From 08f2aede3ed7ef20a7bdd20a6b32ae242e6d73f2 Mon Sep 17 00:00:00 2001 From: urviljoshi Date: Fri, 10 Jun 2022 11:14:01 +0530 Subject: [PATCH] pkcs12 store cached and caching added to query --- .../hsm/impl/pkcs/PKCS12KeyStoreImpl.java | 58 ++++++++++++++++++- .../DataEncryptKeystoreRepository.java | 2 + 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS12KeyStoreImpl.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS12KeyStoreImpl.java index a99384f7..bae5015d 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS12KeyStoreImpl.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS12KeyStoreImpl.java @@ -33,6 +33,7 @@ import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.concurrent.ConcurrentHashMap; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; @@ -106,6 +107,10 @@ public class PKCS12KeyStoreImpl implements io.mosip.kernel.core.keymanager.spi.K * */ private String signAlgorithm; + + private Map privateKeyReferenceCache; + + private Map secretKeyReferenceCache; /** * The Keystore instance @@ -115,6 +120,8 @@ public class PKCS12KeyStoreImpl implements io.mosip.kernel.core.keymanager.spi.K private Provider provider = null; private char[] keystorePwdCharArr = null; + + private boolean enableKeyReferenceCache; public PKCS12KeyStoreImpl(Map params) throws Exception { @@ -126,7 +133,9 @@ public PKCS12KeyStoreImpl(Map params) throws Exception { this.asymmetricKeyAlgorithm = params.get(KeymanagerConstant.ASYM_KEY_ALGORITHM); this.asymmetricKeyLength = Integer.valueOf(params.get(KeymanagerConstant.ASYM_KEY_SIZE)); this.signAlgorithm = params.get(KeymanagerConstant.CERT_SIGN_ALGORITHM); + this.enableKeyReferenceCache = Boolean.parseBoolean(params.get(KeymanagerConstant.FLAG_KEY_REF_CACHE)); initKeystore(); + initKeyReferenceCache(); } private void initKeystore() { @@ -135,6 +144,42 @@ private void initKeystore() { addProvider(provider); this.keyStore = getKeystoreInstance(keystoreType, p12FilePath, provider); } + + private void initKeyReferenceCache() { + if(!enableKeyReferenceCache) + return; + this.secretKeyReferenceCache = new ConcurrentHashMap<>(); + this.privateKeyReferenceCache = new ConcurrentHashMap<>(); + } + + private void addPrivateKeyEntryToCache(String alias, PrivateKeyEntry privateKeyEntry) { + if(!enableKeyReferenceCache) + return; + LOGGER.debug("sessionId", "KeyStoreImpl", "addPrivateKeyEntryToCache", + "Adding private key reference to map for alias " + alias); + this.privateKeyReferenceCache.put(alias, privateKeyEntry); + } + + private PrivateKeyEntry getPrivateKeyEntryFromCache(String alias) { + if(!enableKeyReferenceCache) + return null; + return this.privateKeyReferenceCache.get(alias); + } + + private void addSecretKeyToCache(String alias, SecretKey secretKey) { + if(!enableKeyReferenceCache) + return; + LOGGER.debug("sessionId", "KeyStoreImpl", "addSecretKeyToCache", + "Adding secretKey reference to map for alias " + alias); + this.secretKeyReferenceCache.put(alias, secretKey); + } + + private SecretKey getSecretKeyFromCache(String alias) { + if(!enableKeyReferenceCache) + return null; + return this.secretKeyReferenceCache.get(alias); + } + private char[] getKeystorePwd() { if (keystorePass.trim().length() == 0){ @@ -259,12 +304,18 @@ public Key getKey(String alias) { @SuppressWarnings("findsecbugs:HARD_CODE_PASSWORD") @Override public PrivateKeyEntry getAsymmetricKey(String alias) { + + PrivateKeyEntry privateKeyEntry = getPrivateKeyEntryFromCache(alias); + if(privateKeyEntry != null) + return privateKeyEntry; try { if (keyStore.entryInstanceOf(alias, PrivateKeyEntry.class)) { LOGGER.debug("sessionId", "KeyStoreImpl", "getAsymmetricKey", "alias is instanceof keystore"); ProtectionParameter password = getPasswordProtection(); - return (PrivateKeyEntry) keyStore.getEntry(alias, password); + PrivateKeyEntry asymmetricKey = (PrivateKeyEntry) keyStore.getEntry(alias, password); + addPrivateKeyEntryToCache(alias, asymmetricKey); + return asymmetricKey; } else { throw new NoSuchSecurityProviderException(KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorCode(), KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorMessage() + alias); @@ -327,10 +378,15 @@ public X509Certificate getCertificate(String alias) { @Override public SecretKey getSymmetricKey(String alias) { + SecretKey secretKey = getSecretKeyFromCache(alias); + if(secretKey != null) + return secretKey; + try { if (keyStore.entryInstanceOf(alias, SecretKeyEntry.class)) { ProtectionParameter password = getPasswordProtection(); SecretKeyEntry retrivedSecret = (SecretKeyEntry) keyStore.getEntry(alias, password); + addSecretKeyToCache(alias, retrivedSecret.getSecretKey()); return retrivedSecret.getSecretKey(); } else { throw new NoSuchSecurityProviderException(KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorCode(), diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/repository/DataEncryptKeystoreRepository.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/repository/DataEncryptKeystoreRepository.java index 59b51a8d..f62beba2 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/repository/DataEncryptKeystoreRepository.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/repository/DataEncryptKeystoreRepository.java @@ -2,6 +2,7 @@ import java.util.List; +import org.springframework.cache.annotation.Cacheable; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Query; import org.springframework.data.repository.query.Param; @@ -23,6 +24,7 @@ public interface DataEncryptKeystoreRepository extends JpaRepository