It's up to the cache implementation to handle expiry. For example, look at the "get" method in the default cache based on EhCache:
http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java?view=markup Colm. On Mon, Nov 4, 2013 at 11:14 AM, Frizz <[email protected]> wrote: > Hi there, > > I have doubts regarding the cache handling in XKMS. > > It seems once a certificate for IssuerSerial is found in the cache, it > never checks the XKMS Service (LDAP, etc.) ever again, because the cache > never expires. > > > class: XkmsCryptoProvider > package: org.apache.cxf.xkms.crypto.impl > > private X509Certificate[] getX509CertificatesInternal(CryptoType > cryptoType) { > ... > String key = getKeyForIssuerSerial(cryptoType.getIssuer(), > cryptoType.getSerial()); > > // Try local cache next > if (xkmsClientCache != null) { > XKMSCacheToken cachedToken = xkmsClientCache.get(key); > if (cachedToken != null && cachedToken.getX509Certificate() > != null) { > *return* new X509Certificate[] > {cachedToken.getX509Certificate()}; > } > } > ... > // Now ask the XKMS Service > ... > } > > cheers, > F. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
