< prev index next >

src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java

Print this page

        

@@ -28,11 +28,10 @@
 import java.io.*;
 import java.lang.ref.WeakReference;
 import java.security.*;
 import java.security.cert.*;
 import java.util.*;
-import java.util.concurrent.locks.ReentrantLock;
 import sun.security.action.*;
 import sun.security.validator.TrustStoreUtil;
 
 /**
  * Collection of static utility methods to manage the default trusted KeyStores

@@ -243,12 +242,10 @@
         //
         // Use weak reference so that the heavy loaded certificates collection
         // objects can be atomically cleared, and reloaded if needed.
         private WeakReference<Set<X509Certificate>> csRef;
 
-        private final ReentrantLock tamLock = new ReentrantLock();
-
         private TrustAnchorManager() {
             this.descriptor = null;
             this.ksRef = new WeakReference<>(null);
             this.csRef = new WeakReference<>(null);
         }

@@ -256,104 +253,82 @@
         /**
          * Get the default trusted KeyStore with the specified descriptor.
          *
          * @return null if the underlying KeyStore is not available.
          */
-        KeyStore getKeyStore(
+        synchronized KeyStore getKeyStore(
                 TrustStoreDescriptor descriptor) throws Exception {
 
             TrustStoreDescriptor temporaryDesc = this.descriptor;
             KeyStore ks = ksRef.get();
             if ((ks != null) && descriptor.equals(temporaryDesc)) {
                 return ks;
             }
 
-            tamLock.lock();
-            try {
-                // double check
-                ks = ksRef.get();
-                if ((ks != null) && descriptor.equals(temporaryDesc)) {
-                    return ks;
-                }
-
-                // Reload a new key store.
-                if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
-                    SSLLogger.fine("Reload the trust store");
-                }
-
-                ks = loadKeyStore(descriptor);
-                this.descriptor = descriptor;
-                this.ksRef = new WeakReference<>(ks);
-            } finally {
-                tamLock.unlock();
+            // Reload a new key store.
+            if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
+                SSLLogger.fine("Reload the trust store");
             }
 
+            ks = loadKeyStore(descriptor);
+            this.descriptor = descriptor;
+            this.ksRef = new WeakReference<>(ks);
+
             return ks;
         }
 
         /**
          * Get trusted certificates in the default trusted KeyStore with
          * the specified descriptor.
          *
          * @return empty collection if the underlying KeyStore is not available.
          */
-        Set<X509Certificate> getTrustedCerts(
+        synchronized Set<X509Certificate> getTrustedCerts(
                 TrustStoreDescriptor descriptor) throws Exception {
 
             KeyStore ks = null;
             TrustStoreDescriptor temporaryDesc = this.descriptor;
             Set<X509Certificate> certs = csRef.get();
-            if ((certs != null) && descriptor.equals(temporaryDesc)) {
-                return certs;
-            }
-
-            tamLock.lock();
-            try {
-                // double check
-                temporaryDesc = this.descriptor;
-                certs = csRef.get();
-                if (certs != null) {
-                    if (descriptor.equals(temporaryDesc)) {
-                        return certs;
-                    } else {
-                        // Use the new descriptor.
-                        this.descriptor = descriptor;
-                    }
+            if (certs != null) {
+                if (descriptor.equals(temporaryDesc)) {
+                    return certs;
                 } else {
-                    // Try to use the cached store at first.
-                    if (descriptor.equals(temporaryDesc)) {
-                        ks = ksRef.get();
-                    } else {
-                        // Use the new descriptor.
-                        this.descriptor = descriptor;
-                    }
+                    // Use the new descriptor.
+                    this.descriptor = descriptor;
                 }
-
-                // Reload the trust store if needed.
-                if (ks == null) {
-                    if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
-                        SSLLogger.fine("Reload the trust store");
-                    }
-                    ks = loadKeyStore(descriptor);
-                    this.ksRef = new WeakReference<>(ks);
+            } else {
+                // Try to use the cached store at first.
+                if (descriptor.equals(temporaryDesc)) {
+                    ks = ksRef.get();
+                } else {
+                    // Use the new descriptor.
+                    this.descriptor = descriptor;
                 }
+            }
 
-                // Reload trust certs from the key store.
+            // Reload the trust store if needed.
+            if (ks == null) {
                 if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
-                    SSLLogger.fine("Reload trust certs");
+                    SSLLogger.fine("Reload the trust store");
                 }
+                ks = loadKeyStore(descriptor);
+            }
 
-                certs = loadTrustedCerts(ks);
-                if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
-                    SSLLogger.fine("Reloaded " + certs.size() + " trust certs");
-                }
+            // Reload trust certs from the key store.
+            if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
+                SSLLogger.fine("Reload trust certs");
+            }
 
-                this.csRef = new WeakReference<>(certs);
-            } finally {
-                tamLock.unlock();
+            certs = loadTrustedCerts(ks);
+            if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) {
+                SSLLogger.fine("Reloaded " + certs.size() + " trust certs");
             }
 
+            // Note that as ks is a local variable, it is not
+            // necessary to add it to the ksRef weak reference.
+            this.csRef = new WeakReference<>(certs);
+
             return certs;
         }
 
         /**
          * Load the KeyStore as described in the specified descriptor.
< prev index next >