RFR: 8345954: Revisit Class Initializers and Locking in X509TrustManagerImpl [v2]
Artur Barashev
abarashev at openjdk.org
Fri Jan 30 00:47:09 UTC 2026
On Thu, 29 Jan 2026 23:12:22 GMT, Koushik Muthukrishnan Thirupattur <duke at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/provider/X509Factory.java line 118:
>>
>>> 116: X509CertImpl newCert = new X509CertImpl(encoding);
>>> 117: byte[] enc = newCert.getEncodedInternal();
>>> 118: return addIfNotPresent(certCache, enc, newCert);
>>
>> Same: Why we call `addIfNotPresent` if we already checked above that it's not present?
>
> I think we still need `addIfNotPresent` because the earlier `getFromCache()` and the put are not atomic and can race with other threads. `addIfNotPresent` performs the check-then-put under one lock and returns the already-cached instance if another thread won the race. Also, the cache key for insertion is the canonical enc, which may differ from the raw encoding used for the initial lookup, so we might still need this.
But we can simply call `addIfNotPresent` without `getFromCache`, right? I mean we don't need to perform 2 `get` operations in the row.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29181#discussion_r2744136098
More information about the security-dev
mailing list