Proliferation of BouncyCastleProvider instances causing large memory consumption

[bbrowning]

The upgrade to BouncyCastle 1.54 has introduced a bug where we're creating a new BouncyCastleProvider instance for every X509AuxCertificate we create. The code path that leads to this is:

jruby-openssl/src/main/java/org/jruby/ext/openssl/x509store/X509AuxCertificate.java

Line 81 in eb200e5

CertificateFactory factory = SecurityHelper.getCertificateFactory("X.509");

which calls

jruby-openssl/src/main/java/org/jruby/ext/openssl/SecurityHelper.java

Line 194 in f1ca23c

static CertificateFactory getCertificateFactory(final String type, final Provider provider)

which ends up creating a new instance of org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory that instantiates a new BCJcaJceHelper at
https://github.com/bcgit/bc-java/blob/r1rv54/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java#L40
which ends up returning a new instance of BouncyCastleProvider at
https://github.com/bcgit/bc-java/blob/r1rv54/prov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java#L22 unless the provider is registered already.

This causes the memory consumption of each X509AuxCertificate to explode for me, leading to a baseline memory usage of about 65MB of just BouncyCastleProvider objects in every JRuby runtime. This may be related to #86.

[bbrowning]

Steps to reproduce with link to a proposed temporary fix at https://gist.github.com/bbrowning/a6af5239ad35dcdd83212a729d6896c5

[headius]

I'm working on a test now.

[headius]

I've pulled in @bbrowning's fix but I have been unable to reproduce this locally. We still need a test that confirms the provider stays the same. See my test in 13e964a.

[kares]

for the record ... the regression in 1.54 has been (mostly) caused by bcgit/bc-java@4eecbee

[kares]

released jruby-openssl 0.9.17 ... thanks @bbrowning for the investigation and the quick fix.
well also have a test checking that there aren't 2 providers created in place now.