clean up synchronizing Store

just keep all synchronization inside the Store class and keep
the synchronize "small". removed GLOBAL Store lock. part of fixing #14

Sponsored by Lookout Inc.

Author: mkristian

src/main/java/org/jruby/ext/openssl/x509store/Lookup.java

@@ -27,7 +27,6 @@
  ***** END LICENSE BLOCK *****/
 package org.jruby.ext.openssl.x509store;
 
-import static org.jruby.ext.openssl.x509store.X509Utils.CRYPTO_LOCK_X509_STORE;
 import static org.jruby.ext.openssl.x509store.X509Utils.X509_CERT_DIR;
 import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_ASN1;
 import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_DEFAULT;
@@ -595,11 +594,9 @@ else if ( type == X509_LU_CRL ) {
                     }
                 }
                 X509Object tmp = null;
-                synchronized ( CRYPTO_LOCK_X509_STORE ) {
-                    for ( X509Object obj : lookup.store.getObjects() ) {
-                        if ( obj.type() == type && obj.isName(name) ) {
-                            tmp = obj; break;
-                        }
+                for ( X509Object obj : lookup.store.getObjects() ) {
+                    if ( obj.type() == type && obj.isName(name) ) {
+                        tmp = obj; break;
                     }
                 }
                 if ( tmp != null ) {

src/main/java/org/jruby/ext/openssl/x509store/Store.java

@@ -27,7 +27,6 @@
  ***** END LICENSE BLOCK *****/
 package org.jruby.ext.openssl.x509store;
 
-import static org.jruby.ext.openssl.x509store.X509Utils.CRYPTO_LOCK_X509_STORE;
 import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_DEFAULT;
 import static org.jruby.ext.openssl.x509store.X509Utils.X509_FILETYPE_PEM;
 import static org.jruby.ext.openssl.x509store.X509Utils.X509_R_CERT_ALREADY_IN_HASH_TABLE;
@@ -148,11 +147,15 @@ public Store() {
     }
 
     public List<X509Object> getObjects() {
-        return objects;
+        synchronized(objects) {
+            return new ArrayList<X509Object>(objects);
+        }
     }
 
     public List<Lookup> getCertificateMethods() {
-        return certificateMethods;
+        synchronized(certificateMethods) {
+            return new ArrayList<Lookup>(certificateMethods);
+        }
     }
 
     public VerifyParameter getVerifyParameter() {
@@ -185,7 +188,7 @@ public void setVerifyCallbackFunction(VerifyCallbackFunction func) {
      * c: X509_STORE_free
      */
     public void free() throws Exception {
-        synchronized(CRYPTO_LOCK_X509_STORE) {
+        synchronized(certificateMethods) {
             for (Lookup lu : certificateMethods) {
                 lu.shutdown();
                 lu.free();
@@ -200,15 +203,19 @@ public void free() throws Exception {
      * c: X509_set_ex_data
      */
     public int setExtraData(int idx, Object data) {
-        extraData.set(idx,data);
-        return 1;
+        synchronized(extraData) {
+            extraData.set(idx,data);
+            return 1;
+        }
     }
 
     /**
      * c: X509_get_ex_data
      */
     public Object getExtraData(int idx) {
-        return extraData.get(idx);
+        synchronized(extraData) {
+            return extraData.get(idx);
+        }
     }
 
     /**
@@ -251,7 +258,7 @@ public int setParam(VerifyParameter pm) {
      * c: X509_STORE_add_lookup
      */
     public Lookup addLookup(Ruby runtime, final LookupMethod method) throws Exception {
-        synchronized(CRYPTO_LOCK_X509_STORE) {
+        synchronized(certificateMethods) {
             for ( Lookup lookup : certificateMethods ) {
                 if ( lookup.equals(method) ) return lookup;
             }
@@ -272,7 +279,7 @@ public int addCertificate(final X509Certificate cert) {
         certObj.x509 = StoreContext.ensureAux(cert);
 
         int ret = 1;
-        synchronized (CRYPTO_LOCK_X509_STORE) {
+        synchronized (objects) {
             if ( X509Object.retrieveMatch(objects,certObj) != null ) {
                 X509Error.addError(X509_R_CERT_ALREADY_IN_HASH_TABLE);
                 ret = 0;
@@ -293,7 +300,7 @@ public int addCRL(final java.security.cert.CRL crl) {
         final CRL crlObj = new CRL(); crlObj.crl = crl;
 
         int ret = 1;
-        synchronized (CRYPTO_LOCK_X509_STORE) {
+        synchronized (objects) {
             if ( X509Object.retrieveMatch(objects,crlObj) != null ) {
                 X509Error.addError(X509_R_CERT_ALREADY_IN_HASH_TABLE);
                 ret = 0;
@@ -373,7 +380,7 @@ public void checkServerTrusted(X509Certificate[] chain, String authType) {
 
     @Override
     public X509Certificate[] getAcceptedIssuers() {
-        synchronized(CRYPTO_LOCK_X509_STORE) {
+        synchronized(objects) {
             ArrayList<X509Certificate> issuers = new ArrayList<X509Certificate>(objects.size());
             for ( X509Object object : objects ) {
                 if ( object instanceof Certificate ) {

src/main/java/org/jruby/ext/openssl/x509store/StoreContext.java

@@ -150,24 +150,23 @@ else if ( ok != X509Utils.X509_LU_FAIL ) {
             return 1;
         }
 
-        synchronized(X509Utils.CRYPTO_LOCK_X509_STORE) {
-            int idx = X509Object.indexBySubject(store.getObjects(), X509Utils.X509_LU_X509, xn);
-            if ( idx == -1 ) return 0;
-
-            /* Look through all matching certificates for a suitable issuer */
-            for ( int i = idx; i < store.getObjects().size(); i++ ) {
-                final X509Object pobj = store.getObjects().get(i);
-                if ( pobj.type() != X509Utils.X509_LU_X509 ) {
-                    return 0;
-                }
-                final X509AuxCertificate x509 = ((Certificate) pobj).x509;
-                if ( ! xn.equalTo( x509.getSubjectX500Principal() ) ) {
-                    return 0;
-                }
-                if ( checkIssued.call(this, x, x509) != 0 ) {
-                    issuers[0] = x509;
-                    return 1;
-                }
+        List<X509Object> objects = store.getObjects();
+        int idx = X509Object.indexBySubject(objects, X509Utils.X509_LU_X509, xn);
+        if ( idx == -1 ) return 0;
+
+        /* Look through all matching certificates for a suitable issuer */
+        for ( int i = idx; i < objects.size(); i++ ) {
+            final X509Object pobj = objects.get(i);
+            if ( pobj.type() != X509Utils.X509_LU_X509 ) {
+                return 0;
+            }
+            final X509AuxCertificate x509 = ((Certificate) pobj).x509;
+            if ( ! xn.equalTo( x509.getSubjectX500Principal() ) ) {
+                return 0;
+            }
+            if ( checkIssued.call(this, x, x509) != 0 ) {
+                issuers[0] = x509;
+                return 1;
             }
         }
         return 0;
@@ -607,21 +606,20 @@ public int setDefault(String name) {
     public int getBySubject(int type,Name name,X509Object[] ret) throws Exception {
         Store c = store;
 
-        synchronized(X509Utils.CRYPTO_LOCK_X509_STORE) {
-            X509Object tmp = X509Object.retrieveBySubject(c.getObjects(),type,name);
-            if ( tmp == null ) {
-                for(int i=currentMethod; i<c.getCertificateMethods().size(); i++) {
-                    Lookup lu = c.getCertificateMethods().get(i);
-                    X509Object[] stmp = new X509Object[1];
-                    int j = lu.bySubject(type,name,stmp);
-                    if ( j < 0 ) {
-                       currentMethod = i;
-                       return j;
-                    }
-                    else if( j > 0 ) {
-                        tmp = stmp[0];
-                        break;
-                    }
+        X509Object tmp = X509Object.retrieveBySubject(c.getObjects(),type,name);
+        if ( tmp == null ) {
+            List<Lookup> certificateMethods = c.getCertificateMethods();
+            for(int i=currentMethod; i<certificateMethods.size(); i++) {
+                Lookup lu = certificateMethods.get(i);
+                X509Object[] stmp = new X509Object[1];
+                int j = lu.bySubject(type,name,stmp);
+                if ( j < 0 ) {
+                    currentMethod = i;
+                    return j;
+                }
+                else if( j > 0 ) {
+                    tmp = stmp[0];
+                    break;
                 }
             }
             currentMethod = 0;

src/main/java/org/jruby/ext/openssl/x509store/X509Utils.java

@@ -292,8 +292,6 @@ else if ( keyUsage != null && ! keyUsage[5] ) { // KU_KEY_CERT_SIGN
     public static final String X509_CERT_DIR_EVP = "SSL_CERT_DIR";
     public static final String X509_CERT_FILE_EVP = "SSL_CERT_FILE";
 
-    public static final Object CRYPTO_LOCK_X509_STORE = new Object();
-
     public static final int X509_LU_RETRY=-1;
     public static final int X509_LU_FAIL=0;
     public static final int X509_LU_X509=1;