# HG changeset patch
# User Joeri van Ruth <joeri.van.ruth@monetdbsolutions.com>
# Date 1704276356 -3600
# Node ID 99ed7dbb2e0543f3c36592144649cd393ad21e26
# Parent  15d606f44a266e4bbaa4960d2a1bb59ff9d929a1
Cache the system trust roots between invocations

Loading them is expensive, it easily takes 100-200 milliseconds.

diff --git a/src/main/java/org/monetdb/mcl/net/SecureSocket.java b/src/main/java/org/monetdb/mcl/net/SecureSocket.java
--- a/src/main/java/org/monetdb/mcl/net/SecureSocket.java
+++ b/src/main/java/org/monetdb/mcl/net/SecureSocket.java
@@ -16,6 +16,18 @@ public class SecureSocket {
 	private static final String[] ENABLED_PROTOCOLS = {"TLSv1.3"};
 	private static final String[] APPLICATION_PROTOCOLS = {"mapi/9"};
 
+	// Cache for the default SSL factory. It must load all trust roots
+	// so it's worthwhile to cache.
+	// Only access this through #getDefaultSocketFactory()
+	private static SSLSocketFactory vanillaFactory = null;
+
+	private static synchronized SSLSocketFactory getDefaultSocketFactory() {
+		if (vanillaFactory == null) {
+			vanillaFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+		}
+		return vanillaFactory;
+	}
+
 	public static Socket wrap(Target.Validated validated, Socket inner) throws IOException {
 		Target.Verify verify = validated.connectVerify();
 		SSLSocketFactory socketFactory;
@@ -23,7 +35,7 @@ public class SecureSocket {
 		try {
 			switch (verify) {
 				case System:
-					socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+					socketFactory = getDefaultSocketFactory();
 					break;
 				case Cert:
 					KeyStore keyStore = keyStoreForCert(validated.getCert());