8286433: Cache certificates decoded from TLS session tickets

Reviewed-by: coffeys, xuelei
2025-08-28 15:24:43 +02:00 · 2022-05-12 06:48:38 +00:00 · 2022-05-12 06:48:38 +00:00 · 96d48f386b
commit 96d48f386b
parent 7567627f4a
2 changed files with 18 additions and 13 deletions
--- a/src/java.base/share/classes/sun/security/provider/X509Factory.java
+++ b/src/java.base/share/classes/sun/security/provider/X509Factory.java
@ -98,6 +98,18 @@ public class X509Factory extends CertificateFactorySpi {
        try {
            byte[] encoding = readOneBlock(is);
            if (encoding != null) {
+                return cachedGetX509Cert(encoding);
+            } else {
+                throw new IOException("Empty input");
+            }
+        } catch (IOException ioe) {
+            throw new CertificateException("Could not parse certificate: " +
+                    ioe.toString(), ioe);
+        }
+    }
+
+    public static X509CertImpl cachedGetX509Cert(byte[] encoding)
+            throws CertificateException {
        X509CertImpl cert = getFromCache(certCache, encoding);
        if (cert != null) {
            return cert;
@ -107,13 +119,6 @@ public class X509Factory extends CertificateFactorySpi {
        // record cert details if necessary
        commitEvent(cert);
        return cert;
-            } else {
-                throw new IOException("Empty input");
-            }
-        } catch (IOException ioe) {
-            throw new CertificateException("Could not parse certificate: " +
-                    ioe.toString(), ioe);
-        }
    }

    /**
@ -768,7 +773,7 @@ public class X509Factory extends CertificateFactorySpi {
        return tag;
    }

-    private void commitEvent(X509CertImpl info) {
+    private static void commitEvent(X509CertImpl info) {
        X509CertificateEvent xce = new X509CertificateEvent();
        if (xce.shouldCommit() || EventHelper.isLoggingSecurity()) {
            PublicKey pKey = info.getPublicKey();
--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
@ -24,7 +24,7 @@
 */
 package sun.security.ssl;

-import sun.security.x509.X509CertImpl;
+import sun.security.provider.X509Factory;

 import java.io.IOException;
 import java.math.BigInteger;
@ -459,7 +459,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
                b = new byte[buf.getInt()];
                buf.get(b);
                try {
-                    this.peerCerts[j] = new X509CertImpl(b);
+                    this.peerCerts[j] = X509Factory.cachedGetX509Cert(b);
                } catch (Exception e) {
                    throw new IOException(e);
                }
@ -480,7 +480,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
                    b = new byte[buf.getInt()];
                    buf.get(b);
                    try {
-                        this.localCerts[i] = new X509CertImpl(b);
+                        this.localCerts[i] = X509Factory.cachedGetX509Cert(b);
                    } catch (Exception e) {
                        throw new IOException(e);
                    }