- Hook NX up for debugging and set a breakpoint at https://github.com/sonatype/nexus-internal/blob/738eb86c8013f524802cef87e2961975b1f5793a/components/nexus-ssl/src/main/java/org/sonatype/nexus/ssl/internal/geronimo/FileKeystoreInstance.java#L283
- Using two browser tabs, import a SSL certificate into the trust store
- Observe that the breakpoint is reached by both HTTP request threads concurrently
FileKeystoreInstance uses several basic collections (ArrayList, HashMap) that are not thread-safe by themselves and concurrent operations on the key store can cause corruption/failure. We should synchronize all access to FileKeystoreInstance, potentially even at a higher level like the methods in KeyStoreManagerImpl.