8285398: Cache the results of constraint checks

Backport-of: 4b25717
openjdk · Jun 29, 2022 · b4f0859 · b4f0859 · openjdk-notifier · Jun 29, 2022
1 parent eb8789b
commit b4f0859
Showing 1 changed file with 25 additions and 2 deletions.
diff --git a/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
@@ -27,6 +27,7 @@
 
 import sun.security.validator.Validator;
 
+import java.lang.ref.SoftReference;
 import java.security.AlgorithmParameters;
 import java.security.CryptoPrimitive;
 import java.security.Key;
@@ -53,6 +54,7 @@
 import java.util.Collection;
 import java.util.StringTokenizer;
 import java.util.TimeZone;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.regex.Pattern;
 import java.util.regex.Matcher;
 
@@ -100,6 +102,8 @@ private static class JarHolder {
 
     private final Set<String> disabledAlgorithms;
     private final Constraints algorithmConstraints;
+    private volatile SoftReference<Map<String, Boolean>> cacheRef =
+            new SoftReference<>(null);
 
     public static DisabledAlgorithmConstraints certPathConstraints() {
         return CertPathHolder.CONSTRAINTS;
@@ -152,7 +156,7 @@ public DisabledAlgorithmConstraints(String propertyName,
     @Override
     public final boolean permits(Set<CryptoPrimitive> primitives,
             String algorithm, AlgorithmParameters parameters) {
-        if (!checkAlgorithm(disabledAlgorithms, algorithm, decomposer)) {
+        if (!cachedCheckAlgorithm(algorithm)) {
             return false;
         }
 
@@ -235,7 +239,7 @@ public final void permits(String algorithm, ConstraintsParameters cp)
         // Check if named curves in the key are disabled.
         for (Key key : cp.getKeys()) {
             for (String curve : getNamedCurveFromKey(key)) {
-                if (!checkAlgorithm(disabledAlgorithms, curve, decomposer)) {
+                if (!cachedCheckAlgorithm(curve)) {
                     throw new CertPathValidatorException(
                             "Algorithm constraints check failed on disabled " +
                                     "algorithm: " + curve,
@@ -952,6 +956,25 @@ private boolean permitsImpl(Key key) {
         }
     }
 
+    private boolean cachedCheckAlgorithm(String algorithm) {
+        Map<String, Boolean> cache;
+        if ((cache = cacheRef.get()) == null) {
+            synchronized (this) {
+                if ((cache = cacheRef.get()) == null) {
+                    cache = new ConcurrentHashMap<>();
+                    cacheRef = new SoftReference<>(cache);
+                }
+            }
+        }
+        Boolean result = cache.get(algorithm);
+        if (result != null) {
+            return result;
+        }
+        result = checkAlgorithm(disabledAlgorithms, algorithm, decomposer);
+        cache.put(algorithm, result);
+        return result;
+    }
+
     /*
      * This constraint is used for the complete disabling of the algorithm.
      */