securedht: support external certificate store

With setLocalCertificateStore, add an optional custom callback to find an immediately available certificate to use for encryption etc.

securedht: support external certificate store
e88e78a2 · Adrien Béraud · 428ac048 · e88e78a2 · e88e78a2 · e88e78a2
Commit e88e78a2 authored 9 years ago by Adrien Béraud
--- a/include/opendht/dhtrunner.h
+++ b/include/opendht/dhtrunner.h
@@ -223,6 +223,10 @@ public:
        std::lock_guard<std::mutex> lck(dht_mtx);
        dht_->registerCertificate(cert);
    }
+    void setLocalCertificateStore(SecureDht::CertificateStoreQuery&& query_method) {
+        std::lock_guard<std::mutex> lck(dht_mtx);
+        dht_->setLocalCertificateStore(std::move(query_method));
+    }
    /**
     * If threaded is false, loop() must be called periodically.

--- a/include/opendht/securedht.h
+++ b/include/opendht/securedht.h
@@ -121,6 +121,18 @@ public:
    const std::shared_ptr<crypto::Certificate> getCertificate(const InfoHash& node) const;
+    using CertificateStoreQuery = std::function<std::vector<std::shared_ptr<crypto::Certificate>>(const InfoHash& pk_id)>;
+    /**
+     * Allows to set a custom callback called by the library to find a locally-stored certificate.
+     * The search key used is the public key ID, so there may be multiple certificates retured, signed with
+     * the same private key.
+     */
+    void setLocalCertificateStore(CertificateStoreQuery&& query_method) {
+        localQueryMethod_ = std::move(query_method);
+    }
 private:
    // prevent copy
    SecureDht(const SecureDht&) = delete;
@@ -131,6 +143,10 @@ private:
    std::shared_ptr<crypto::PrivateKey> key_ {};
    std::shared_ptr<crypto::Certificate> certificate_ {};
+    // method to query the local certificate store
+    CertificateStoreQuery localQueryMethod_ {};
+    // our certificate cache
    std::map<InfoHash, std::shared_ptr<crypto::Certificate>> nodesCertificates_ {};
    std::uniform_int_distribution<Value::Id> rand_id {};

--- a/src/securedht.cpp
+++ b/src/securedht.cpp
@@ -144,15 +144,16 @@ SecureDht::registerCertificate(const InfoHash& node, const Blob& data)
    InfoHash h = crt->getPublicKey().getId();
    if (node == h) {
        DHT_DEBUG("Registering public key for %s", h.toString().c_str());
-        nodesCertificates_[h] = crt;
+        auto it = nodesCertificates_.find(h);
+        if (it == nodesCertificates_.end())
+            std::tie(it, std::ignore) = nodesCertificates_.emplace(h, std::move(crt));
+        else
+            it->second = std::move(crt);
+        return it->second;
    } else {
        DHT_DEBUG("Certificate %s for node %s does not match node id !", h.toString().c_str(), node.toString().c_str());
        return nullptr;
    }
-    auto it = nodesCertificates_.find(h);
-    if (it == nodesCertificates_.end())
-        return nullptr;
-    return it->second;
 }
 void
@@ -172,6 +173,17 @@ SecureDht::findCertificate(const InfoHash& node, std::function<void(const std::s
            cb(b);
        return;
    }
+    if (localQueryMethod_) {
+        auto res = localQueryMethod_(node);
+        if (not res.empty()) {
+            DHT_DEBUG("Registering public key from local store for %s", node.toString().c_str());
+            nodesCertificates_.emplace(node, res.front());
+            if (cb)
+                cb(res.front());
+            return;
+        }
+    }
    auto found = std::make_shared<bool>(false);
    Dht::get(node, [cb,node,found,this](const std::vector<std::shared_ptr<Value>>& vals) {
        if (*found)