Currently, all sub-classes of Sha256Condition share a static MessageDigest, which is not Threadsafe.
For example, multiple threads calling getFingerprint() on two separate instances at the same time will generally produce corrupt results because MessageDigest itself maintains an internal digest for each instantiation of Sha256Condition. More specifically, _DIGEST.digest(input) will be called by multiple threads at the same time, potentially corrupting the internal state of the digest.
MessageDigest isn't particularly expensive to construct (see MessageDigest source), so rather than incurring the overhead and complexity of trying to synchronize the digest, each implementation of Sha256Condition should simply use its own instance of MessageDigest.
sappenin
commented
7 years ago
Currently, all sub-classes of
Sha256Conditionshare a staticMessageDigest, which is not Threadsafe.For example, multiple threads calling
getFingerprint()on two separate instances at the same time will generally produce corrupt results becauseMessageDigestitself maintains an internal digest for each instantiation ofSha256Condition. More specifically,_DIGEST.digest(input)will be called by multiple threads at the same time, potentially corrupting the internal state of the digest.MessageDigest isn't particularly expensive to construct (see MessageDigest source), so rather than incurring the overhead and complexity of trying to synchronize the digest, each implementation of
Sha256Conditionshould simply use its own instance ofMessageDigest.