conversationrepository: pin issuer certificate if needed

GitLab: #868 Change-Id: I2217c9321bc669ba454b54e5b26653399c4939a0

conversationrepository: pin issuer certificate if needed
7c7c1d38 · Sébastien Blin · 2c32cacd · 7c7c1d38
Commit 7c7c1d38 authored Jun 26, 2023 by Sébastien Blin
--- a/src/jamidht/conversationrepository.cpp
+++ b/src/jamidht/conversationrepository.cpp
@@ -194,22 +194,31 @@ public:
        if (!repo or !acc)
            return {};
        std::map<std::string, std::vector<DeviceId>> memberDevices;
-        std::string deviceDir = fmt::format("{}devices/",
-                                            git_repository_workdir(repo.get()));
+        std::string deviceDir = fmt::format("{}devices/", git_repository_workdir(repo.get()));
        for (const auto& file : fileutils::readDirectory(deviceDir)) {
            std::shared_ptr<dht::crypto::Certificate> cert;
            try {
                cert = std::make_shared<dht::crypto::Certificate>(
                    fileutils::loadFile(deviceDir + file));
-            } catch (const std::exception&) {}
                if (!cert)
                    continue;
                if (ignoreExpired && cert->getExpiration() < std::chrono::system_clock::now())
                    continue;
+                auto issuerUid = cert->getIssuerUID();
+                if (!acc->certStore().getCertificate(issuerUid)) {
+                    // Check that parentCert
+                    auto memberFile = fmt::format("{}members/{}.crt", git_repository_workdir(repo.get()), issuerUid);
+                    auto adminFile = fmt::format("{}admins/{}.crt", git_repository_workdir(repo.get()), issuerUid);
+                    auto parentCert = std::make_shared<dht::crypto::Certificate>(fileutils::loadFile(fileutils::isFile(memberFile) ? memberFile : adminFile));
+                    if (parentCert && (ignoreExpired || parentCert->getExpiration() < std::chrono::system_clock::now()))
+                        acc->certStore().pinCertificate(parentCert, true); // Pin certificate to local store if not already done
+                }
                if (!acc->certStore().getCertificate(cert->getPublicKey().getLongId().toString())) {
                    acc->certStore().pinCertificate(cert, true); // Pin certificate to local store if not already done
                }
                memberDevices[cert->getIssuerUID()].emplace_back(cert->getPublicKey().getLongId());
+
+            } catch (const std::exception&) {}
        }
        return memberDevices;
    }