certstore: make TrustStore thread safe

Because multiple threads can access the TrustStore to update/add/rm certificates, introduce a mutex to protect the maps. Because a lot of methods only access the maps in read-only, the mutex is mutable. Moreover, because isAllowed will check the whole chain, to avoid multiple lock/unlocks, the mutex is a recursive one. Change-Id: Iec197221e2eefba4a7192f36f1a9a952f2533778 GitLab: #690
savoirfairelinux · Jan 24, 2022 · 90a5ea2 · 90a5ea2
1 parent 8ca7dd3
commit 90a5ea2
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/src/security/certstore.cpp b/src/security/certstore.cpp
@@ -531,6 +531,7 @@ TrustStore::setCertificateStatus(std::shared_ptr<crypto::Certificate> cert,
 {
     if (cert)
         CertificateStore::instance().pinCertificate(cert, local);
+    std::lock_guard<std::recursive_mutex> lk(mutex_);
     updateKnownCerts();
     bool dirty {false};
     if (status == PermissionStatus::UNDEFINED) {
@@ -573,6 +574,7 @@ TrustStore::setCertificateStatus(std::shared_ptr<crypto::Certificate> cert,
 TrustStore::PermissionStatus
 TrustStore::getCertificateStatus(const std::string& cert_id) const
 {
+    std::lock_guard<std::recursive_mutex> lk(mutex_);
     auto s = certStatus_.find(cert_id);
     if (s == std::end(certStatus_)) {
         auto us = unknownCertStatus_.find(cert_id);
@@ -586,6 +588,7 @@ TrustStore::getCertificateStatus(const std::string& cert_id) const
 std::vector<std::string>
 TrustStore::getCertificatesByStatus(TrustStore::PermissionStatus status) const
 {
+    std::lock_guard<std::recursive_mutex> lk(mutex_);
     std::vector<std::string> ret;
     for (const auto& i : certStatus_)
         if (i.second.second.allowed == (status == TrustStore::PermissionStatus::ALLOWED))
@@ -600,9 +603,10 @@ bool
 TrustStore::isAllowed(const crypto::Certificate& crt, bool allowPublic)
 {
     // Match by certificate pinning
+    std::lock_guard<std::recursive_mutex> lk(mutex_);
     bool allowed {allowPublic};
     for (auto c = &crt; c; c = c->issuer.get()) {
-        auto status = getCertificateStatus(c->getId().toString());
+        auto status = getCertificateStatus(c->getId().toString()); // lock mutex_
         if (status == PermissionStatus::ALLOWED)
             allowed = true;
         else if (status == PermissionStatus::BANNED)

diff --git a/src/security/certstore.h b/src/security/certstore.h
@@ -171,6 +171,7 @@ class TrustStore
     };
 
     // unknown certificates with known status
+    mutable std::recursive_mutex mutex_;
     std::map<std::string, Status> unknownCertStatus_;
     std::map<std::string, std::pair<std::shared_ptr<crypto::Certificate>, Status>> certStatus_;
     dht::crypto::TrustList allowed_;