8285398: Cache the results of constraint checks

Reviewed-by: coffeys, xuelei
2025-08-28 07:14:30 +02:00 · 2022-04-26 05:55:52 +00:00 · 2022-04-26 05:55:52 +00:00 · 00e9c96d51
commit 00e9c96d51
parent 4bf2c18d6c
1 changed files with 25 additions and 3 deletions
--- a/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
+++ b/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
@ -27,6 +27,7 @@ package sun.security.util;

 import sun.security.validator.Validator;

+import java.lang.ref.SoftReference;
 import java.security.AlgorithmParameters;
 import java.security.CryptoPrimitive;
 import java.security.Key;
@ -45,7 +46,6 @@ import java.time.ZonedDateTime;
 import java.time.ZoneId;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@ -54,6 +54,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.Collection;
 import java.util.StringTokenizer;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.regex.Pattern;
 import java.util.regex.Matcher;

@ -101,6 +102,8 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {

    private final Set<String> disabledAlgorithms;
    private final Constraints algorithmConstraints;
+    private volatile SoftReference<Map<String, Boolean>> cacheRef =
+            new SoftReference<>(null);

    public static DisabledAlgorithmConstraints certPathConstraints() {
        return CertPathHolder.CONSTRAINTS;
@ -158,7 +161,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
                    " or empty.");
        }

-        if (!checkAlgorithm(disabledAlgorithms, algorithm, decomposer)) {
+        if (!cachedCheckAlgorithm(algorithm)) {
            return false;
        }

@ -241,7 +244,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
            // Check if named curves in the key are disabled.
            for (Key key : cp.getKeys()) {
                for (String curve : getNamedCurveFromKey(key)) {
-                    if (!checkAlgorithm(disabledAlgorithms, curve, decomposer)) {
+                    if (!cachedCheckAlgorithm(curve)) {
                        throw new CertPathValidatorException(
                            "Algorithm constraints check failed on disabled " +
                                    "algorithm: " + curve,
@ -947,6 +950,25 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
        }
    }

+    private boolean cachedCheckAlgorithm(String algorithm) {
+        Map<String, Boolean> cache;
+        if ((cache = cacheRef.get()) == null) {
+            synchronized (this) {
+                if ((cache = cacheRef.get()) == null) {
+                    cache = new ConcurrentHashMap<>();
+                    cacheRef = new SoftReference<>(cache);
+                }
+            }
+        }
+        Boolean result = cache.get(algorithm);
+        if (result != null) {
+            return result;
+        }
+        result = checkAlgorithm(disabledAlgorithms, algorithm, decomposer);
+        cache.put(algorithm, result);
+        return result;
+    }
+
    /*
     * This constraint is used for the complete disabling of the algorithm.
     */