Cache handling for X509 certificates in XKMS

Frizz Mon, 04 Nov 2013 03:15:10 -0800

Hi there,

I have doubts regarding the cache handling in XKMS.


It seems once a certificate for IssuerSerial is found in the cache, it
never checks the XKMS Service (LDAP, etc.) ever again, because the cache
never expires.


class: XkmsCryptoProvider
package: org.apache.cxf.xkms.crypto.impl

private X509Certificate[] getX509CertificatesInternal(CryptoType
cryptoType) {
...
            String key = getKeyForIssuerSerial(cryptoType.getIssuer(),
cryptoType.getSerial());

            // Try local cache next
            if (xkmsClientCache != null) {
                XKMSCacheToken cachedToken = xkmsClientCache.get(key);
                if (cachedToken != null && cachedToken.getX509Certificate()
!= null) {
                    *return* new X509Certificate[]
{cachedToken.getX509Certificate()};
                }
            }
...
            // Now ask the XKMS Service
...
}

cheers,
F.

Cache handling for X509 certificates in XKMS

Reply via email to