JEP draft: sunpkcs11 SessionManager improvement

OwnerAnthony Scarpino
TypeFeature
ScopeJDK
StatusClosed / Rejected
Release8u40
Componentsecurity-libs / javax.crypto:pkcs11
Discussionsecurity dash dev at openjdk dot java dot net
EffortS
DurationL
Reviewed byBrian Goetz
Endorsed byAlan Bateman
Created2014/06/16 17:55
Updated2014/10/22 14:48
Issue8046957

Summary

Replace non-concurrent list array with a concurrent queue for session management in sunpkcs11.

Success Metric

Increase the performance.

Motivation

Performance did not scale as well as it could have using microbenchmarks on some hardware platform.

Description

Session management in sunpkcs11 has been done with synchronized methods around an ArrayList which holds idle PKCS#11 session in a queue. This queue exists to provide better performance by giving open and idle sessions to new crypto operations. Without a queue, opening and closing PKCS#11 session through JNI to the native PKCS#11 library after each crypto operation would be CPU expensive.

The change is to modernize this queue by using a concurrent class, ConcurrentLinkedDeque, and an AtomicInteger as a session counter. This leaves the locking solely in the queue where it is performed better, and releases five methods from being bottlenecked in synchronized locks.

Testing

Used provided test tool in JDK-7107611, no other testing is required.