You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Dittmann Werner <we...@siemens.com> on 2003/12/08 14:02:46 UTC
Tests with timing for WSS4J using Apache XML Security
Hi all,
a short report about performance of WSS4J based on
Apache XML-Security.
The tests were performed on a Win-XP Pro System with
Pentium III, 600MHz, 256MB.
Used relevant software:
- xmlsec.jar (pre-release, around mid November with XMLCipher support)
- xalan.jar 2.5.1
- xerces.jar 2.4.0
- jce-jdk13-120.jar (Bouncycastle)
- axis.jar (CVS snapshot about 1 week ago)
- Sun SDK J2SDK 1.4.1
The SOAP request is rather small (just one String parameter),
sender and receiver run on the same machine, using localhost.
The sender and reveicer use Axis as SOAP engine, the receiver is the
SimpleAxisServer (not Tomcat). (But this setup doesn't really matter
for the performance figures I was interessted in.)
However, it is not a real lab nevironment, i.e. my machine is
not completely "empty" when running the test but the results indicate
where the time is lost. The times are averaged over several runs with
20 requests per run.
Measured were request/response round-trip times.
* Round trip time without security enabled: ~25ms per roundtrip
Security enabled:
- encrypt child of SOAP body,
- sign encrypted part and KeyInfo
- use IssuerCertificate as KeyIdentifier, i.e. do not send a
base64 encoded certificate.
- Signature: SHA1RSA
- Encryption: symmetric: 3DES, key encryption: RSA
* Round trip time with security enabled: 1400-1500ms per roundtrip
(no, it's not a typo), i.e. a factor of ~55-60 slower!
Some detailed numbers. First sender part, then receiver.
Sender "Encrypt Body":
- symm. encryption incl. key generation (3DES): 40-50ms
- key encryption (with public key): <10ms
Sender "Sign Enevelope"
- create Signature (SHA1RSA): 540-560ms
(own id-resolver takes about 20ms of this time)
- other overhead 50-60ms
(Transformer setup, certificate handling, etc.)
**Sum Sender 630-680ms
Receiver "verfiy" (Note 1)
- new XMLSignature(element) ~300ms 30-40ms
- verify signature 130-140ms 410-420ms
Receiver "decrypt"
- decrypt symm. key with private key 140-150ms
- symm. decrypt of body 40-60ms
**Sum Receiver 620-670ms
**Total Sum 1250-1350ms
Add the overhead of an "empty" request plus some more
overhead because of more data to transmit, serialize, deserialize,
etc. then this matches with the overall roundtrip time. The times
of sign and verfiy are measured directly around the method calls
of XMLSignature, the encryp/decrypt include some small additional setup.
Note 1: if the instantiation and initialization of XMLSignature(element)
takes a long time, verification takes a short time and vice versa. IMHO
this is due to Xerces behaviour (someting like "late instantiation of
nodes"?)
Any suggestions/ideas how to boost up performace?
Regards,
Werner