certstore: make TrustStore thread safe

Because multiple threads can access the TrustStore to update/add/rm certificates, introduce a mutex to protect the maps. Because a lot of methods only access the maps in read-only, the mutex is mutable. Moreover, because isAllowed will check the whole chain, to avoid multiple lock/unlocks, the mutex is a recursive one. Change-Id: Iec197221e2eefba4a7192f36f1a9a952f2533778 GitLab: #690

certstore: make TrustStore thread safe
90a5ea27 · Sébastien Blin · 8ca7dd3a · 90a5ea27 · 90a5ea27
Commit 90a5ea27 authored 3 years ago by Sébastien Blin
--- a/src/security/certstore.cpp
+++ b/src/security/certstore.cpp
@@ -531,6 +531,7 @@ TrustStore::setCertificateStatus(std::shared_ptr<crypto::Certificate> cert,
 {
    if (cert)
        CertificateStore::instance().pinCertificate(cert, local);
+    std::lock_guard<std::recursive_mutex> lk(mutex_);
    updateKnownCerts();
    bool dirty {false};
    if (status == PermissionStatus::UNDEFINED) {
@@ -573,6 +574,7 @@ TrustStore::setCertificateStatus(std::shared_ptr<crypto::Certificate> cert,
 TrustStore::PermissionStatus
 TrustStore::getCertificateStatus(const std::string& cert_id) const
 {
+    std::lock_guard<std::recursive_mutex> lk(mutex_);
    auto s = certStatus_.find(cert_id);
    if (s == std::end(certStatus_)) {
        auto us = unknownCertStatus_.find(cert_id);
@@ -586,6 +588,7 @@ TrustStore::getCertificateStatus(const std::string& cert_id) const
 std::vector<std::string>
 TrustStore::getCertificatesByStatus(TrustStore::PermissionStatus status) const
 {
+    std::lock_guard<std::recursive_mutex> lk(mutex_);
    std::vector<std::string> ret;
    for (const auto& i : certStatus_)
        if (i.second.second.allowed == (status == TrustStore::PermissionStatus::ALLOWED))
@@ -600,9 +603,10 @@ bool
 TrustStore::isAllowed(const crypto::Certificate& crt, bool allowPublic)
 {
    // Match by certificate pinning
+    std::lock_guard<std::recursive_mutex> lk(mutex_);
    bool allowed {allowPublic};
    for (auto c = &crt; c; c = c->issuer.get()) {
-        auto status = getCertificateStatus(c->getId().toString());
+        auto status = getCertificateStatus(c->getId().toString()); // lock mutex_
        if (status == PermissionStatus::ALLOWED)
            allowed = true;
        else if (status == PermissionStatus::BANNED)

--- a/src/security/certstore.h
+++ b/src/security/certstore.h
@@ -171,6 +171,7 @@ private:
    };

    // unknown certificates with known status
+    mutable std::recursive_mutex mutex_;
    std::map<std::string, Status> unknownCertStatus_;
    std::map<std::string, std::pair<std::shared_ptr<crypto::Certificate>, Status>> certStatus_;
    dht::crypto::TrustList allowed_;