RFR: 8129988: JSSE should create a single instance of the cacerts KeyStore

Xuelei Fan xuelei.fan at oracle.com
Wed Sep 30 02:33:11 UTC 2015

private synchronized static KeyStore getDefaultCacertsKeyStore()

private synchronized static KeyStore getDefaultCacertsKeyStore(
                            String javaHome, String type,
                            String provider, String password,
                            String dbgOption) throws Exception {
    if (defaultCacertsKeyStore != null) {
        return defaultCacertsKeyStore;

Looks like the parameters would impact the returned value.  However, as
defaultCacertsKeyStore is singleton instance, these parameters have no
impact any more after the initialization.  This is a behavior change.
The behavior change is OK to me, but we maybe want to add a comment or
twist the method a little bit.

For lazy static fields, I would like to use "Lazy initialization holder
class idiom" [#71, Effective Java, 2ED], rather than synchronized
method, for performance benefits.


On 9/30/2015 2:07 AM, Sean Mullan wrote:
> Please review this fix to modify the TrustManagerFactory implementation
> to create a single instance of the cacerts or jssecacerts KeyStore. This
> significantly improves performance in a multithreaded environment.
> The code has been refactored a bit to move common code into a few
> private methods.
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8129988/webrev.00/
> Thanks,
> Sean

More information about the security-dev mailing list