Race Condition in com.microsoft.identity.common.java.authorities.Authority

[felgerl]

Hello,

I think I found a race condition in your code:

• Invoking the com.microsoft.identity.client.PublicClientApplication.create(android.content.Context, String, String, String, com.microsoft.identity.client.IPublicClientApplication.ApplicationCreatedListener) method leads to invocations
  • com.microsoft.identity.common.java.authorities.Authority.getEquivalentConfiguredAuthority([...])
  • com.microsoft.identity.common.java.authorities.Authority.addKnownAuthorities([...])
• These invocations can occur in different threads, because com.microsoft.identity.client.PublicClientApplication.create([...]) spawns a new thread on each invocation.
• While getEquivalentConfiguredAuthority iterates over the java.util.ArrayList knownAuthorities instance, addKnownAuthorities inserts elements in the same instance. (knownAuthorities is defined static final.)
• There is no (effective) synchronization to sequentialize the order of both calls. Hence, iteration and insertion can occur concurrently. This is not supported by java.util.ArrayList. Hence, there is a race condition. With some chance, a java.util.ConcurrentModificationException occurs.

Maybe you want to investigate this, if this is not the intended behavior.

Regards, Luis.