From 1c6c89eb52ac80c583c0cd90efdd0784344af434 Mon Sep 17 00:00:00 2001
From: Henning Baldersheim <balder@yahoo-inc.com>
Date: Thu, 23 Apr 2020 16:47:57 +0000
Subject: Use reference counting to avoid relying on GC to drop threads.

---
 .../security/tls/ConfigFileBasedTlsContext.java    | 25 ++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

(limited to 'security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java')

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
index 26dfbf9fd9f..9527d50f339 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
@@ -31,13 +31,17 @@ public class ConfigFileBasedTlsContext implements TlsContext {
 
     private static TlsManager getOrCreateTrustManager(Path tlsOptionsConfigFile) {
         synchronized (trustManagers) {
-            WeakReference<TlsManager> tlsManager = trustManagers.get(tlsOptionsConfigFile);
-            if (tlsManager == null || tlsManager.get() == null) {
-                TlsManager manager = new TlsManager(tlsOptionsConfigFile);
-                trustManagers.put(tlsOptionsConfigFile, new WeakReference<>(manager));
-                return manager;
+            WeakReference<TlsManager> tlsRef = trustManagers.get(tlsOptionsConfigFile);
+            TlsManager tlsManager = null;
+            if (tlsRef != null) {
+                tlsManager = tlsRef.get();
             }
-            return tlsManager.get();
+            if (tlsManager == null) {
+                tlsManager = new TlsManager(tlsOptionsConfigFile);
+                trustManagers.put(tlsOptionsConfigFile, new WeakReference<>(tlsManager));
+            }
+            tlsManager.addRef();
+            return tlsManager;
         }
     }
 
@@ -59,6 +63,15 @@ public class ConfigFileBasedTlsContext implements TlsContext {
     @Override public SSLParameters parameters() { return tlsContext.parameters(); }
     @Override public SSLEngine createSslEngine() { return tlsContext.createSslEngine(); }
     @Override public SSLEngine createSslEngine(String peerHost, int peerPort) { return tlsContext.createSslEngine(peerHost, peerPort); }
+    @Override public void close() {
+        synchronized (trustManagers) {
+            int references = tlsManager.subRef();
+            if (references == 0) {
+                tlsManager.close();
+                trustManagers.remove(tlsManager.getTlsConfigFile());
+            }
+        }
+    }
 
     private static DefaultTlsContext createDefaultTlsContext(TransportSecurityOptions options,
                                                              AuthorizationMode mode,
-- 
cgit v1.2.3