7107611: sun.security.pkcs11.SessionManager is scalability blocker
Reviewed-by: valeriep
/*
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.pkcs11;
import java.util.*;
import java.security.ProviderException;
import sun.security.util.Debug;
import sun.security.pkcs11.wrapper.*;
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
import java.util.concurrent.ConcurrentLinkedDeque;
import java.util.concurrent.atomic.AtomicInteger;
/**
* Session manager. There is one session manager object per PKCS#11
* provider. It allows code to checkout a session, release it
* back to the pool, or force it to be closed.
*
* The session manager pools sessions to minimize the number of
* C_OpenSession() and C_CloseSession() that have to be made. It
* maintains two pools: one for "object" sessions and one for
* "operation" sessions.
*
* The reason for this separation is how PKCS#11 deals with session objects.
* It defines that when a session is closed, all objects created within
* that session are destroyed. In other words, we may never close a session
* while a Key created it in is still in use. We would like to keep the
* number of such sessions low. Note that we occasionally want to explicitly
* close a session, see P11Signature.
*
* NOTE that sessions obtained from this class SHOULD be returned using
* either releaseSession() or closeSession() using a finally block when
* not needed anymore. Otherwise, they will be left for cleanup via the
* PhantomReference mechanism when GC kicks in, but it's best not to rely
* on that since GC may not run timely enough since the native PKCS11 library
* is also consuming memory.
*
* Note that sessions are automatically closed when they are not used for a
* period of time, see Session.
*
* @author Andreas Sterbenz
* @since 1.5
*/
final class SessionManager {
private final static int DEFAULT_MAX_SESSIONS = 32;
private final static Debug debug = Debug.getInstance("pkcs11");
// token instance
private final Token token;
// maximum number of sessions to open with this token
private final int maxSessions;
// total number of active sessions
private AtomicInteger activeSessions = new AtomicInteger();
// pool of available object sessions
private final Pool objSessions;
// pool of available operation sessions
private final Pool opSessions;
// maximum number of active sessions during this invocation, for debugging
private int maxActiveSessions;
// flags to use in the C_OpenSession() call
private final long openSessionFlags;
SessionManager(Token token) {
long n;
if (token.isWriteProtected()) {
openSessionFlags = CKF_SERIAL_SESSION;
n = token.tokenInfo.ulMaxSessionCount;
} else {
openSessionFlags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
n = token.tokenInfo.ulMaxRwSessionCount;
}
if (n == CK_EFFECTIVELY_INFINITE) {
n = Integer.MAX_VALUE;
} else if ((n == CK_UNAVAILABLE_INFORMATION) || (n < 0)) {
// choose an arbitrary concrete value
n = DEFAULT_MAX_SESSIONS;
}
maxSessions = (int)Math.min(n, Integer.MAX_VALUE);
this.token = token;
this.objSessions = new Pool(this);
this.opSessions = new Pool(this);
}
// returns whether only a fairly low number of sessions are
// supported by this token.
boolean lowMaxSessions() {
return (maxSessions <= DEFAULT_MAX_SESSIONS);
}
Session getObjSession() throws PKCS11Exception {
Session session = objSessions.poll();
if (session != null) {
return ensureValid(session);
}
session = opSessions.poll();
if (session != null) {
return ensureValid(session);
}
session = openSession();
return ensureValid(session);
}
Session getOpSession() throws PKCS11Exception {
Session session = opSessions.poll();
if (session != null) {
return ensureValid(session);
}
// create a new session rather than re-using an obj session
// that avoids potential expensive cancels() for Signatures & RSACipher
if (maxSessions == Integer.MAX_VALUE ||
activeSessions.get() < maxSessions) {
session = openSession();
return ensureValid(session);
}
session = objSessions.poll();
if (session != null) {
return ensureValid(session);
}
throw new ProviderException("Could not obtain session");
}
private Session ensureValid(Session session) {
session.id();
return session;
}
Session killSession(Session session) {
if ((session == null) || (token.isValid() == false)) {
return null;
}
if (debug != null) {
String location = new Exception().getStackTrace()[2].toString();
System.out.println("Killing session (" + location + ") active: "
+ activeSessions.get());
}
closeSession(session);
return null;
}
Session releaseSession(Session session) {
if ((session == null) || (token.isValid() == false)) {
return null;
}
if (session.hasObjects()) {
objSessions.release(session);
} else {
opSessions.release(session);
}
return null;
}
void demoteObjSession(Session session) {
if (token.isValid() == false) {
return;
}
if (debug != null) {
System.out.println("Demoting session, active: " +
activeSessions.get());
}
boolean present = objSessions.remove(session);
if (present == false) {
// session is currently in use
// will be added to correct pool on release, nothing to do now
return;
}
opSessions.release(session);
}
private Session openSession() throws PKCS11Exception {
if ((maxSessions != Integer.MAX_VALUE) &&
(activeSessions.get() >= maxSessions)) {
throw new ProviderException("No more sessions available");
}
long id = token.p11.C_OpenSession
(token.provider.slotID, openSessionFlags, null, null);
Session session = new Session(token, id);
activeSessions.incrementAndGet();
if (debug != null) {
synchronized(this) {
if (activeSessions.get() > maxActiveSessions) {
maxActiveSessions = activeSessions.get();
if (maxActiveSessions % 10 == 0) {
System.out.println("Open sessions: " + maxActiveSessions);
}
}
}
}
return session;
}
private void closeSession(Session session) {
session.close();
activeSessions.decrementAndGet();
}
public static final class Pool {
private final SessionManager mgr;
private final ConcurrentLinkedDeque<Session> pool;
Pool(SessionManager mgr) {
this.mgr = mgr;
pool = new ConcurrentLinkedDeque<Session>();
}
boolean remove(Session session) {
return pool.remove(session);
}
Session poll() {
return pool.pollLast();
}
void release(Session session) {
pool.offer(session);
if (session.hasObjects()) {
return;
}
int n = pool.size();
if (n < 5) {
return;
}
Session oldestSession;
long time = System.currentTimeMillis();
int i = 0;
// Check if the session head is too old and continue through queue
// until only one is left.
do {
oldestSession = pool.peek();
if (oldestSession == null || oldestSession.isLive(time) ||
!pool.remove(oldestSession)) {
break;
}
i++;
mgr.closeSession(oldestSession);
} while ((n - i) > 1);
if (debug != null) {
System.out.println("Closing " + i + " idle sessions, active: "
+ mgr.activeSessions);
}
}
}
}