RFR: 8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry
Daniel JeliĆski
djelinski at openjdk.org
Fri Jun 16 10:06:02 UTC 2023
On Fri, 16 Jun 2023 01:21:57 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> The `attributes` field inside the `PKCS12KeyStore.Entry` class might be modified and retrieved at the same time. Make it concurrent.
>
> The test uses some reflection to get this field and try updating it in multiple threads.
Would it be possible to only catch checked exceptions in `X509KeyManagerImpl.getEntry`? Currently the exception is discarded without a trace, which made debugging this a bit of a challenge.
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1:
> 1: /*
Please modify the `entry.attributes` initializers in lines 240, 700 and 2519 as well. I suppose you could also make the `attributes` final and initialize in line.
src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 2434:
> 2432: byte[] keyId = null;
> 2433: ObjectIdentifier[] trustedKeyUsage = null;
> 2434: Set<PKCS12Attribute> attributes = new HashSet<>();
This change is not necessary; this set is never used by other threads.
-------------
Changes requested by djelinski (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/14506#pullrequestreview-1483127112
PR Review Comment: https://git.openjdk.org/jdk/pull/14506#discussion_r1232039978
PR Review Comment: https://git.openjdk.org/jdk/pull/14506#discussion_r1232039628
More information about the security-dev
mailing list