EVerest · Pietfried · Mar 20, 2024 · Mar 18, 2024 · Mar 19, 2024 · Mar 19, 2024
@@ -114,16 +114,15 @@ class EvseSecurity {
     /// @brief Retrieves the certificate count applying the \p certificate_types filter.
     int get_count_of_installed_certificates(const std::vector<CertificateType>& certificate_types);
 
-    /// @brief Retrieves the OCSP request data of the V2G certificates
+    /// @brief Command to retrieve the OCSP request data of the V2G certificates (V2G leaf and possibly SubCAs)
     /// @return contains OCSP request data
-    OCSPRequestDataList get_ocsp_request_data();
+    OCSPRequestDataList get_v2g_ocsp_request_data();
 
     /// @brief Retrieves the OCSP request data of the given \p certificate_chain
     /// @param certificate_chain PEM formatted certificate or certificate chain
     /// @param certificate_type type of the leaf certificate
     /// @return contains OCSP request data
-    OCSPRequestDataList get_ocsp_request_data(const std::string& certificate_chain,
-                                              const CaCertificateType certificate_type);
+    OCSPRequestDataList get_ocsp_request_data(const std::string& certificate_chain);
 
     /// @brief Updates the OCSP cache for the given \p certificate_hash_data with the given \p ocsp_response
     /// @param certificate_hash_data identifies the certificate for which the \p ocsp_response is specified

@@ -621,17 +621,22 @@ int EvseSecurity::get_count_of_installed_certificates(const std::vector<Certific
     return count;
 }
 
-OCSPRequestDataList EvseSecurity::get_ocsp_request_data() {
+OCSPRequestDataList EvseSecurity::get_v2g_ocsp_request_data() {
     std::lock_guard<std::mutex> guard(EvseSecurity::security_mutex);
 
     OCSPRequestDataList response;
     std::vector<OCSPRequestData> ocsp_request_data_list;
 
     try {
-        X509CertificateBundle ca_bundle(this->ca_bundle_path_map.at(CaCertificateType::V2G), EncodingFormat::PEM);
+        const auto secc_key_pair = this->get_key_pair_internal(LeafCertificateType::V2G, EncodingFormat::PEM);
+        if (secc_key_pair.status != GetKeyPairStatus::Accepted or !secc_key_pair.pair.has_value()) {
+            return response;
+        }
+
+        X509CertificateBundle leaf_bundle(secc_key_pair.pair.value().certificate, EncodingFormat::PEM);
 
         // Build hierarchy for the bundle
-        auto& hierarchy = ca_bundle.get_certficate_hierarchy();
+        auto& hierarchy = leaf_bundle.get_certficate_hierarchy();
 
         // Iterate cache, get hashes
         hierarchy.for_each([&](const X509Node& node) {
@@ -653,37 +658,31 @@ OCSPRequestDataList EvseSecurity::get_ocsp_request_data() {
     return response;
 }
 
-OCSPRequestDataList EvseSecurity::get_ocsp_request_data(const std::string& certificate_chain,
-                                                        const CaCertificateType certificate_type) {
+OCSPRequestDataList EvseSecurity::get_ocsp_request_data(const std::string& certificate_chain) {
     std::lock_guard<std::mutex> guard(EvseSecurity::security_mutex);
 
     OCSPRequestDataList response;
     std::vector<OCSPRequestData> ocsp_request_data_list;
 
     try {
         X509CertificateBundle leaf_bundle(certificate_chain, EncodingFormat::PEM);
-        X509CertificateBundle root_bundle(this->ca_bundle_path_map.at(certificate_type), EncodingFormat::PEM);
 
-        auto full_list = root_bundle.split();
-        const auto leaf_certificates = leaf_bundle.split();
-        for (const auto& certif : leaf_certificates) {
-            full_list.push_back(std::move(certif));
-        }
-        X509CertificateHierarchy full_hierarchy = X509CertificateHierarchy::build_hierarchy(full_list);
+        auto leaf_certificates = leaf_bundle.split();
+        X509CertificateHierarchy hierarchy = X509CertificateHierarchy::build_hierarchy(leaf_certificates);
 
-        for (const auto& certificate : leaf_certificates) {
-            std::string responder_url = certificate.get_responder_url();
+        hierarchy.for_each([&](const X509Node& node) {
+            std::string responder_url = node.certificate.get_responder_url();
             if (!responder_url.empty()) {
-                auto certificate_hash_data = full_hierarchy.get_certificate_hash(certificate);
+                auto certificate_hash_data = node.hash;
                 OCSPRequestData ocsp_request_data = {certificate_hash_data, responder_url};
                 ocsp_request_data_list.push_back(ocsp_request_data);
             }
-        }
 
+            return true;
+        });
         response.ocsp_request_data_list = ocsp_request_data_list;
     } catch (const CertificateLoadException& e) {
-        EVLOG_error << "Could not get ocsp cache, certificate load failure: " << e.what()
-                    << " for chain type: " << conversions::ca_certificate_type_to_string(certificate_type);
+        EVLOG_error << "Could not get ocsp cache, certificate load failure: " << e.what();
     }
 
     return response;

@@ -41,6 +41,8 @@ std::string leaf_certificate_type_to_string(LeafCertificateType e) {
         return "V2G";
     case LeafCertificateType::MF:
         return "MF";
+    case LeafCertificateType::MO:
+        return "MO";
     default:
         throw std::out_of_range("Could not convert LeafCertificateType to string");
     }
@@ -54,6 +56,8 @@ std::string leaf_certificate_type_to_filename(LeafCertificateType e) {
         return "SECC_LEAF_";
     case LeafCertificateType::MF:
         return "MF_LEAF_";
+    case LeafCertificateType::MO:
+        return "MO_LEAF_";
     default:
         throw std::out_of_range("Could not convert LeafCertificateType to string");
     }