cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Cache handling for X509 certificates in XKMS
Date Mon, 04 Nov 2013 11:38:21 GMT
It's up to the cache implementation to handle expiry. For example, look at
the "get" method in the default cache based on EhCache:

http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java?view=markup

Colm.


On Mon, Nov 4, 2013 at 11:14 AM, Frizz <frizzthecat@googlemail.com> wrote:

> Hi there,
>
> I have doubts regarding the cache handling in XKMS.
>
> It seems once a certificate for IssuerSerial is found in the cache, it
> never checks the XKMS Service (LDAP, etc.) ever again, because the cache
> never expires.
>
>
> class: XkmsCryptoProvider
> package: org.apache.cxf.xkms.crypto.impl
>
> private X509Certificate[] getX509CertificatesInternal(CryptoType
> cryptoType) {
> ...
>             String key = getKeyForIssuerSerial(cryptoType.getIssuer(),
> cryptoType.getSerial());
>
>             // Try local cache next
>             if (xkmsClientCache != null) {
>                 XKMSCacheToken cachedToken = xkmsClientCache.get(key);
>                 if (cachedToken != null && cachedToken.getX509Certificate()
> != null) {
>                     *return* new X509Certificate[]
> {cachedToken.getX509Certificate()};
>                 }
>             }
> ...
>             // Now ask the XKMS Service
> ...
> }
>
> cheers,
> F.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message