You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Dittmann Werner <we...@siemens.com> on 2003/12/08 14:02:46 UTC

Tests with timing for WSS4J using Apache XML Security 

Hi all,

a short report about performance of WSS4J based on 
Apache XML-Security.

The tests were performed on a Win-XP Pro System with
Pentium III, 600MHz, 256MB.

Used relevant software:
- xmlsec.jar (pre-release, around mid November with XMLCipher support)
- xalan.jar  2.5.1
- xerces.jar 2.4.0
- jce-jdk13-120.jar (Bouncycastle)
- axis.jar (CVS snapshot about 1 week ago)
- Sun SDK J2SDK 1.4.1

The SOAP request is rather small (just one String parameter),
sender and receiver run on the same machine, using localhost. 

The sender and reveicer use Axis as SOAP engine, the receiver is the
SimpleAxisServer (not Tomcat). (But this setup doesn't really matter
for the performance figures I was interessted in.)

However, it is not a real lab nevironment, i.e. my machine is 
not completely "empty" when running the test but the results indicate
where the time is lost. The times are averaged over several runs with
20 requests per run.

Measured were request/response round-trip times.

* Round trip time without security enabled: ~25ms per roundtrip

Security enabled: 
- encrypt child of SOAP body, 
- sign encrypted part and KeyInfo
- use IssuerCertificate as KeyIdentifier, i.e. do not send a 
  base64 encoded certificate.
- Signature: SHA1RSA
- Encryption: symmetric: 3DES, key encryption: RSA

* Round trip time with security enabled: 1400-1500ms per roundtrip
  (no, it's not a typo), i.e. a factor of ~55-60 slower!
  
Some detailed numbers. First sender part, then receiver.

Sender "Encrypt Body":
- symm. encryption incl. key generation (3DES):			40-50ms
- key encryption (with public key):					  <10ms

Sender "Sign Enevelope"
- create Signature (SHA1RSA):					    540-560ms
  (own id-resolver takes about 20ms of this time)
- other overhead								50-60ms
  (Transformer setup, certificate handling, etc.)
**Sum Sender							    630-680ms
  
Receiver "verfiy" (Note 1)
- new XMLSignature(element)			    ~300ms		30-40ms
- verify signature				 130-140ms	    410-420ms

Receiver "decrypt"
- decrypt symm. key with private key			    140-150ms
- symm. decrypt of body					 		40-60ms

**Sum Receiver							    620-670ms
**Total Sum								  1250-1350ms

Add the overhead of an "empty" request plus some more
overhead because of more data to transmit, serialize, deserialize,
etc. then this matches with the overall roundtrip time. The times
of sign and verfiy are measured directly around the method calls
of XMLSignature, the encryp/decrypt include some small additional setup.

Note 1: if the instantiation and initialization of XMLSignature(element)
takes a long time, verification takes a short time and vice versa. IMHO 
this is due to Xerces behaviour (someting like "late instantiation of
nodes"?)

Any suggestions/ideas how to boost up performace?

Regards,

Werner