certificate: add public key cache

51525d14 · Adrien Béraud · 965fbb43 · 51525d14 · 51525d14 · 51525d14
Commit 51525d14 authored 2 years ago by Adrien Béraud
--- a/c/opendht.cpp
+++ b/c/opendht.cpp
@@ -261,7 +261,7 @@ dht_pkid dht_certificate_get_long_id(const dht_certificate* c) {

 dht_publickey* dht_certificate_get_publickey(const dht_certificate* c) {
    const auto& cert = *reinterpret_cast<const CertSp*>(c);
-    return reinterpret_cast<dht_publickey*>(new PubkeySp(std::make_shared<dht::crypto::PublicKey>(cert->getPublicKey())));
+    return reinterpret_cast<dht_publickey*>(new PubkeySp(cert->getSharedPublicKey()));
 }

 // dht::crypto::Identity

--- a/include/opendht/crypto.h
+++ b/include/opendht/crypto.h
@@ -390,7 +390,11 @@ struct OPENDHT_PUBLIC Certificate {
     */
    Certificate(gnutls_x509_crt_t crt) noexcept : cert(crt) {}

-    Certificate(Certificate&& o) noexcept : cert(o.cert), issuer(std::move(o.issuer)) { o.cert = nullptr; };
+    Certificate(Certificate&& o) noexcept
+        : cert(o.cert)
+        , issuer(std::move(o.issuer))
+        , publicKey_(std::move(o.publicKey_))
+        { o.cert = nullptr; };

    /**
     * Import certificate (PEM or DER) or certificate chain (PEM),
@@ -498,7 +502,8 @@ struct OPENDHT_PUBLIC Certificate {
    void msgpack_unpack(const msgpack::object& o);

    explicit operator bool() const { return cert; }
-    PublicKey getPublicKey() const;
+    const PublicKey& getPublicKey() const;
+    const std::shared_ptr<PublicKey>& getSharedPublicKey() const;

    /** Same as getPublicKey().getId() */
    const InfoHash& getId() const;
@@ -631,6 +636,9 @@ private:
    };

    std::set<std::shared_ptr<RevocationList>, crlNumberCmp> revocation_lists;
+
+    mutable std::mutex publicKeyMutex_ {};
+    mutable std::shared_ptr<PublicKey> publicKey_ {};
 };

 struct OPENDHT_PUBLIC TrustList

--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -366,7 +366,7 @@ PrivateKey::getSharedPublicKey() const
        auto pk = std::make_shared<PublicKey>();
        if (auto err = gnutls_pubkey_import_privkey(pk->pk, key, GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN, 0))
            throw CryptoException(std::string("Can't retreive public key: ") + gnutls_strerror(err));
-        publicKey_ = pk;
+        publicKey_ = std::move(pk);
    }
    return publicKey_;
 }
@@ -824,13 +824,23 @@ Certificate::~Certificate()
    }
 }

-PublicKey
+const PublicKey&
 Certificate::getPublicKey() const
 {
-    PublicKey pk_ret;
-    if (auto err = gnutls_pubkey_import_x509(pk_ret.pk, cert, 0))
-        throw CryptoException(std::string("Can't get certificate public key: ") + gnutls_strerror(err));
-    return pk_ret;
+    return *getSharedPublicKey();
+}
+
+const std::shared_ptr<PublicKey>&
+Certificate::getSharedPublicKey() const
+{
+    std::lock_guard<std::mutex> lock(publicKeyMutex_);
+    if (not publicKey_) {
+        auto pk = std::make_shared<PublicKey>();
+        if (auto err = gnutls_pubkey_import_x509(pk->pk, cert, 0))
+            throw CryptoException(std::string("Can't get certificate public key: ") + gnutls_strerror(err));
+        publicKey_ = std::move(pk);
+    }
+    return publicKey_;
 }

 const InfoHash&

--- a/src/securedht.cpp
+++ b/src/securedht.cpp
@@ -121,7 +121,7 @@ Sp<crypto::PublicKey>
 SecureDht::getPublicKey(const InfoHash& node) const
 {
    if (node == getId())
-        return std::make_shared<crypto::PublicKey>(certificate_->getPublicKey());
+        return certificate_->getSharedPublicKey();
    auto it = nodesPubKeys_.find(node);
    if (it == nodesPubKeys_.end())
        return nullptr;
@@ -217,7 +217,7 @@ SecureDht::findPublicKey(const InfoHash& node, const std::function<void(const Sp
    }
    findCertificate(node, [=](const Sp<crypto::Certificate>& crt) {
        if (crt && *crt) {
-            auto pk = std::make_shared<crypto::PublicKey>(crt->getPublicKey());
+            auto pk = crt->getSharedPublicKey();
            if (*pk) {
                nodesPubKeys_[pk->getId()] = pk;
                if (cb) cb(pk);