diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-09-29 05:59:38 -0400 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2015-09-30 18:19:57 +1000 |
commit | 2cc49770d1351e451fecacf0ed12aa7f2a968ac0 (patch) | |
tree | b8cf1a959f6972928ac649a5ce2945fff2e0dc0c /base/ca/src | |
parent | d1ceca1a2e0f5bbf5f5b33eed962c34878445f17 (diff) | |
download | pki-2cc49770d1351e451fecacf0ed12aa7f2a968ac0.tar.gz pki-2cc49770d1351e451fecacf0ed12aa7f2a968ac0.tar.xz pki-2cc49770d1351e451fecacf0ed12aa7f2a968ac0.zip |
Lightweight CAs: fix caMap synchronization
Some access to caMap was not correctly synchronized, with
authorities (of which there could be many) acquiring their own
intrinsic lock rather than the shared caMap.
Use 'Collections.synchronizedSortedMap' to fix this. As a bonus,
locking is now more fine-grained.
Diffstat (limited to 'base/ca/src')
-rw-r--r-- | base/ca/src/com/netscape/ca/CertificateAuthority.java | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/base/ca/src/com/netscape/ca/CertificateAuthority.java b/base/ca/src/com/netscape/ca/CertificateAuthority.java index 42a0ec4d1..b3663ed1d 100644 --- a/base/ca/src/com/netscape/ca/CertificateAuthority.java +++ b/base/ca/src/com/netscape/ca/CertificateAuthority.java @@ -161,7 +161,8 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2"); - private static final Map<AuthorityID, ICertificateAuthority> caMap = new TreeMap<>(); + private static final Map<AuthorityID, ICertificateAuthority> caMap = + Collections.synchronizedSortedMap(new TreeMap<>()); protected CertificateAuthority hostCA = null; protected AuthorityID authorityID = null; protected AuthorityID authorityParentID = null; @@ -1934,7 +1935,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori * * This method must only be called by the host CA. */ - private synchronized void loadLightweightCAs() throws EBaseException { + private void loadLightweightCAs() throws EBaseException { ILdapConnFactory dbFactory = CMS.getLdapBoundConnFactory("loadLightweightCAs"); dbFactory.init(CMS.getConfigStore().getSubStore("internaldb")); LDAPConnection conn = dbFactory.getConn(); @@ -2321,10 +2322,12 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori /** * Enumerate all authorities (including host authority) */ - public synchronized List<ICertificateAuthority> getCAs() { + public List<ICertificateAuthority> getCAs() { List<ICertificateAuthority> cas = new ArrayList<>(); - for (ICertificateAuthority ca : caMap.values()) { - cas.add(ca); + synchronized (caMap) { + for (ICertificateAuthority ca : caMap.values()) { + cas.add(ca); + } } return cas; } @@ -2379,9 +2382,7 @@ public class CertificateAuthority implements ICertificateAuthority, ICertAuthori ICertificateAuthority ca = parentCA.createSubCA( subjectDN, description); - synchronized (this) { - caMap.put(ca.getAuthorityID(), ca); - } + caMap.put(ca.getAuthorityID(), ca); return ca; } |