You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/19 17:52:12 UTC
svn commit: r1504923 - in /cxf/trunk/services/xkms/xkms-client/src/main:
java/org/apache/cxf/xkms/cache/ java/org/apache/cxf/xkms/crypto/ resources/
Author: coheigea
Date: Fri Jul 19 15:52:12 2013
New Revision: 1504923
URL: http://svn.apache.org/r1504923
Log:
Added a XKMS ClientCache
Added:
cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/
cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheUtil.java
cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java
cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSClientCache.java
cxf/trunk/services/xkms/xkms-client/src/main/resources/cxf-xkms-client-ehcache.xml
Modified:
cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java
Added: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheUtil.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheUtil.java?rev=1504923&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheUtil.java (added)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheUtil.java Fri Jul 19 15:52:12 2013
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.xkms.cache;
+
+import java.lang.reflect.Method;
+
+import net.sf.ehcache.CacheException;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.config.CacheConfiguration;
+import net.sf.ehcache.config.Configuration;
+
+/**
+ */
+public final class EHCacheUtil {
+ private static Method cacheManagerCreateMethodNoArg;
+ private static Method cacheManagerCreateMethodConfigurationArg;
+ static {
+ // these methods are either completely available or absent (valid assumption from 2.5.0 to 2.7.2 so far)
+ try {
+ // from 2.5.2
+ cacheManagerCreateMethodNoArg = CacheManager.class.getMethod("newInstance", (Class<?>[])null);
+ cacheManagerCreateMethodConfigurationArg = CacheManager.class.getMethod("newInstance", Configuration.class);
+ } catch (NoSuchMethodException e) {
+ try {
+ // before 2.5.2
+ cacheManagerCreateMethodNoArg = CacheManager.class.getMethod("create", (Class<?>[])null);
+ cacheManagerCreateMethodConfigurationArg = CacheManager.class.getMethod("create", Configuration.class);
+ } catch (Throwable t) {
+ // ignore
+ }
+ }
+ }
+
+ private EHCacheUtil() {
+ //
+ }
+
+ public static CacheConfiguration getCacheConfiguration(String key, CacheManager cacheManager) {
+ CacheConfiguration cc = cacheManager.getConfiguration().getCacheConfigurations().get(key);
+ if (cc == null && key.contains("-")) {
+ cc = cacheManager.getConfiguration().getCacheConfigurations().get(
+ key.substring(0, key.lastIndexOf('-') - 1));
+ }
+ if (cc == null) {
+ cc = cacheManager.getConfiguration().getDefaultCacheConfiguration();
+ }
+ if (cc == null) {
+ cc = new CacheConfiguration();
+ } else {
+ cc = (CacheConfiguration)cc.clone();
+ }
+ cc.setName(key);
+ return cc;
+ }
+
+ public static CacheManager createCacheManager() throws CacheException {
+ try {
+ return (CacheManager)cacheManagerCreateMethodNoArg.invoke(null, (Object[])null);
+ } catch (Exception e) {
+ throw new CacheException(e);
+ }
+ }
+
+ public static CacheManager createCacheManager(Configuration conf) throws CacheException {
+ try {
+ return (CacheManager)cacheManagerCreateMethodConfigurationArg.invoke(null, new Object[]{conf});
+ } catch (Exception e) {
+ throw new CacheException(e);
+ }
+ }
+}
Added: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java?rev=1504923&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java (added)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java Fri Jul 19 15:52:12 2013
@@ -0,0 +1,129 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.xkms.cache;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.security.cert.X509Certificate;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Ehcache;
+import net.sf.ehcache.Element;
+import net.sf.ehcache.config.CacheConfiguration;
+import net.sf.ehcache.config.Configuration;
+import net.sf.ehcache.config.ConfigurationFactory;
+import net.sf.ehcache.config.DiskStoreConfiguration;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+
+/**
+ * An in-memory EHCache implementation of the XKMSClientCache interface.
+ */
+public class EHCacheXKMSClientCache implements XKMSClientCache {
+
+ public static final String CACHE_KEY = "cxf.xkms.client.cache";
+ private static final String DEFAULT_CONFIG_URL = "cxf-xkms-client-ehcache.xml";
+
+ private Ehcache cache;
+ private CacheManager cacheManager;
+
+ public EHCacheXKMSClientCache() {
+ this(DEFAULT_CONFIG_URL, null);
+ }
+
+ public EHCacheXKMSClientCache(Bus bus) {
+ this(DEFAULT_CONFIG_URL, bus);
+ }
+
+ public EHCacheXKMSClientCache(String configFileURL) {
+ this(configFileURL, null);
+ }
+
+ public EHCacheXKMSClientCache(String configFileURL, Bus bus) {
+ createCache(configFileURL, bus);
+ }
+
+ private void createCache(String configFile, Bus bus) {
+ if (bus == null) {
+ bus = BusFactory.getThreadDefaultBus(true);
+ }
+ URL configFileURL = null;
+ try {
+ configFileURL =
+ ClassLoaderUtils.getResource(configFile, EHCacheXKMSClientCache.class);
+ } catch (Exception ex) {
+ // ignore
+ }
+ if (configFileURL == null) {
+ cacheManager = EHCacheUtil.createCacheManager();
+ } else {
+ Configuration conf = ConfigurationFactory.parseConfiguration(configFileURL);
+
+ if (bus != null) {
+ conf.setName(bus.getId());
+ DiskStoreConfiguration dsc = conf.getDiskStoreConfiguration();
+ if (dsc != null && "java.io.tmpdir".equals(dsc.getOriginalPath())) {
+ String path = conf.getDiskStoreConfiguration().getPath() + File.separator
+ + bus.getId();
+ conf.getDiskStoreConfiguration().setPath(path);
+ }
+ }
+
+ cacheManager = EHCacheUtil.createCacheManager(conf);
+ }
+
+ CacheConfiguration cc = EHCacheUtil.getCacheConfiguration(CACHE_KEY, cacheManager);
+
+ Ehcache newCache = new Cache(cc);
+ cache = cacheManager.addCacheIfAbsent(newCache);
+ }
+
+ /**
+ * Store an X509Certificate in the Cache
+ */
+ public void put(String key, X509Certificate certificate) {
+ cache.put(new Element(key, certificate, false, null, null));
+ }
+
+ /**
+ * Get an X509Certificate from the cache matching the given key. Returns null if there
+ * is no such certificate in the cache.
+ */
+ public X509Certificate get(String key) {
+ Element element = cache.get(key);
+ if (element != null && !element.isExpired()) {
+ return (X509Certificate)element.getObjectValue();
+ }
+ return null;
+ }
+
+ public void close() throws IOException {
+ if (cacheManager != null) {
+ cacheManager.shutdown();
+ cacheManager = null;
+ cache = null;
+ }
+ }
+
+}
Added: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSClientCache.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSClientCache.java?rev=1504923&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSClientCache.java (added)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSClientCache.java Fri Jul 19 15:52:12 2013
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.xkms.cache;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+
+public interface XKMSClientCache extends Closeable {
+
+ /**
+ * Store an X509Certificate in the Cache
+ */
+ void put(String key, X509Certificate certificate);
+
+ /**
+ * Get an X509Certificate from the cache matching the given key. Returns null if there
+ * is no such certificate in the cache.
+ */
+ X509Certificate get(String key);
+
+ void close() throws IOException;
+}
\ No newline at end of file
Modified: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java?rev=1504923&r1=1504922&r2=1504923&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java (original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java Fri Jul 19 15:52:12 2013
@@ -22,14 +22,14 @@ package org.apache.cxf.xkms.crypto;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.xkms.cache.EHCacheXKMSClientCache;
+import org.apache.cxf.xkms.cache.XKMSClientCache;
import org.apache.cxf.xkms.client.XKMSInvoker;
import org.apache.cxf.xkms.handlers.Applications;
import org.apache.wss4j.common.crypto.Crypto;
@@ -44,21 +44,26 @@ public class XkmsCryptoProvider extends
private static final Logger LOG = LogUtils.getL7dLogger(XkmsCryptoProvider.class);
private final XKMSInvoker xkmsInvoker;
- private final Map<String, X509Certificate> certsCache = new ConcurrentHashMap<String, X509Certificate>();
private Crypto defaultCrypto;
+ private XKMSClientCache xkmsClientCache;
public XkmsCryptoProvider(XKMSPortType xkmsConsumer) {
this(xkmsConsumer, null);
}
public XkmsCryptoProvider(XKMSPortType xkmsConsumer, Crypto defaultCrypto) {
+ this(xkmsConsumer, defaultCrypto, new EHCacheXKMSClientCache());
+ }
+
+ public XkmsCryptoProvider(XKMSPortType xkmsConsumer, Crypto defaultCrypto, XKMSClientCache xkmsClientCache) {
if (xkmsConsumer == null) {
throw new IllegalArgumentException("xkmsConsumer may not be null");
}
this.xkmsInvoker = new XKMSInvoker(xkmsConsumer);
this.defaultCrypto = defaultCrypto;
+ this.xkmsClientCache = xkmsClientCache;
}
-
+
@Override
public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException {
if (LOG.isLoggable(Level.INFO)) {
@@ -124,8 +129,24 @@ public class XkmsCryptoProvider extends
} else if (type == TYPE.ALIAS) {
return getX509CertificatesFromXKMS(cryptoType);
} else if (type == TYPE.ISSUER_SERIAL) {
+ String key = cryptoType.getIssuer() + "-" + cryptoType.getSerial().toString(16);
+ // Try local cache first
+ if (xkmsClientCache != null) {
+ X509Certificate cachedCert = xkmsClientCache.get(key);
+ if (cachedCert != null) {
+ return new X509Certificate[] {cachedCert};
+ }
+ }
+ // Now ask the XKMS Service
X509Certificate certificate = xkmsInvoker.getCertificateForIssuerSerial(cryptoType
.getIssuer(), cryptoType.getSerial());
+
+ // Store in the cache
+ if (certificate != null && xkmsClientCache != null) {
+ xkmsClientCache.put(key, certificate);
+ // Store it using the Subject DN as well
+ xkmsClientCache.put(certificate.getSubjectX500Principal().getName(), certificate);
+ }
return new X509Certificate[] {
certificate
};
@@ -154,13 +175,27 @@ public class XkmsCryptoProvider extends
if (id == null) {
throw new CryptoProviderException("Id is not specified for certificate request");
}
- X509Certificate cert;
- if (certsCache.containsKey(id.toLowerCase())) {
- cert = certsCache.get(id.toLowerCase());
- } else {
- cert = xkmsInvoker.getCertificateForId(application, id);
- certsCache.put(id.toLowerCase(), cert);
+
+ // Try local cache first
+ if (xkmsClientCache != null) {
+ X509Certificate cachedCert = xkmsClientCache.get(id.toLowerCase());
+ if (cachedCert != null) {
+ return new X509Certificate[] {cachedCert};
+ }
}
+
+ // Now ask the XKMS Service
+ X509Certificate cert = xkmsInvoker.getCertificateForId(application, id);
+
+ // Store in the cache
+ if (cert != null && xkmsClientCache != null) {
+ xkmsClientCache.put(id.toLowerCase(), cert);
+ // Store it using IssuerSerial as well
+ String key = cert.getIssuerX500Principal().getName() + "-"
+ + cert.getSerialNumber().toString(16);
+ xkmsClientCache.put(key, cert);
+ }
+
return new X509Certificate[] {
cert
};
Added: cxf/trunk/services/xkms/xkms-client/src/main/resources/cxf-xkms-client-ehcache.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/resources/cxf-xkms-client-ehcache.xml?rev=1504923&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/resources/cxf-xkms-client-ehcache.xml (added)
+++ cxf/trunk/services/xkms/xkms-client/src/main/resources/cxf-xkms-client-ehcache.xml Fri Jul 19 15:52:12 2013
@@ -0,0 +1,17 @@
+<ehcache xsi:noNamespaceSchemaLocation="ehcache.xsd" updateCheck="false"
+ monitoring="autodetect" dynamicConfig="true" name="xkmsClientCache">
+
+ <diskStore path="java.io.tmpdir"/>
+
+ <defaultCache
+ maxEntriesLocalHeap="5000"
+ eternal="false"
+ timeToIdleSeconds="3600"
+ timeToLiveSeconds="3600"
+ overflowToDisk="true"
+ maxElementsOnDisk="10000000"
+ diskPersistent="false"
+ diskExpiryThreadIntervalSeconds="120"
+ memoryStoreEvictionPolicy="LRU"
+ />
+</ehcache>