Hi all, a short report about performance of WSS4J based on Apache XML-Security.
The tests were performed on a Win-XP Pro System with Pentium III, 600MHz, 256MB. Used relevant software: - xmlsec.jar (pre-release, around mid November with XMLCipher support) - xalan.jar 2.5.1 - xerces.jar 2.4.0 - jce-jdk13-120.jar (Bouncycastle) - axis.jar (CVS snapshot about 1 week ago) - Sun SDK J2SDK 1.4.1 The SOAP request is rather small (just one String parameter), sender and receiver run on the same machine, using localhost. The sender and reveicer use Axis as SOAP engine, the receiver is the SimpleAxisServer (not Tomcat). (But this setup doesn't really matter for the performance figures I was interessted in.) However, it is not a real lab nevironment, i.e. my machine is not completely "empty" when running the test but the results indicate where the time is lost. The times are averaged over several runs with 20 requests per run. Measured were request/response round-trip times. * Round trip time without security enabled: ~25ms per roundtrip Security enabled: - encrypt child of SOAP body, - sign encrypted part and KeyInfo - use IssuerCertificate as KeyIdentifier, i.e. do not send a base64 encoded certificate. - Signature: SHA1RSA - Encryption: symmetric: 3DES, key encryption: RSA * Round trip time with security enabled: 1400-1500ms per roundtrip (no, it's not a typo), i.e. a factor of ~55-60 slower! Some detailed numbers. First sender part, then receiver. Sender "Encrypt Body": - symm. encryption incl. key generation (3DES): 40-50ms - key encryption (with public key): <10ms Sender "Sign Enevelope" - create Signature (SHA1RSA): 540-560ms (own id-resolver takes about 20ms of this time) - other overhead 50-60ms (Transformer setup, certificate handling, etc.) **Sum Sender 630-680ms Receiver "verfiy" (Note 1) - new XMLSignature(element) ~300ms 30-40ms - verify signature 130-140ms 410-420ms Receiver "decrypt" - decrypt symm. key with private key 140-150ms - symm. decrypt of body 40-60ms **Sum Receiver 620-670ms **Total Sum 1250-1350ms Add the overhead of an "empty" request plus some more overhead because of more data to transmit, serialize, deserialize, etc. then this matches with the overall roundtrip time. The times of sign and verfiy are measured directly around the method calls of XMLSignature, the encryp/decrypt include some small additional setup. Note 1: if the instantiation and initialization of XMLSignature(element) takes a long time, verification takes a short time and vice versa. IMHO this is due to Xerces behaviour (someting like "late instantiation of nodes"?) Any suggestions/ideas how to boost up performace? Regards, Werner
