pkcs12 store cached and caching added to query

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS12KeyStoreImpl.java

@@ -33,6 +33,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.concurrent.ConcurrentHashMap;
 
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
@@ -106,6 +107,10 @@ public class PKCS12KeyStoreImpl implements io.mosip.kernel.core.keymanager.spi.K
 	 * 
 	 */
 	private String signAlgorithm;
+
+	private Map<String, PrivateKeyEntry> privateKeyReferenceCache;
+
+	private Map<String, SecretKey> secretKeyReferenceCache;
 
 	/**
 	 * The Keystore instance
@@ -115,6 +120,8 @@ public class PKCS12KeyStoreImpl implements io.mosip.kernel.core.keymanager.spi.K
 	private Provider provider = null;
 
 	private char[] keystorePwdCharArr = null;
+
+	private boolean enableKeyReferenceCache;
 
 
 	public PKCS12KeyStoreImpl(Map<String, String> params) throws Exception {
@@ -126,7 +133,9 @@ public PKCS12KeyStoreImpl(Map<String, String> params) throws Exception {
         this.asymmetricKeyAlgorithm = params.get(KeymanagerConstant.ASYM_KEY_ALGORITHM);
         this.asymmetricKeyLength = Integer.valueOf(params.get(KeymanagerConstant.ASYM_KEY_SIZE));
         this.signAlgorithm  = params.get(KeymanagerConstant.CERT_SIGN_ALGORITHM);
+        this.enableKeyReferenceCache = Boolean.parseBoolean(params.get(KeymanagerConstant.FLAG_KEY_REF_CACHE));
 		initKeystore();
+		initKeyReferenceCache();
     }
 
     private void initKeystore() {
@@ -135,6 +144,42 @@ private void initKeystore() {
 		addProvider(provider);
 		this.keyStore = getKeystoreInstance(keystoreType, p12FilePath, provider);
     }
+
+    private void initKeyReferenceCache() {
+		if(!enableKeyReferenceCache)
+			return;
+		this.secretKeyReferenceCache = new ConcurrentHashMap<>();
+		this.privateKeyReferenceCache = new ConcurrentHashMap<>();
+	}
+
+    private void addPrivateKeyEntryToCache(String alias, PrivateKeyEntry privateKeyEntry) {
+		if(!enableKeyReferenceCache)
+			return;
+		LOGGER.debug("sessionId", "KeyStoreImpl", "addPrivateKeyEntryToCache", 
+			"Adding private key reference to map for alias " + alias);
+		this.privateKeyReferenceCache.put(alias, privateKeyEntry);
+	}
+
+	private PrivateKeyEntry getPrivateKeyEntryFromCache(String alias) {
+		if(!enableKeyReferenceCache)
+			return null;
+		return this.privateKeyReferenceCache.get(alias);
+	}
+
+	private void addSecretKeyToCache(String alias, SecretKey secretKey) {
+		if(!enableKeyReferenceCache)
+			return;
+		LOGGER.debug("sessionId", "KeyStoreImpl", "addSecretKeyToCache", 
+			"Adding secretKey reference to map for alias " + alias);
+		this.secretKeyReferenceCache.put(alias, secretKey);
+	}
+
+	private SecretKey getSecretKeyFromCache(String alias) {
+		if(!enableKeyReferenceCache)
+			return null;
+		return this.secretKeyReferenceCache.get(alias);
+	}
+
 
 	private char[] getKeystorePwd() {
 		if (keystorePass.trim().length() == 0){
@@ -259,12 +304,18 @@ public Key getKey(String alias) {
 	@SuppressWarnings("findsecbugs:HARD_CODE_PASSWORD")
 	@Override
 	public PrivateKeyEntry getAsymmetricKey(String alias) {
+
+		PrivateKeyEntry privateKeyEntry = getPrivateKeyEntryFromCache(alias);
+		if(privateKeyEntry != null)
+			return privateKeyEntry;
 
         try {
             if (keyStore.entryInstanceOf(alias, PrivateKeyEntry.class)) {
                 LOGGER.debug("sessionId", "KeyStoreImpl", "getAsymmetricKey", "alias is instanceof keystore");
                 ProtectionParameter password = getPasswordProtection();
-                return (PrivateKeyEntry) keyStore.getEntry(alias, password);
+                PrivateKeyEntry asymmetricKey = (PrivateKeyEntry) keyStore.getEntry(alias, password);
+                addPrivateKeyEntryToCache(alias, asymmetricKey);
+                return asymmetricKey;
             } else {
                 throw new NoSuchSecurityProviderException(KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorCode(),
                         KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorMessage() + alias);
@@ -327,10 +378,15 @@ public X509Certificate getCertificate(String alias) {
 	@Override
 	public SecretKey getSymmetricKey(String alias) {
 
+		SecretKey secretKey = getSecretKeyFromCache(alias);
+		if(secretKey != null)
+			return secretKey;
+
         try {
             if (keyStore.entryInstanceOf(alias, SecretKeyEntry.class)) {
                 ProtectionParameter password = getPasswordProtection();
                 SecretKeyEntry retrivedSecret = (SecretKeyEntry) keyStore.getEntry(alias, password);
+                addSecretKeyToCache(alias, retrivedSecret.getSecretKey());
                 return retrivedSecret.getSecretKey();
             } else {
                 throw new NoSuchSecurityProviderException(KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorCode(),

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/repository/DataEncryptKeystoreRepository.java

@@ -2,6 +2,7 @@
 
 import java.util.List;
 
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
@@ -23,6 +24,7 @@ public interface DataEncryptKeystoreRepository extends JpaRepository<DataEncrypt
 	 * @param id the id
 	 * @return the string
 	 */
+	@Cacheable(value="zkdataencryptedkeystorecache", key="#id")
 	@Query("SELECT d.key from DataEncryptKeystore d where d.id = :id")
 	String findKeyById(@Param("id") Integer id);