Fix concurrent problem in key vault certificates (Azure#22535)

Rujun Chen · web-flow · commit 70fcb3725850 · 2021-06-29T08:29:14.000+08:00
diff --git a/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificates.java b/sdk/keyvault/azure-security-keyvault-jca/src/main/java/com/azure/security/keyvault/jca/KeyVaultCertificates.java
@@ -131,12 +131,16 @@ public Map<String, Key> getCertificateKeys() {
     }
 
     private void refreshCertificatesIfNeeded() {
-        if (certificatesNeedRefresh()) {
+        if (certificatesNeedRefresh()) { // Avoid acquiring the lock as much as possible.
             refreshCertificates();
         }
     }
 
-    private void refreshCertificates() {
+    private synchronized void refreshCertificates() {
+        if (!certificatesNeedRefresh()) {
+            return; // After obtaining the lock, avoid doing too many operations.
+        }
+        // When refreshing certificates, the update of the 3 variables should be an atomic operation.
         aliases = keyVaultClient.getAliases();
         certificateKeys.clear();
         certificates.clear();

Original file line number	Diff line number	Diff line change
`@@ -131,12 +131,16 @@ public Map<String, Key> getCertificateKeys() {`
`131`	`131`	`}`
`132`	`132`
`133`	`133`	`private void refreshCertificatesIfNeeded() {`
`134`		`- if (certificatesNeedRefresh()) {`
	`134`	`+ if (certificatesNeedRefresh()) { // Avoid acquiring the lock as much as possible.`
`135`	`135`	`refreshCertificates();`
`136`	`136`	`}`
`137`	`137`	`}`
`138`	`138`
`139`		`- private void refreshCertificates() {`
	`139`	`+ private synchronized void refreshCertificates() {`
	`140`	`+ if (!certificatesNeedRefresh()) {`
	`141`	`+ return; // After obtaining the lock, avoid doing too many operations.`
	`142`	`+ }`
	`143`	`+ // When refreshing certificates, the update of the 3 variables should be an atomic operation.`
`140`	`144`	`aliases = keyVaultClient.getAliases();`
`141`	`145`	`certificateKeys.clear();`
`142`	`146`	`certificates.clear();`