8285398: Cache the results of constraint checks

Alexey Bakhtin · Alexey Bakhtin · commit bbf2e9a6da49 · 2023-10-17T14:16:30.000Z
Reviewed-by: phh
Backport-of: 00e9c96d51bec53d4ae8a07c9c98af2c62f3d290
diff --git a/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
@@ -27,6 +27,7 @@
 
 import sun.security.validator.Validator;
 
+import java.lang.ref.SoftReference;
 import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
 import java.security.AlgorithmParameters;
@@ -55,6 +56,7 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.StringTokenizer;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.regex.Pattern;
 import java.util.regex.Matcher;
 
@@ -99,6 +101,8 @@ private static class JarHolder {
 
     private final List<String> disabledAlgorithms;
     private final Constraints algorithmConstraints;
+    private volatile SoftReference<Map<String, Boolean>> cacheRef =
+            new SoftReference<>(null);
 
     public static DisabledAlgorithmConstraints certPathConstraints() {
         return CertPathHolder.CONSTRAINTS;
@@ -158,7 +162,7 @@ public DisabledAlgorithmConstraints(String propertyName,
     @Override
     public final boolean permits(Set<CryptoPrimitive> primitives,
             String algorithm, AlgorithmParameters parameters) {
-        if (!checkAlgorithm(disabledAlgorithms, algorithm, decomposer)) {
+        if (!cachedCheckAlgorithm(algorithm)) {
             return false;
         }
 
@@ -242,7 +246,7 @@ public final void permits(String algorithm, ConstraintsParameters cp,
             // Check if named curves in the key are disabled.
             for (Key key : cp.getKeys()) {
                 for (String curve : getNamedCurveFromKey(key)) {
-                    if (!checkAlgorithm(disabledAlgorithms, curve, decomposer)) {
+                    if (!cachedCheckAlgorithm(curve)) {
                         throw new CertPathValidatorException(
                             "Algorithm constraints check failed on disabled " +
                                     "algorithm: " + curve,
@@ -950,6 +954,25 @@ private boolean permitsImpl(Key key) {
         }
     }
 
+    private boolean cachedCheckAlgorithm(String algorithm) {
+        Map<String, Boolean> cache;
+        if ((cache = cacheRef.get()) == null) {
+            synchronized (this) {
+                if ((cache = cacheRef.get()) == null) {
+                    cache = new ConcurrentHashMap<>();
+                    cacheRef = new SoftReference<>(cache);
+                }
+            }
+        }
+        Boolean result = cache.get(algorithm);
+        if (result != null) {
+            return result;
+        }
+        result = checkAlgorithm(disabledAlgorithms, algorithm, decomposer);
+        cache.put(algorithm, result);
+        return result;
+    }
+
     /*
      * This constraint is used for the complete disabling of the algorithm.
      */
