[ https://issues.apache.org/jira/browse/NIFI-2621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15431196#comment-15431196 ]
Bryan Rosander edited comment on NIFI-2621 at 8/22/16 5:03 PM: --------------------------------------------------------------- The unit test in the PR seems to indicate that this is unlikely to be a performance bottleneck. On my local machine I get the following output: [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 0 executed 46923 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 1 executed 63210 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 2 executed 66038 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 3 executed 79502 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 4 executed 82343 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 5 executed 77983 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 6 executed 70841 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 7 executed 62469 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - Generated 549309 unique serial numbers Meaning that approximately 500 calls per millisecond are going through the unique serial number generator function was (Author: bryanrosan...@gmail.com): The unit test in the PR seems to indicate that this is unlikely to be a performance bottleneck. On my local machine I get the following output: [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 0 executed 46923 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 1 executed 63210 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 2 executed 66038 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 3 executed 79502 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 4 executed 82343 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 5 executed 77983 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 6 executed 70841 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 7 executed 62469 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - Generated 549309 unique serial numbers Meaning that approximately 500 calls per millisecond are going through the unique serial number generator function > NiFi CertificateUtils can reuse serial numbers in issued certificates if > multiple calls are made in the same millisecond > ------------------------------------------------------------------------------------------------------------------------ > > Key: NIFI-2621 > URL: https://issues.apache.org/jira/browse/NIFI-2621 > Project: Apache NiFi > Issue Type: Bug > Reporter: Bryan Rosander > Assignee: Bryan Rosander > > Serial numbers on certificates should be unique. CertificateUtils currently > uses System.currentTimeMillis() to generate them. > Proposed solution: > 1. Use the current time in millis as the most significant part of the serial > number > 2. Shift it left 32 bits to make room in the BigInteger for an incrementor > value > 3. Reset the incrementor every time a the generator function is called and > the millisecond is different from before -- This message was sent by Atlassian JIRA (v6.3.4#6332)