You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/05/29 07:27:00 UTC
[jira] [Commented] (WSS-673) Using default Java Security and Merlin
is very slow for PKCS12
[ https://issues.apache.org/jira/browse/WSS-673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17119351#comment-17119351 ]
Colm O hEigeartaigh commented on WSS-673:
-----------------------------------------
How are you configuring WSS4J?
> Using default Java Security and Merlin is very slow for PKCS12
> --------------------------------------------------------------
>
> Key: WSS-673
> URL: https://issues.apache.org/jira/browse/WSS-673
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 2.2.5
> Reporter: Joseph Athman
> Assignee: Colm O hEigeartaigh
> Priority: Major
>
> We use WSS4J to create SAML digital signatures. Recently, we switch from storing our client private key from a JKS file to PKCS12 file. This seems to have had the unintended consequence of causing huge spikes in CPU usage.
> After investigating the root cause, I believe the problem lies with the way WSS4J will retrieve a new instance of the private key for every request. With a PKCS12 file this appears to be extremely slow and CPU intensive due to the amount of time it takes to decrypt the private key.
> I'm wondering if there is some way to have WSS4J cache this private key lookup since it will always be the same each time.
> Any ideas?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org