On 11/13/18 1:53 PM, Sean Mullan wrote:
* src/java.base/share/classes/sun/security/x509/X509CertImpl.java
158 // Event recording cache list
159 private List<Integer> recordedCerts;
Shouldn't this be static? Otherwise each certificate would have it's own
instance and duplicates would not be detected.
Thinking more about this, this List has the potential to contain a lot
of entries if there are many certificates and there is no way to control
the size. It might be better to leverage the existing in-memory
certificate cache in sun/security/provider/X509Factory.java:
private static final Cache<Object, X509CertImpl> certCache
= Cache.newSoftMemoryCache(750);
Could you look into moving the code from X509CertImpl to X509Factory
instead? In engineGenerateCertificate, you could do the commit only if
it is added to the cache:
try {
byte[] encoding = readOneBlock(is);
if (encoding != null) {
X509CertImpl cert = getFromCache(certCache, encoding);
if (cert != null) {
return cert;
}
cert = new X509CertImpl(encoding);
addToCache(certCache, cert.getEncodedInternal(), cert);
commitEvent();
return cert;
This way you could leverage the same cache. Duplicates could get
recorded but only if the constraints on the cache are exceeded. This
seems like a fair tradeoff.
--Sean
