ccnx: Make verifier thread-safe; use it in ccnx-wrapper
Change-Id: I5ba3d2565921c461cabe912fb86504bc36b6a69f
diff --git a/ccnx/ccnx-verifier.cpp b/ccnx/ccnx-verifier.cpp
index cee45a9..6090274 100644
--- a/ccnx/ccnx-verifier.cpp
+++ b/ccnx/ccnx-verifier.cpp
@@ -20,6 +20,7 @@
*/
#include "ccnx-verifier.h"
+#include "ccnx-wrapper.h"
namespace Ccnx {
@@ -47,20 +48,24 @@
}
HashPtr publisherPublicKeyDigest = pco->publisherPublicKeyDigest();
- CertCache::iterator it = m_certCache.find(*publisherPublicKeyDigest);
- if (it != m_certCache.end())
+
{
- CertPtr cert = it->second;
- if (cert->validity() == Cert::WITHIN_VALID_TIME_SPAN)
+ UniqueRecLock lock(m_cacheLock);
+ CertCache::iterator it = m_certCache.find(*publisherPublicKeyDigest);
+ if (it != m_certCache.end())
{
- // integrity checked, and the key is trustworthy
- pco->setVerified(true);
- return true;
- }
- else
- {
- // delete the invalid cert cache
- m_certCache.erase(it);
+ CertPtr cert = it->second;
+ if (cert->validity() == Cert::WITHIN_VALID_TIME_SPAN)
+ {
+ // integrity checked, and the key is trustworthy
+ pco->setVerified(true);
+ return true;
+ }
+ else
+ {
+ // delete the invalid cert cache
+ m_certCache.erase(it);
+ }
}
}
@@ -139,7 +144,10 @@
// ok, keyObject verified, because metaObject is signed by the same parent key and integrity checked
// so metaObject is also verified
- m_certCache.insert(std::make_pair(cert->keyDigest(), cert));
+ {
+ UniqueRecLock lock(m_cacheLock);
+ m_certCache.insert(std::make_pair(cert->keyDigest(), cert));
+ }
pco->setVerified(true);
return true;