Fix PR comments

wso2 · Jan 23, 2024 · 09b48b3 · 09b48b3
1 parent 681cd7f
commit 09b48b3
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 18 deletions.
diff --git a/...va/org/apache/synapse/transport/certificatevalidation/CertificateVerificationManager.java b/...va/org/apache/synapse/transport/certificatevalidation/CertificateVerificationManager.java
@@ -67,6 +67,8 @@ public CertificateVerificationManager(Integer cacheAllocatedSize, Integer cacheD
                 && cacheDelayMins < Constants.CACHE_MAX_DELAY_MINS) {
             this.cacheDelayMins = cacheDelayMins;
         }
+        log.warn("The cache delay is out of range. Hence, using the default cache delay value of "
+                + Constants.CACHE_DEFAULT_DELAY_MINS + ".");
     }
 
     public CertificateVerificationManager(Integer cacheAllocatedSize, Integer cacheDelayMins,
@@ -81,6 +83,9 @@ public CertificateVerificationManager(Integer cacheAllocatedSize, Integer cacheD
                 && cacheDelayMins < Constants.CACHE_MAX_DELAY_MINS) {
             this.cacheDelayMins = cacheDelayMins;
         }
+        log.warn("The cache delay is out of range. Hence, using the default cache delay value of "
+                + Constants.CACHE_DEFAULT_DELAY_MINS + ".");
+
         this.isFullCertChainValidationEnabled = isFullCertChainValidationEnabled;
         this.isCertExpiryValidationEnabled = isCertExpiryValidationEnabled;
     }
@@ -182,12 +187,8 @@ public void verifyCertificateValidity(javax.security.cert.X509Certificate[] peer
             }
         }
 
-        long start = System.currentTimeMillis();
-
-        OCSPCache ocspCache = OCSPCache.getCache();
-        ocspCache.init(cacheSize, cacheDelayMins);
-        CRLCache crlCache = CRLCache.getCache();
-        crlCache.init(cacheSize, cacheDelayMins);
+        OCSPCache ocspCache = OCSPCache.getCache(cacheSize, cacheDelayMins);
+        CRLCache crlCache = CRLCache.getCache(cacheSize, cacheDelayMins);
 
         RevocationVerifier[] verifiers = {new OCSPVerifier(ocspCache), new CRLVerifier(crlCache)};
 
@@ -206,7 +207,6 @@ public void verifyCertificateValidity(javax.security.cert.X509Certificate[] peer
                     CertificatePathValidator pathValidator = new CertificatePathValidator(convertedCertificates,
                             verifier);
                     pathValidator.validatePath();
-                    log.info("Path verification Successful. Took " + (System.currentTimeMillis() - start) + " ms.");
                 } else {
 
                     if (isCertExpiryValidationEnabled) {

diff --git a/.../nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/crl/CRLCache.java b/.../nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/crl/CRLCache.java
@@ -50,12 +50,13 @@ public class CRLCache implements ManageableCache {
     private CRLCache() {
     }
 
-    public static CRLCache getCache() {
+    public static CRLCache getCache(int cacheSize, int cacheDelayMins) {
         //Double checked locking
         if (cache == null) {
             synchronized (CRLCache.class) {
                 if (cache == null) {
                     cache = new CRLCache();
+                    cacheManager = new CacheManager(cache, cacheSize, cacheDelayMins);
                 }
             }
         }

diff --git a/...http/src/main/java/org/apache/synapse/transport/certificatevalidation/ocsp/OCSPCache.java b/...http/src/main/java/org/apache/synapse/transport/certificatevalidation/ocsp/OCSPCache.java
@@ -22,6 +22,7 @@
 import org.apache.commons.logging.LogFactory;
 import org.apache.synapse.commons.jmx.MBeanRegistrar;
 import org.apache.synapse.transport.certificatevalidation.CertificateVerificationException;
+import org.apache.synapse.transport.certificatevalidation.Constants;
 import org.apache.synapse.transport.certificatevalidation.cache.CacheController;
 import org.apache.synapse.transport.certificatevalidation.cache.CacheManager;
 import org.apache.synapse.transport.certificatevalidation.cache.ManageableCache;
@@ -51,12 +52,14 @@ public class OCSPCache implements ManageableCache {
 
     private OCSPCache() {}
 
-    public static OCSPCache getCache() {
+    public static OCSPCache getCache(int cacheSize, int cacheDelayMins) {
         //Double checked locking
         if (cache == null) {
             synchronized (OCSPCache.class) {
-                if (cache == null)
+                if (cache == null) {
                     cache = new OCSPCache();
+                    cacheManager = new CacheManager(cache, cacheSize, cacheDelayMins);
+                }
             }
         }
         return cache;

diff --git a/...ttp/src/test/java/org/apache/synapse/transport/certificatevalidation/CRLVerifierTest.java b/...ttp/src/test/java/org/apache/synapse/transport/certificatevalidation/CRLVerifierTest.java
@@ -88,8 +88,7 @@ public void testRevokedCertificate() throws Exception {
         //Create a crl with fakeRevokedCertificate marked as revoked.
         X509CRL x509CRL = createCRL(fakeCACert, caKeyPair.getPrivate(), revokedSerialNumber);
 
-        CRLCache cache = CRLCache.getCache();
-        cache.init(5, 5);
+        CRLCache cache = CRLCache.getCache(5, 5);
         cache.setCacheValue(crlDistributionPointUrl, x509CRL);
 
         CRLVerifier crlVerifier  = new CRLVerifier(cache);

diff --git a/...tp/src/test/java/org/apache/synapse/transport/certificatevalidation/OCSPVerifierTest.java b/...tp/src/test/java/org/apache/synapse/transport/certificatevalidation/OCSPVerifierTest.java
@@ -107,8 +107,7 @@ public void testOCSPVerifier() throws Exception{
         OCSPResp response = generateOCSPResponse(request, certificateHolder, caKeyPair.getPrivate(), caKeyPair.getPublic(), revokedID);
         SingleResp singleResp = ((BasicOCSPResp)response.getResponseObject()).getResponses()[0];
 
-        OCSPCache cache = OCSPCache.getCache();
-        cache.init(5,5);
+        OCSPCache cache = OCSPCache.getCache(5, 5);
         cache.setCacheValue(revokedSerialNumber,singleResp, request, null);
 
         OCSPVerifier ocspVerifier= new OCSPVerifier(cache);

diff --git a/...t/java/org/apache/synapse/transport/certificatevalidation/RevocationVerificationTest.java b/...t/java/org/apache/synapse/transport/certificatevalidation/RevocationVerificationTest.java
@@ -116,17 +116,15 @@ public void testOCSPPathValidationWithFakeCerts() throws Exception {
 
     private void crlPathValidation(X509Certificate[] certChain) throws Exception {
 
-        CRLCache crlCache = CRLCache.getCache();
-        crlCache.init(5, 5);
+        CRLCache crlCache = CRLCache.getCache(5, 5);
         RevocationVerifier verifier = new CRLVerifier(crlCache);
         CertificatePathValidator pathValidator = new CertificatePathValidator(certChain, verifier);
         pathValidator.validatePath();
     }
 
     private void ocspPathValidation(X509Certificate[] certChain) throws Exception {
 
-        OCSPCache ocspCache = OCSPCache.getCache();
-        ocspCache.init(5, 5);
+        OCSPCache ocspCache = OCSPCache.getCache(5, 5);
         RevocationVerifier verifier = new OCSPVerifier(ocspCache);
         CertificatePathValidator pathValidator = new CertificatePathValidator(certChain, verifier);
         pathValidator.validatePath();

diff --git a/modules/transports/core/vfs/repository/conf/vfs-move-failed-records.properties b/modules/transports/core/vfs/repository/conf/vfs-move-failed-records.properties
@@ -0,0 +1 @@
+t-0-1705986523002.txt 23/01/2024/ 10:38:43