changeset 946:a144afafb6fe

4918870: Examine session cache implementation (sun.misc.Cache) Summary: replace sun.misc.Cache with sun.security.util.Cache Reviewed-by: weijun
author xuelei
date Fri, 20 Feb 2009 12:50:02 +0800
parents f8a9a7aff362
children 6bdbb2f5c763
files src/share/classes/sun/security/ssl/SSLSessionContextImpl.java src/share/classes/sun/security/util/Cache.java
diffstat 2 files changed, 211 insertions(+), 133 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java	Mon Feb 16 17:19:05 2009 +0000
+++ b/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java	Fri Feb 20 12:50:02 2009 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 1999-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,88 +41,112 @@
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 
-import sun.misc.Cache;
+import sun.security.util.Cache;
 
 
-final class SSLSessionContextImpl implements SSLSessionContext
-{
-    private Cache       sessionCache = new Cache();
-    private Cache       sessionHostPortCache = new Cache();
-    private int         cacheLimit;
-    private long        timeoutMillis;
+final class SSLSessionContextImpl implements SSLSessionContext {
+    private Cache sessionCache;         // session cache, session id as key
+    private Cache sessionHostPortCache; // session cache, "host:port" as key
+    private int cacheLimit;             // the max cache size
+    private int timeout;                // timeout in seconds
+
     private static final Debug debug = Debug.getInstance("ssl");
 
-    // file private
-    SSLSessionContextImpl()
-    {
-        cacheLimit = getCacheLimit();
-        timeoutMillis = 86400000; // default, 24 hours
+    // package private
+    SSLSessionContextImpl() {
+        cacheLimit = getDefaultCacheLimit();    // default cache size
+        timeout = 86400;                        // default, 24 hours
+
+        // use soft reference
+        sessionCache = Cache.newSoftMemoryCache(cacheLimit, timeout);
+        sessionHostPortCache = Cache.newSoftMemoryCache(cacheLimit, timeout);
     }
 
     /**
-     * Returns the SSL session object associated with the
-     * specific session ID passed.
+     * Returns the <code>SSLSession</code> bound to the specified session id.
      */
-    public SSLSession   getSession(byte[] id)
-    {
-        SSLSession sess = (SSLSession) sessionCache.get(
-                                new SessionId(id));
-        return checkTimeValidity(sess);
+    public SSLSession getSession(byte[] sessionId) {
+        if (sessionId == null) {
+            throw new NullPointerException("session id cannot be null");
+        }
+
+        SSLSessionImpl sess =
+                (SSLSessionImpl)sessionCache.get(new SessionId(sessionId));
+        if (!isTimedout(sess)) {
+            return sess;
+        }
+
+        return null;
     }
 
     /**
      * Returns an enumeration of the active SSL sessions.
      */
     public Enumeration<byte[]> getIds() {
-        Vector<byte[]> v = new Vector<byte[]>(sessionCache.size());
-        SessionId sessId;
+        SessionCacheVisitor scVisitor = new SessionCacheVisitor();
+        sessionCache.accept(scVisitor);
 
-        for (Enumeration e = sessionCache.keys(); e.hasMoreElements(); ) {
-            sessId = (SessionId) e.nextElement();
-            if (!isTimedout((SSLSession)sessionCache.get(sessId)))
-                v.addElement(sessId.getId());
-        }
-        return v.elements();
+        return scVisitor.getSessionIds();
     }
 
+    /**
+     * Sets the timeout limit for cached <code>SSLSession</code> objects
+     *
+     * Note that after reset the timeout, the cached session before
+     * should be timed within the shorter one of the old timeout and the
+     * new timeout.
+     */
     public void setSessionTimeout(int seconds)
                  throws IllegalArgumentException {
-        if (seconds < 0)
+        if (seconds < 0) {
             throw new IllegalArgumentException();
-        timeoutMillis = seconds * 1000L;
+        }
+
+        if (timeout != seconds) {
+            sessionCache.setTimeout(seconds);
+            sessionHostPortCache.setTimeout(seconds);
+            timeout = seconds;
+        }
     }
 
+    /**
+     * Gets the timeout limit for cached <code>SSLSession</code> objects
+     */
     public int getSessionTimeout() {
-        return (int) (timeoutMillis / 1000);
+        return timeout;
     }
 
+    /**
+     * Sets the size of the cache used for storing
+     * <code>SSLSession</code> objects.
+     */
     public void setSessionCacheSize(int size)
                  throws IllegalArgumentException {
         if (size < 0)
             throw new IllegalArgumentException();
-        cacheLimit = size;
 
-        /**
-         * If cache size limit is reduced, when the cache is full to its
-         * previous limit, trim the cache before its contents
-         * are used.
-         */
-        if ((cacheLimit != 0) && (sessionCache.size() > cacheLimit))
-            adjustCacheSizeTo(cacheLimit);
+        if (cacheLimit != size) {
+            sessionCache.setCapacity(size);
+            sessionHostPortCache.setCapacity(size);
+            cacheLimit = size;
+        }
     }
 
+    /**
+     * Gets the size of the cache used for storing
+     * <code>SSLSession</code> objects.
+     */
     public int getSessionCacheSize() {
         return cacheLimit;
     }
 
+
+    // package-private method, used ONLY by ServerHandshaker
     SSLSessionImpl get(byte[] id) {
-        return (SSLSessionImpl) getSession(id);
+        return (SSLSessionImpl)getSession(id);
     }
 
-    /**
-     * Returns the SSL session object associated with the
-     * specific host name and port number passed.
-     */
+    // package-private method, used ONLY by ClientHandshaker
     SSLSessionImpl get(String hostname, int port) {
         /*
          * If no session caching info is available, we won't
@@ -131,96 +155,51 @@
         if (hostname == null && port == -1) {
             return null;
         }
-        SSLSession sess =  (SSLSessionImpl) sessionHostPortCache
-                                .get(getKey(hostname, port));
-        return (SSLSessionImpl) checkTimeValidity(sess);
+
+        SSLSessionImpl sess =
+            (SSLSessionImpl)sessionHostPortCache.get(getKey(hostname, port));
+        if (!isTimedout(sess)) {
+            return sess;
+        }
+
+        return null;
     }
 
     private String getKey(String hostname, int port) {
-        return (hostname + ":" + String.valueOf(port))
-                        .toLowerCase();
+        return (hostname + ":" + String.valueOf(port)).toLowerCase();
     }
 
+    // cache a SSLSession
+    //
+    // In SunJSSE implementation, a session is created while getting a
+    // client hello or a server hello message, and cached while the
+    // handshaking finished.
+    // Here we time the session from the time it cached instead of the
+    // time it created, which is a little longer than the expected. So
+    // please do check isTimedout() while getting entry from the cache.
     void put(SSLSessionImpl s) {
-        // make space for the new session to be added
-        if ((cacheLimit != 0) && (sessionCache.size() >= cacheLimit))
-            adjustCacheSizeTo(cacheLimit - 1);
-
-        /*
-         * Can always add the session id.
-         */
         sessionCache.put(s.getSessionId(), s);
 
-        /*
-         * If no hostname/port info is available, don't add this one.
-         */
+        // If no hostname/port info is available, don't add this one.
         if ((s.getPeerHost() != null) && (s.getPeerPort() != -1)) {
             sessionHostPortCache.put(
                 getKey(s.getPeerHost(), s.getPeerPort()), s);
         }
+
         s.setContext(this);
     }
 
-    private void adjustCacheSizeTo(int targetSize) {
-
-        int cacheSize = sessionCache.size();
-
-        if (targetSize < 0)
-           return;
-
-        while (cacheSize > targetSize) {
-            SSLSessionImpl lru = null;
-            SSLSessionImpl s = null;
-            Enumeration e;
-
-            if (debug != null && Debug.isOn("sessioncache")) {
-                System.out.println("exceeded cache limit of " + cacheLimit);
-            }
-
-            /*
-             * Count the number of elements in the cache. The size() method
-             * does not reflect the cache entries that are no longer available,
-             * i.e entries that are garbage collected (the cache entries are
-             * held using soft references and are garbage collected when not
-             * in use).
-             */
-            int count;
-            for (count = 0, e = sessionCache.elements();
-                         e.hasMoreElements(); count++) {
-                try {
-                    s = (SSLSessionImpl)e.nextElement();
-                } catch (NoSuchElementException nsee) {
-                    break;
-                }
-                if (isTimedout(s)) {
-                    lru = s;
-                    break;
-                } else if ((lru == null) || (s.getLastAccessedTime()
-                         < lru.getLastAccessedTime())) {
-                    lru = s;
-                }
-            }
-            if ((lru != null) && (count > targetSize)) {
-                if (debug != null && Debug.isOn("sessioncache")) {
-                    System.out.println("uncaching " + lru);
-                }
-                lru.invalidate();
-                count--; // element removed from the cache
-            }
-            cacheSize = count;
+    // package-private method, remove a cached SSLSession
+    void remove(SessionId key) {
+        SSLSessionImpl s = (SSLSessionImpl)sessionCache.get(key);
+        if (s != null) {
+            sessionCache.remove(key);
+            sessionHostPortCache.remove(
+                        getKey(s.getPeerHost(), s.getPeerPort()));
         }
     }
 
-    // file private
-    void remove(SessionId key)
-    {
-        SSLSessionImpl s = (SSLSessionImpl) sessionCache.get(key);
-        sessionCache.remove(key);
-        sessionHostPortCache.remove(getKey(s.getPeerHost(),
-                                         s.getPeerPort()));
-    }
-
-    private int getCacheLimit() {
+    private int getDefaultCacheLimit() {
         int cacheLimit = 0;
         try {
         String s = java.security.AccessController.doPrivileged(
@@ -237,21 +216,40 @@
         return (cacheLimit > 0) ? cacheLimit : 0;
     }
 
-    SSLSession checkTimeValidity(SSLSession sess) {
-        if (isTimedout(sess)) {
+    boolean isTimedout(SSLSession sess) {
+        if (timeout == 0) {
+            return false;
+        }
+
+        if ((sess != null) && ((sess.getCreationTime() + timeout * 1000L)
+                                        <= (System.currentTimeMillis()))) {
             sess.invalidate();
-            return null;
-        } else
-            return sess;
+            return true;
+        }
+
+        return false;
     }
 
-    boolean isTimedout(SSLSession sess) {
-        if (timeoutMillis == 0)
-            return false;
-        if ((sess != null) &&
-            ((sess.getCreationTime() + timeoutMillis)
-                <= (System.currentTimeMillis())))
-            return true;
-        return false;
+    final class SessionCacheVisitor
+            implements sun.security.util.Cache.CacheVisitor {
+        Vector<byte[]> ids = null;
+
+        // public void visit(java.util.Map<Object, Object> map) {}
+        public void visit(java.util.Map<Object, Object> map) {
+            ids = new Vector<byte[]>(map.size());
+
+            for (Object key : map.keySet()) {
+                SSLSessionImpl value = (SSLSessionImpl)map.get(key);
+                if (!isTimedout(value)) {
+                    ids.addElement(((SessionId)key).getId());
+                }
+            }
+        }
+
+        public Enumeration<byte[]> getSessionIds() {
+            return  ids != null ? ids.elements() :
+                                  new Vector<byte[]>().elements();
+        }
     }
+
 }
--- a/src/share/classes/sun/security/util/Cache.java	Mon Feb 16 17:19:05 2009 +0000
+++ b/src/share/classes/sun/security/util/Cache.java	Fri Feb 20 12:50:02 2009 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2006 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -101,6 +101,21 @@
     public abstract void remove(Object key);
 
     /**
+     * Set the maximum size.
+     */
+    public abstract void setCapacity(int size);
+
+    /**
+     * Set the timeout(in seconds).
+     */
+    public abstract void setTimeout(int timeout);
+
+    /**
+     * accept a visitor
+     */
+    public abstract void accept(CacheVisitor visitor);
+
+    /**
      * Return a new memory cache with the specified maximum size, unlimited
      * lifetime for entries, with the values held by SoftReferences.
      */
@@ -178,6 +193,10 @@
         }
     }
 
+    public interface CacheVisitor {
+        public void visit(Map<Object, Object> map);
+    }
+
 }
 
 class NullCache extends Cache {
@@ -208,6 +227,18 @@
         // empty
     }
 
+    public void setCapacity(int size) {
+        // empty
+    }
+
+    public void setTimeout(int timeout) {
+        // empty
+    }
+
+    public void accept(CacheVisitor visitor) {
+        // empty
+    }
+
 }
 
 class MemoryCache extends Cache {
@@ -218,8 +249,8 @@
     private final static boolean DEBUG = false;
 
     private final Map<Object, CacheEntry> cacheMap;
-    private final int maxSize;
-    private final int lifetime;
+    private int maxSize;
+    private long lifetime;
     private final ReferenceQueue queue;
 
     public MemoryCache(boolean soft, int maxSize) {
@@ -328,7 +359,7 @@
             oldEntry.invalidate();
             return;
         }
-        if (cacheMap.size() > maxSize) {
+        if (maxSize > 0 && cacheMap.size() > maxSize) {
             expungeExpiredEntries();
             if (cacheMap.size() > maxSize) { // still too large?
                 Iterator<CacheEntry> t = cacheMap.values().iterator();
@@ -368,6 +399,55 @@
         }
     }
 
+    public synchronized void setCapacity(int size) {
+        expungeExpiredEntries();
+        if (size > 0 && cacheMap.size() > size) {
+            Iterator<CacheEntry> t = cacheMap.values().iterator();
+            for (int i = cacheMap.size() - size; i > 0; i--) {
+                CacheEntry lruEntry = t.next();
+                if (DEBUG) {
+                    System.out.println("** capacity reset removal "
+                        + lruEntry.getKey() + " | " + lruEntry.getValue());
+                }
+                t.remove();
+                lruEntry.invalidate();
+            }
+        }
+
+        maxSize = size > 0 ? size : 0;
+
+        if (DEBUG) {
+            System.out.println("** capacity reset to " + size);
+        }
+    }
+
+    public synchronized void setTimeout(int timeout) {
+        emptyQueue();
+        lifetime = timeout > 0 ? timeout * 1000L : 0L;
+
+        if (DEBUG) {
+            System.out.println("** lifetime reset to " + timeout);
+        }
+    }
+
+    // it is a heavyweight method.
+    public synchronized void accept(CacheVisitor visitor) {
+        expungeExpiredEntries();
+        Map<Object, Object> cached = getCachedEntries();
+
+        visitor.visit(cached);
+    }
+
+    private Map<Object, Object> getCachedEntries() {
+        Map<Object,Object> kvmap = new HashMap<Object,Object>(cacheMap.size());
+
+        for (CacheEntry entry : cacheMap.values()) {
+            kvmap.put(entry.getKey(), entry.getValue());
+        }
+
+        return kvmap;
+    }
+
     protected CacheEntry newEntry(Object key, Object value,
             long expirationTime, ReferenceQueue queue) {
         if (queue != null) {