cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frizz <frizzthe...@googlemail.com>
Subject Re: Cache handling for X509 certificates in XKMS
Date Mon, 04 Nov 2013 12:00:46 GMT
Ah! I see! My bad. I simply "assumed" get() would operate on a Map - or
something like ...

Thanks for clarification, Colm


On Mon, Nov 4, 2013 at 12:38 PM, Colm O hEigeartaigh <coheigea@apache.org>wrote:

> It's up to the cache implementation to handle expiry. For example, look at
> the "get" method in the default cache based on EhCache:
>
>
> http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java?view=markup
>
> Colm.
>
>
> On Mon, Nov 4, 2013 at 11:14 AM, Frizz <frizzthecat@googlemail.com> wrote:
>
> > Hi there,
> >
> > I have doubts regarding the cache handling in XKMS.
> >
> > It seems once a certificate for IssuerSerial is found in the cache, it
> > never checks the XKMS Service (LDAP, etc.) ever again, because the cache
> > never expires.
> >
> >
> > class: XkmsCryptoProvider
> > package: org.apache.cxf.xkms.crypto.impl
> >
> > private X509Certificate[] getX509CertificatesInternal(CryptoType
> > cryptoType) {
> > ...
> >             String key = getKeyForIssuerSerial(cryptoType.getIssuer(),
> > cryptoType.getSerial());
> >
> >             // Try local cache next
> >             if (xkmsClientCache != null) {
> >                 XKMSCacheToken cachedToken = xkmsClientCache.get(key);
> >                 if (cachedToken != null &&
> cachedToken.getX509Certificate()
> > != null) {
> >                     *return* new X509Certificate[]
> > {cachedToken.getX509Certificate()};
> >                 }
> >             }
> > ...
> >             // Now ask the XKMS Service
> > ...
> > }
> >
> > cheers,
> > F.
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message