nts: free client cert credentials when not used

Destroy the client cert credentials when destroying the last NKC
instance instead of NKC_Finalise(). This allows the client to reload the
trusted cert file between NTS-KE sessions.

main.c

@@ -38,7 +38,6 @@
 #include "ntp_signd.h"
 #include "ntp_sources.h"
 #include "ntp_core.h"
-#include "nts_ke_client.h"
 #include "nts_ke_server.h"
 #include "nts_ntp_server.h"
 #include "socket.h"
@@ -114,7 +113,6 @@ MAI_CleanupAndExit(void)
   TMC_Finalise();
   MNL_Finalise();
   CLG_Finalise();
-  NKC_Finalise();
   NKS_Finalise();
   NNS_Finalise();
   NSD_Finalise();
@@ -589,7 +587,6 @@ int main
   NSD_Initialise();
   NNS_Initialise();
   NKS_Initialise(scfilter_level);
-  NKC_Initialise();
   CLG_Initialise();
   MNL_Initialise();
   TMC_Initialise();

nts_ke_client.c

@@ -58,7 +58,8 @@ struct NKC_Instance_Record {
 
 /* ================================================== */
 
-static void *client_credentials;
+static void *client_credentials = NULL;
+static int client_credentials_refs = 0;
 
 /* ================================================== */
 
@@ -256,23 +257,6 @@ handle_message(void *arg)
 
 /* ================================================== */
 
-void
-NKC_Initialise(void)
-{
-  client_credentials = NULL;
-}
-
-/* ================================================== */
-
-void
-NKC_Finalise(void)
-{
-  if (client_credentials)
-    NKSN_DestroyCertCredentials(client_credentials);
-}
-
-/* ================================================== */
-
 NKC_Instance
 NKC_CreateInstance(IPSockAddr *address, const char *name)
 {
@@ -287,10 +271,10 @@ NKC_CreateInstance(IPSockAddr *address, const char *name)
   inst->destroying = 0;
   inst->got_response = 0;
 
-  /* Create the credentials with the first client instance and share them
-     with other instances */
+  /* Share the credentials with other client instances */
   if (!client_credentials)
     client_credentials = NKSN_CreateCertCredentials(NULL, NULL, CNF_GetNtsTrustedCertFile());
+  client_credentials_refs++;
 
   return inst;
 }
@@ -310,6 +294,12 @@ NKC_DestroyInstance(NKC_Instance inst)
 
   Free(inst->name);
   Free(inst);
+
+  client_credentials_refs--;
+  if (client_credentials_refs <= 0 && client_credentials) {
+    NKSN_DestroyCertCredentials(client_credentials);
+    client_credentials = NULL;
+  }
 }
 
 /* ================================================== */

nts_ke_client.h

@@ -32,10 +32,6 @@
 
 typedef struct NKC_Instance_Record *NKC_Instance;
 
-/* Init and fini functions */
-extern void NKC_Initialise(void);
-extern void NKC_Finalise(void);
-
 /* Create a client NTS-KE instance */
 extern NKC_Instance NKC_CreateInstance(IPSockAddr *address, const char *name);
 

stubs.c

@@ -536,16 +536,6 @@ NNC_GetReport(NNC_Instance inst, RPT_AuthReport *report)
 {
 }
 
-void
-NKC_Initialise(void)
-{
-}
-
-void
-NKC_Finalise(void)
-{
-}
-
 void
 NKS_Initialise(int scfilter_level)
 {

test/unit/nts_ke_client.c

@@ -112,7 +112,6 @@ test_unit(void)
     CNF_ParseLine(NULL, i + 1, conf[i]);
 
   LCL_Initialise();
-  NKC_Initialise();
 
   SCK_GetLoopbackIPAddress(AF_INET, &addr.ip_addr);
   addr.port = 0;
@@ -129,7 +128,6 @@ test_unit(void)
 
   NKC_DestroyInstance(inst);
 
-  NKC_Finalise();
   LCL_Finalise();
   CNF_Finalise();
 }