The difference will be big. I've simplified the logic into 1. read bytes between first ": " and \r\n as alias 2. read bytes between first \r\n after first "-" and next "-" as a cert 3. goto 1
And I only store the cert bytes and do not create a Certificate until getCertificate() is read. I even haven't de-BASE64 them. Time spent is still ~2.5x of JKS (when reading from a ByteArrayInputStream). I guess the major reason is that there is no length field for the cert, so we must read-and-check all the time. --Max > On Aug 14, 2019, at 9:31 PM, Sean Mullan <sean.mul...@oracle.com> wrote: > > On 8/13/19 10:19 PM, Weijun Wang wrote: >>> I will also pass a pretty large cacerts with public CA and our CAs and >>> see wether your parser doesn't choke on it. >> PEM is certainly slower than JKS because of text reading and de-Base64. I'll >> see if I can make any enhancement. > > This is a bit of a concern for me. In the past, reading cacerts has been a > bit of a bottleneck and we have made some improvements over the years such > as: https://bugs.openjdk.java.net/browse/JDK-8129988 > > I would not want to see a regression in performance. > > --Sean
