RFR: 8341964: Add mechanism to disable different parts of TLS cipher suite [v4]
Artur Barashev
abarashev at openjdk.org
Thu Nov 7 20:12:24 UTC 2024
On Thu, 7 Nov 2024 19:02:53 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> - Cache the patterns
>> - Make matching case-sensitive
>> - Update java.security documentation
>> - Refactor the tests
>
> src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java line 126:
>
>> 124: }
>> 125:
>> 126: Pattern p = patternCache.get(pattern);
>
> I think you want to use `putIfAbsent` here, so the operation happens atomically.
Actually if we do `patternCache.putIfAbsent(pattern, Pattern.compile(pattern.replace("*", ".*")))` we'll be computing Pattern on every call regardless if it's already present in cache. Also `putIfAbsent` makes no guarantees of atomicity. Better candidate here seems to be `computeIfAbsent` method, but still it would not be as fast as the current solution because it would add an extra `get` call to the cache interaction. That's how exactly `computeIfAbsent` method works:
` * <pre> {@code
* if (map.get(key) == null) {
* V newValue = mappingFunction.apply(key);
* if (newValue != null)
* map.put(key, newValue);
* }
* }</pre>
`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1833308486
More information about the security-dev
mailing list