RFR: 8148188: Enhance the security libraries to record events of interest

Seán Coffey sean.coffey at oracle.com
Tue Jul 10 12:50:42 UTC 2018


Erik,

After some trial edits, I'm not so sure if moving the event & logger 
commit code into the class where it's used works too well after all.

In the code you suggested, there's an assumption that calls such as 
EventHelper.certificateChain(..) are low cost. While that might be the 
case here, it's something we can't always assume. It's called once for 
the JFR operation and once for the Logger operation. That pattern 
multiplies itself further in other Events. i.e. set up and assign the 
variables for a JFR event without knowing whether they'll be needed 
again for the Logger call. We could work around it by setting up some 
local variables and re-using them in the Logger code but then, we're 
back to where we were. The current EventHelper design eliminates this 
problem and also helps to abstract the recording/logging functionality 
away from the functionality of the class itself.

It also becomes a problem where we record events in multiple different 
classes (e.g. SecurityPropertyEvent). While we could leave the code in 
EventHelper for this case, we then have a mixed design pattern.

Are you ok with leaving as is for now? A future wish might be one where 
JFR would handle Logger via its own framework/API in a future JDK release.

I've removed the variable names using underscore. Also optimized some 
variable assignments in X509Impl.commitEvent(..)

http://cr.openjdk.java.net/~coffeys/webrev.8148188.v5/webrev/

regards,
Sean.

On 09/07/2018 18:01, Seán Coffey wrote:
> Erik,
>
> Thanks for reviewing. Comments inline..
>
> On 09/07/18 17:21, Erik Gahlin wrote:
>> Thanks Sean.
>>
>> Some feedback on the code in the security libraries.
>>
>> - We should use camel case naming convention for variables (not 
>> underscore).
> Sure. I see two offending variable names which I'll fix up.
>>
>> - Looking at sun/security/ssl/Finished.java,
>>
>> I wonder if it wouldn't be less code and more easy to read, if we 
>> would commit the event in a local private function and then use the 
>> EventHelper class for common functionality.
> I'm fine with your suggested approach. I figured that tucking the 
> recording/logging logic away in a helper class also had benefits but 
> I'll re-factor to your suggested style unless I hear objections.
>
> regards,
> Sean.
>




More information about the security-dev mailing list