Add Pkcs11ElectronicID::release()

WE2-911

Signed-off-by: Mart Somermaa <[email protected]>

Author: mrts

include/electronic-id/electronic-id.hpp

@@ -83,6 +83,13 @@ class ElectronicID
     // General functions.
     virtual bool allowsUsingLettersAndSpecialCharactersInPin() const { return false; }
     virtual bool providesExternalPinDialog() const { return false; }
+
+    /** Extension point for releasing the resources held by the ElectronicID object.
+     * By default, this function does nothing. It serves as an extension point for
+     * Pkcs11ElectronicID which needs to release the PKCS#11 module before the application exits to
+     * prevent potential crashes. */
+    virtual void release() const {}
+
     virtual std::string name() const = 0;
     virtual Type type() const = 0;
 

src/electronic-ids/pkcs11/PKCS11CardManager.hpp

@@ -70,7 +70,9 @@ class PKCS11CardManager
     static std::shared_ptr<PKCS11CardManager> instance(const std::filesystem::path& module)
     {
         static std::mutex mutex;
-        static std::unordered_map<std::string, std::shared_ptr<PKCS11CardManager>> instances;
+        // Use weak_ptr to avoid increasing the reference count while providing safe
+        // shared access to the PKCS11CardManager instance for the given module.
+        static std::unordered_map<std::string, std::weak_ptr<PKCS11CardManager>> instances;
 
         // There is no std::hash for std::filesystem::path, use the string value.
         // Note that two different path strings that refer to the same filesystem location
@@ -81,10 +83,24 @@ class PKCS11CardManager
 
         auto it = instances.find(moduleStr);
         if (it != instances.end()) {
-            return it->second;
+            // If the object has already been destroyed, weak_ptr.lock() returns an empty
+            // shared_ptr.
+            if (auto instancePtr = it->second.lock()) {
+                return instancePtr;
+            }
         }
 
-        auto newInstance = std::shared_ptr<PKCS11CardManager>(new PKCS11CardManager(module));
+        // Custom deleter that also removes the instance from the map.
+        auto deleter = [moduleStr](PKCS11CardManager* manager) {
+            {
+                std::lock_guard<std::mutex> lock(mutex);
+                instances.erase(moduleStr);
+            }
+            delete manager;
+        };
+
+        auto newInstance =
+            std::shared_ptr<PKCS11CardManager>(new PKCS11CardManager(module), deleter);
         instances[moduleStr] = newInstance;
         return newInstance;
     }

src/electronic-ids/pkcs11/Pkcs11ElectronicID.cpp

@@ -174,6 +174,8 @@ Pkcs11ElectronicID::Pkcs11ElectronicID(ElectronicID::Type type) :
     ElectronicID {std::make_unique<pcsc_cpp::SmartCard>()}, module {getModule(type)},
     manager {PKCS11CardManager::instance(module.path)}
 {
+    REQUIRE_NON_NULL(manager)
+
     bool seenAuthToken = false;
     bool seenSigningToken = false;
 
@@ -215,6 +217,8 @@ ElectronicID::PinRetriesRemainingAndMax Pkcs11ElectronicID::authPinRetriesLeft()
 pcsc_cpp::byte_vector Pkcs11ElectronicID::signWithAuthKey(const byte_vector& pin,
                                                           const byte_vector& hash) const
 {
+    REQUIRE_NON_NULL(manager)
+
     try {
         validateAuthHashLength(authSignatureAlgorithm(), name(), hash);
 
@@ -254,6 +258,8 @@ ElectronicID::Signature Pkcs11ElectronicID::signWithSigningKey(const byte_vector
                                                                const byte_vector& hash,
                                                                const HashAlgorithm hashAlgo) const
 {
+    REQUIRE_NON_NULL(manager)
+
     try {
         validateSigningHash(*this, hashAlgo, hash);
 
@@ -277,3 +283,8 @@ ElectronicID::Signature Pkcs11ElectronicID::signWithSigningKey(const byte_vector
         throw;
     }
 }
+
+void Pkcs11ElectronicID::release() const
+{
+    manager.reset();
+}

src/electronic-ids/pkcs11/Pkcs11ElectronicID.hpp

@@ -68,11 +68,12 @@ class Pkcs11ElectronicID : public ElectronicID
     Signature signWithSigningKey(const byte_vector& pin, const byte_vector& hash,
                                  const HashAlgorithm hashAlgo) const override;
 
+    void release() const override;
     std::string name() const override { return module.name; }
     Type type() const override { return module.type; }
 
     const Pkcs11ElectronicIDModule& module;
-    const std::shared_ptr<PKCS11CardManager> manager;
+    mutable std::shared_ptr<PKCS11CardManager> manager;
     PKCS11CardManager::Token authToken;
     PKCS11CardManager::Token signingToken;
 };