[jira] [Comment Edited] (NIFI-2621) NiFi CertificateUtils can reuse serial numbers in issued certificates if multiple calls are made in the same millisecond
[ https://issues.apache.org/jira/browse/NIFI-2621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15431196#comment-15431196 ] Bryan Rosander edited comment on NIFI-2621 at 8/22/16 5:06 PM: --- The unit test in the PR seems to indicate that this is unlikely to be a performance bottleneck. On my local machine I get the following output: [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 0 executed 46923 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 1 executed 63210 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 2 executed 66038 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 3 executed 79502 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 4 executed 82343 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 5 executed 77983 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 6 executed 70841 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 7 executed 62469 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - Generated 549309 unique serial numbers Meaning that somewhere in the neighborhood (there's probably some noise from setup, delay before the thread.sleep but the magnitude should be about right) 500 calls per millisecond are going through the unique serial number generator function was (Author: bryanrosan...@gmail.com): The unit test in the PR seems to indicate that this is unlikely to be a performance bottleneck. On my local machine I get the following output: [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 0 executed 46923 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 1 executed 63210 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 2 executed 66038 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 3 executed 79502 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 4 executed 82343 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 5 executed 77983 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 6 executed 70841 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 7 executed 62469 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - Generated 549309 unique serial numbers Meaning that approximately 500 calls per millisecond are going through the unique serial number generator function > NiFi CertificateUtils can reuse serial numbers in issued certificates if > multiple calls are made in the same millisecond > > > Key: NIFI-2621 > URL: https://issues.apache.org/jira/browse/NIFI-2621 > Project: Apache NiFi > Issue Type: Bug >Reporter: Bryan Rosander >Assignee: Bryan Rosander > > Serial numbers on certificates should be unique. CertificateUtils currently > uses System.currentTimeMillis() to generate them. > Proposed solution: > 1. Use the current time in millis as the most significant part of the serial > number > 2. Shift it left 32 bits to make room in the BigInteger for an incrementor > value > 3. Add the incrementor value to the BigInteger > 4. Reset the incrementor every time a the generator function is called and > the millisecond is different from before -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (NIFI-2621) NiFi CertificateUtils can reuse serial numbers in issued certificates if multiple calls are made in the same millisecond
[ https://issues.apache.org/jira/browse/NIFI-2621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15431196#comment-15431196 ] Bryan Rosander edited comment on NIFI-2621 at 8/22/16 5:03 PM: --- The unit test in the PR seems to indicate that this is unlikely to be a performance bottleneck. On my local machine I get the following output: [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 0 executed 46923 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 1 executed 63210 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 2 executed 66038 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 3 executed 79502 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 4 executed 82343 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 5 executed 77983 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 6 executed 70841 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 7 executed 62469 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - Generated 549309 unique serial numbers Meaning that approximately 500 calls per millisecond are going through the unique serial number generator function was (Author: bryanrosan...@gmail.com): The unit test in the PR seems to indicate that this is unlikely to be a performance bottleneck. On my local machine I get the following output: [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 0 executed 46923 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 1 executed 63210 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 2 executed 66038 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 3 executed 79502 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 4 executed 82343 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 5 executed 77983 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 6 executed 70841 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - future 7 executed 62469 times [main] INFO org.apache.nifi.security.util.CertificateUtilsTest - Generated 549309 unique serial numbers Meaning that approximately 500 calls per millisecond are going through the unique serial number generator function > NiFi CertificateUtils can reuse serial numbers in issued certificates if > multiple calls are made in the same millisecond > > > Key: NIFI-2621 > URL: https://issues.apache.org/jira/browse/NIFI-2621 > Project: Apache NiFi > Issue Type: Bug >Reporter: Bryan Rosander >Assignee: Bryan Rosander > > Serial numbers on certificates should be unique. CertificateUtils currently > uses System.currentTimeMillis() to generate them. > Proposed solution: > 1. Use the current time in millis as the most significant part of the serial > number > 2. Shift it left 32 bits to make room in the BigInteger for an incrementor > value > 3. Reset the incrementor every time a the generator function is called and > the millisecond is different from before -- This message was sent by Atlassian JIRA (v6.3.4#6332)
