cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frizz <frizzthe...@googlemail.com>
Subject Cache handling for X509 certificates in XKMS
Date Mon, 04 Nov 2013 11:14:25 GMT
Hi there,

I have doubts regarding the cache handling in XKMS.

It seems once a certificate for IssuerSerial is found in the cache, it
never checks the XKMS Service (LDAP, etc.) ever again, because the cache
never expires.


class: XkmsCryptoProvider
package: org.apache.cxf.xkms.crypto.impl

private X509Certificate[] getX509CertificatesInternal(CryptoType
cryptoType) {
...
            String key = getKeyForIssuerSerial(cryptoType.getIssuer(),
cryptoType.getSerial());

            // Try local cache next
            if (xkmsClientCache != null) {
                XKMSCacheToken cachedToken = xkmsClientCache.get(key);
                if (cachedToken != null && cachedToken.getX509Certificate()
!= null) {
                    *return* new X509Certificate[]
{cachedToken.getX509Certificate()};
                }
            }
...
            // Now ask the XKMS Service
...
}

cheers,
F.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message