honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid cloning Mac instances 

This commit modifies the HmacSHA1Provider to return a thread local
instance of Mac instead of using clone since some providers do not
support clone.

Closes elastic/elasticsearch#1468

Original commit: elastic/x-pack-elasticsearch@cb38f5f9e8
This commit is contained in:
Jason Tedor 2016-02-05 10:33:56 -05:00
parent e6784d5c7d
commit 7f5349db57
1 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/crypto/InternalCryptoService.java
View File

@ -564,30 +564,25 @@ public class InternalCryptoService extends AbstractLifecycleComponent<InternalCr
}
/**
* Provider class for the HmacSHA1 {@link Mac} that provides an optimization by using clone instead of calling
* Mac#getInstance and obtaining a lock
* Provider class for the HmacSHA1 {@link Mac} that provides an optimization by using a thread local instead of calling
* Mac#getInstance and obtaining a lock (in the internals)
*/
private static class HmacSHA1Provider {
private static final Mac mac;
static {
private static final ThreadLocal<Mac> MAC = ThreadLocal.withInitial(() -> {
try {
mac = Mac.getInstance(HMAC_ALGO);
return Mac.getInstance(HMAC_ALGO);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("could not create message authentication code instance with algorithm [HmacSHA1]", e);
throw new IllegalStateException("could not create Mac instance with algorithm [" + HMAC_ALGO + "]", e);
}
}
});
private static Mac hmacSHA1() {
try {
Mac hmac = (Mac) mac.clone();
hmac.reset();
return hmac;
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("could not create [HmacSHA1] MAC", e);
}
Mac instance = MAC.get();
instance.reset();
return instance;
}
}
/**