< prev index next >

src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java

Print this page

        

*** 28,38 **** import java.io.*; import java.lang.ref.WeakReference; import java.security.*; import java.security.cert.*; import java.util.*; - import java.util.concurrent.locks.ReentrantLock; import sun.security.action.*; import sun.security.validator.TrustStoreUtil; /** * Collection of static utility methods to manage the default trusted KeyStores --- 28,37 ----
*** 243,254 **** // // Use weak reference so that the heavy loaded certificates collection // objects can be atomically cleared, and reloaded if needed. private WeakReference<Set<X509Certificate>> csRef; - private final ReentrantLock tamLock = new ReentrantLock(); - private TrustAnchorManager() { this.descriptor = null; this.ksRef = new WeakReference<>(null); this.csRef = new WeakReference<>(null); } --- 242,251 ----
*** 256,359 **** /** * Get the default trusted KeyStore with the specified descriptor. * * @return null if the underlying KeyStore is not available. */ ! KeyStore getKeyStore( TrustStoreDescriptor descriptor) throws Exception { TrustStoreDescriptor temporaryDesc = this.descriptor; KeyStore ks = ksRef.get(); if ((ks != null) && descriptor.equals(temporaryDesc)) { return ks; } ! tamLock.lock(); ! try { ! // double check ! ks = ksRef.get(); ! if ((ks != null) && descriptor.equals(temporaryDesc)) { ! return ks; ! } ! ! // Reload a new key store. ! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { ! SSLLogger.fine("Reload the trust store"); ! } ! ! ks = loadKeyStore(descriptor); ! this.descriptor = descriptor; ! this.ksRef = new WeakReference<>(ks); ! } finally { ! tamLock.unlock(); } return ks; } /** * Get trusted certificates in the default trusted KeyStore with * the specified descriptor. * * @return empty collection if the underlying KeyStore is not available. */ ! Set<X509Certificate> getTrustedCerts( TrustStoreDescriptor descriptor) throws Exception { KeyStore ks = null; TrustStoreDescriptor temporaryDesc = this.descriptor; Set<X509Certificate> certs = csRef.get(); ! if ((certs != null) && descriptor.equals(temporaryDesc)) { ! return certs; ! } ! ! tamLock.lock(); ! try { ! // double check ! temporaryDesc = this.descriptor; ! certs = csRef.get(); ! if (certs != null) { ! if (descriptor.equals(temporaryDesc)) { ! return certs; ! } else { ! // Use the new descriptor. ! this.descriptor = descriptor; ! } } else { ! // Try to use the cached store at first. ! if (descriptor.equals(temporaryDesc)) { ! ks = ksRef.get(); ! } else { ! // Use the new descriptor. ! this.descriptor = descriptor; ! } } ! ! // Reload the trust store if needed. ! if (ks == null) { ! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { ! SSLLogger.fine("Reload the trust store"); ! } ! ks = loadKeyStore(descriptor); ! this.ksRef = new WeakReference<>(ks); } ! // Reload trust certs from the key store. if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { ! SSLLogger.fine("Reload trust certs"); } ! certs = loadTrustedCerts(ks); ! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { ! SSLLogger.fine("Reloaded " + certs.size() + " trust certs"); ! } ! this.csRef = new WeakReference<>(certs); ! } finally { ! tamLock.unlock(); } return certs; } /** * Load the KeyStore as described in the specified descriptor. --- 253,334 ---- /** * Get the default trusted KeyStore with the specified descriptor. * * @return null if the underlying KeyStore is not available. */ ! synchronized KeyStore getKeyStore( TrustStoreDescriptor descriptor) throws Exception { TrustStoreDescriptor temporaryDesc = this.descriptor; KeyStore ks = ksRef.get(); if ((ks != null) && descriptor.equals(temporaryDesc)) { return ks; } ! // Reload a new key store. ! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { ! SSLLogger.fine("Reload the trust store"); } + ks = loadKeyStore(descriptor); + this.descriptor = descriptor; + this.ksRef = new WeakReference<>(ks); + return ks; } /** * Get trusted certificates in the default trusted KeyStore with * the specified descriptor. * * @return empty collection if the underlying KeyStore is not available. */ ! synchronized Set<X509Certificate> getTrustedCerts( TrustStoreDescriptor descriptor) throws Exception { KeyStore ks = null; TrustStoreDescriptor temporaryDesc = this.descriptor; Set<X509Certificate> certs = csRef.get(); ! if (certs != null) { ! if (descriptor.equals(temporaryDesc)) { ! return certs; } else { ! // Use the new descriptor. ! this.descriptor = descriptor; } ! } else { ! // Try to use the cached store at first. ! if (descriptor.equals(temporaryDesc)) { ! ks = ksRef.get(); ! } else { ! // Use the new descriptor. ! this.descriptor = descriptor; } + } ! // Reload the trust store if needed. ! if (ks == null) { if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { ! SSLLogger.fine("Reload the trust store"); } + ks = loadKeyStore(descriptor); + } ! // Reload trust certs from the key store. ! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { ! SSLLogger.fine("Reload trust certs"); ! } ! certs = loadTrustedCerts(ks); ! if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { ! SSLLogger.fine("Reloaded " + certs.size() + " trust certs"); } + // Note that as ks is a local variable, it is not + // necessary to add it to the ksRef weak reference. + this.csRef = new WeakReference<>(certs); + return certs; } /** * Load the KeyStore as described in the specified descriptor.
< prev index next >