From ce6ab87d5d064c05e19ce3e79eafd4885a3c2ac8 Mon Sep 17 00:00:00 2001
From: Menno de Graaf <m.degraaf@alfen.com>
Date: Wed, 28 Feb 2024 15:43:17 +0100
Subject: [PATCH] Use hierarchy to retrieve OCSP data

Signed-off-by: Menno de Graaf <m.degraaf@alfen.com>
---
 lib/evse_security/evse_security.cpp | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/lib/evse_security/evse_security.cpp b/lib/evse_security/evse_security.cpp
index 003f086..0b03cbe 100644
--- a/lib/evse_security/evse_security.cpp
+++ b/lib/evse_security/evse_security.cpp
@@ -661,12 +661,20 @@ OCSPRequestDataList EvseSecurity::get_ocsp_request_data(const std::string& certi
     OCSPRequestDataList response;
     std::vector<OCSPRequestData> ocsp_request_data_list;
 
-    X509CertificateBundle ca_bundle(certificate_chain, EncodingFormat::PEM);
-    const auto certificates_of_bundle = ca_bundle.split();
-    for (const auto& certificate : certificates_of_bundle) {
+    X509CertificateBundle leaf_bundle(certificate_chain, EncodingFormat::PEM);
+    X509CertificateBundle root_bundle(this->ca_bundle_path_map.at(certificate_type), EncodingFormat::PEM);
+
+    auto full_list = root_bundle.split();
+    const auto leaf_certificates = leaf_bundle.split();
+    for (const auto& certif : leaf_certificates) {
+        full_list.push_back(std::move(certif));
+    }
+    X509CertificateHierarchy full_hierarchy = X509CertificateHierarchy::build_hierarchy(full_list);
+
+    for (const auto& certificate : leaf_certificates) {
         std::string responder_url = certificate.get_responder_url();
         if (!responder_url.empty()) {
-            auto certificate_hash_data = certificate.get_certificate_hash_data();
+            auto certificate_hash_data = full_hierarchy.get_certificate_hash(certificate);
             OCSPRequestData ocsp_request_data = {certificate_hash_data, responder_url};
             ocsp_request_data_list.push_back(ocsp_request_data);
         }
@@ -1114,7 +1122,6 @@ CertificateValidationError EvseSecurity::verify_certificate_internal(const std::
 
         // Retrieve the hierarchy in order to check if the chain contains a root certificate
         X509CertificateHierarchy& hierarchy = certificate.get_certficate_hierarchy();
-        EVLOG_info << "hierarchy:\n" << hierarchy.to_debug_string();
 
         // Make sure that an added root certificate is excluded and taken from the bundle
         for (size_t i = 1; i < _certificate_chain.size(); i++) {