In general, can the verify-methods in java.security.cert.Certificate be considered thread-safe? Specifically, verify(PublicKey key) and verify(PublicKey key, String sigProvider). Can multiple threads call these methods simultaneously without worrying that they will modify internal data in a thread-unsafe way?
The JavaDoc does not mention anything about this. Perhaps this is implementation specific?
I would like to do something like this:
Certificate certificate = getCertificateFromCache();
certificate.verify(whatever);
Ideally without putting it in a synchronized block.
Certificate.verifyis an abstract method. So from this perspective there can’t be any guarantee, that all implementations are always thread-safe. Maybe the documentation of the actual certificate implementation tells you something about it, but, to be safe, you may have to synchronize the call to verify on the actual certificate.Maybe you can create something like a pool of equal certificate instances to bypass that problem. Then you could verify in parallel on different instances of the same certificate.