JEP draft: sunpkcs11 SessionManager improvement

OwnerAnthony Scarpino
Created2014/06/16 17:55
Updated2014/10/22 14:48
TypeFeature
StatusClosed / Rejected
Componentsecurity-libs / javax.crypto:pkcs11
ScopeJDK
Discussionsecurity dash dev at openjdk dot java dot net
EffortS
DurationL
Priority3
Reviewed byBrian Goetz
Endorsed byAlan Bateman
Release8u40
Issue8046957

Summary

Replace non-concurrent list array with a concurrent queue for session management in sunpkcs11.

Success Metric

Increase the performance.

Motivation

Performance did not scale as well as it could have using microbenchmarks on some hardware platform.

Description

Session management in sunpkcs11 has been done with synchronized methods around an ArrayList which holds idle PKCS#11 session in a queue. This queue exists to provide better performance by giving open and idle sessions to new crypto operations. Without a queue, opening and closing PKCS#11 session through JNI to the native PKCS#11 library after each crypto operation would be CPU expensive.

The change is to modernize this queue by using a concurrent class, ConcurrentLinkedDeque, and an AtomicInteger as a session counter. This leaves the locking solely in the queue where it is performed better, and releases five methods from being bottlenecked in synchronized locks.

Testing

Used provided test tool in JDK-7107611, no other testing is required.