSecurity::get_ocsp_request_data(const std::string& certificate_chain) { std::lock_guard guard(EvseSecurity::security_mutex); OCSPRequestDataList response; @@ -662,28 +666,23 @@ OCSPRequestDataList EvseSecurity::get_ocsp_request_data(const std::string& certi try { X509CertificateBundle leaf_bundle(certificate_chain, EncodingFormat::PEM); - X509CertificateBundle root_bundle(this->ca_bundle_path_map.at(certificate_type), EncodingFormat::PEM); - auto full_list = root_bundle.split(); - const auto leaf_certificates = leaf_bundle.split(); - for (const auto& certif : leaf_certificates) { - full_list.push_back(std::move(certif)); - } - X509CertificateHierarchy full_hierarchy = X509CertificateHierarchy::build_hierarchy(full_list); + auto leaf_certificates = leaf_bundle.split(); + X509CertificateHierarchy hierarchy = X509CertificateHierarchy::build_hierarchy(leaf_certificates); - for (const auto& certificate : leaf_certificates) { - std::string responder_url = certificate.get_responder_url(); + hierarchy.for_each([&](const X509Node& node) { + std::string responder_url = node.certificate.get_responder_url(); if (!responder_url.empty()) { - auto certificate_hash_data = full_hierarchy.get_certificate_hash(certificate); + auto certificate_hash_data = node.hash; OCSPRequestData ocsp_request_data = {certificate_hash_data, responder_url}; ocsp_request_data_list.push_back(ocsp_request_data); } - } + return true; + }); response.ocsp_request_data_list = ocsp_request_data_list; } catch (const CertificateLoadException& e) { - EVLOG_error << "Could not get ocsp cache, certificate load failure: " << e.what() - << " for chain type: " << conversions::ca_certificate_type_to_string(certificate_type); + EVLOG_error << "Could not get ocsp cache, certificate load failure: " << e.what(); } return response; diff --git a/lib/evse_security/evse_types.cpp b/lib/evse_security/evse_types.cpp index b3364f0..b599f10 100644 --- a/lib/evse_security/evse_types.cpp +++ b/lib/evse_security/evse_types.cpp @@ -41,6 +41,8 @@ std::string leaf_certificate_type_to_string(LeafCertificateType e) { return "V2G"; case LeafCertificateType::MF: return "MF"; + case LeafCertificateType::MO: + return "MO"; default: throw std::out_of_range("Could not convert LeafCertificateType to string"); } @@ -54,6 +56,8 @@ std::string leaf_certificate_type_to_filename(LeafCertificateType e) { return "SECC_LEAF_"; case LeafCertificateType::MF: return "MF_LEAF_"; + case LeafCertificateType::MO: + return "MO_LEAF_"; default: throw std::out_of_range("Could not convert LeafCertificateType to string"); }