[
https://issues.apache.org/jira/browse/WSS-673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17126871#comment-17126871
]
Joseph Athman commented on WSS-673:
-----------------------------------
Definitely understand if you want to make it an opt-in feature. Technically
right now people could replace the keystore at runtime I believe and pick up a
new private key. Since we were the first people to report this I would think
that it's not a really pervasive problem.
Thanks for your quick work on it!
> Using default Java Security and Merlin is very slow for PKCS12
> --------------------------------------------------------------
>
> Key: WSS-673
> URL: https://issues.apache.org/jira/browse/WSS-673
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 2.2.5
> Reporter: Joseph Athman
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 2.3.0
>
>
> We use WSS4J to create SAML digital signatures. Recently, we switch from
> storing our client private key from a JKS file to PKCS12 file. This seems to
> have had the unintended consequence of causing huge spikes in CPU usage.
> After investigating the root cause, I believe the problem lies with the way
> WSS4J will retrieve a new instance of the private key for every request. With
> a PKCS12 file this appears to be extremely slow and CPU intensive due to the
> amount of time it takes to decrypt the private key.
> I'm wondering if there is some way to have WSS4J cache this private key
> lookup since it will always be the same each time.
> Any ideas?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
