From 09b48b314fa878b08f5287ee7ab2026ac5f29a01 Mon Sep 17 00:00:00 2001 From: akila94 Date: Tue, 23 Jan 2024 10:39:53 +0530 Subject: [PATCH] Fix PR comments --- .../CertificateVerificationManager.java | 14 +++++++------- .../certificatevalidation/crl/CRLCache.java | 3 ++- .../certificatevalidation/ocsp/OCSPCache.java | 7 +++++-- .../certificatevalidation/CRLVerifierTest.java | 3 +-- .../certificatevalidation/OCSPVerifierTest.java | 3 +-- .../RevocationVerificationTest.java | 6 ++---- .../conf/vfs-move-failed-records.properties | 1 + 7 files changed, 19 insertions(+), 18 deletions(-) create mode 100644 modules/transports/core/vfs/repository/conf/vfs-move-failed-records.properties diff --git a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/CertificateVerificationManager.java b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/CertificateVerificationManager.java index ceca801109..93ca51e710 100644 --- a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/CertificateVerificationManager.java +++ b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/CertificateVerificationManager.java @@ -67,6 +67,8 @@ public CertificateVerificationManager(Integer cacheAllocatedSize, Integer cacheD && cacheDelayMins < Constants.CACHE_MAX_DELAY_MINS) { this.cacheDelayMins = cacheDelayMins; } + log.warn("The cache delay is out of range. Hence, using the default cache delay value of " + + Constants.CACHE_DEFAULT_DELAY_MINS + "."); } public CertificateVerificationManager(Integer cacheAllocatedSize, Integer cacheDelayMins, @@ -81,6 +83,9 @@ public CertificateVerificationManager(Integer cacheAllocatedSize, Integer cacheD && cacheDelayMins < Constants.CACHE_MAX_DELAY_MINS) { this.cacheDelayMins = cacheDelayMins; } + log.warn("The cache delay is out of range. Hence, using the default cache delay value of " + + Constants.CACHE_DEFAULT_DELAY_MINS + "."); + this.isFullCertChainValidationEnabled = isFullCertChainValidationEnabled; this.isCertExpiryValidationEnabled = isCertExpiryValidationEnabled; } @@ -182,12 +187,8 @@ public void verifyCertificateValidity(javax.security.cert.X509Certificate[] peer } } - long start = System.currentTimeMillis(); - - OCSPCache ocspCache = OCSPCache.getCache(); - ocspCache.init(cacheSize, cacheDelayMins); - CRLCache crlCache = CRLCache.getCache(); - crlCache.init(cacheSize, cacheDelayMins); + OCSPCache ocspCache = OCSPCache.getCache(cacheSize, cacheDelayMins); + CRLCache crlCache = CRLCache.getCache(cacheSize, cacheDelayMins); RevocationVerifier[] verifiers = {new OCSPVerifier(ocspCache), new CRLVerifier(crlCache)}; @@ -206,7 +207,6 @@ public void verifyCertificateValidity(javax.security.cert.X509Certificate[] peer CertificatePathValidator pathValidator = new CertificatePathValidator(convertedCertificates, verifier); pathValidator.validatePath(); - log.info("Path verification Successful. Took " + (System.currentTimeMillis() - start) + " ms."); } else { if (isCertExpiryValidationEnabled) { diff --git a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/crl/CRLCache.java b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/crl/CRLCache.java index 11db425524..2597960102 100644 --- a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/crl/CRLCache.java +++ b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/crl/CRLCache.java @@ -50,12 +50,13 @@ public class CRLCache implements ManageableCache { private CRLCache() { } - public static CRLCache getCache() { + public static CRLCache getCache(int cacheSize, int cacheDelayMins) { //Double checked locking if (cache == null) { synchronized (CRLCache.class) { if (cache == null) { cache = new CRLCache(); + cacheManager = new CacheManager(cache, cacheSize, cacheDelayMins); } } } diff --git a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/ocsp/OCSPCache.java b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/ocsp/OCSPCache.java index 471323e6b3..cf904cd3f4 100644 --- a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/ocsp/OCSPCache.java +++ b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/certificatevalidation/ocsp/OCSPCache.java @@ -22,6 +22,7 @@ import org.apache.commons.logging.LogFactory; import org.apache.synapse.commons.jmx.MBeanRegistrar; import org.apache.synapse.transport.certificatevalidation.CertificateVerificationException; +import org.apache.synapse.transport.certificatevalidation.Constants; import org.apache.synapse.transport.certificatevalidation.cache.CacheController; import org.apache.synapse.transport.certificatevalidation.cache.CacheManager; import org.apache.synapse.transport.certificatevalidation.cache.ManageableCache; @@ -51,12 +52,14 @@ public class OCSPCache implements ManageableCache { private OCSPCache() {} - public static OCSPCache getCache() { + public static OCSPCache getCache(int cacheSize, int cacheDelayMins) { //Double checked locking if (cache == null) { synchronized (OCSPCache.class) { - if (cache == null) + if (cache == null) { cache = new OCSPCache(); + cacheManager = new CacheManager(cache, cacheSize, cacheDelayMins); + } } } return cache; diff --git a/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/CRLVerifierTest.java b/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/CRLVerifierTest.java index 38d7964b8a..ec582f9dd7 100644 --- a/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/CRLVerifierTest.java +++ b/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/CRLVerifierTest.java @@ -88,8 +88,7 @@ public void testRevokedCertificate() throws Exception { //Create a crl with fakeRevokedCertificate marked as revoked. X509CRL x509CRL = createCRL(fakeCACert, caKeyPair.getPrivate(), revokedSerialNumber); - CRLCache cache = CRLCache.getCache(); - cache.init(5, 5); + CRLCache cache = CRLCache.getCache(5, 5); cache.setCacheValue(crlDistributionPointUrl, x509CRL); CRLVerifier crlVerifier = new CRLVerifier(cache); diff --git a/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/OCSPVerifierTest.java b/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/OCSPVerifierTest.java index 9c2299bb2b..9d4f0a01bd 100644 --- a/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/OCSPVerifierTest.java +++ b/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/OCSPVerifierTest.java @@ -107,8 +107,7 @@ public void testOCSPVerifier() throws Exception{ OCSPResp response = generateOCSPResponse(request, certificateHolder, caKeyPair.getPrivate(), caKeyPair.getPublic(), revokedID); SingleResp singleResp = ((BasicOCSPResp)response.getResponseObject()).getResponses()[0]; - OCSPCache cache = OCSPCache.getCache(); - cache.init(5,5); + OCSPCache cache = OCSPCache.getCache(5, 5); cache.setCacheValue(revokedSerialNumber,singleResp, request, null); OCSPVerifier ocspVerifier= new OCSPVerifier(cache); diff --git a/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/RevocationVerificationTest.java b/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/RevocationVerificationTest.java index 7f282dd86c..9adc063ea0 100644 --- a/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/RevocationVerificationTest.java +++ b/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/certificatevalidation/RevocationVerificationTest.java @@ -116,8 +116,7 @@ public void testOCSPPathValidationWithFakeCerts() throws Exception { private void crlPathValidation(X509Certificate[] certChain) throws Exception { - CRLCache crlCache = CRLCache.getCache(); - crlCache.init(5, 5); + CRLCache crlCache = CRLCache.getCache(5, 5); RevocationVerifier verifier = new CRLVerifier(crlCache); CertificatePathValidator pathValidator = new CertificatePathValidator(certChain, verifier); pathValidator.validatePath(); @@ -125,8 +124,7 @@ private void crlPathValidation(X509Certificate[] certChain) throws Exception { private void ocspPathValidation(X509Certificate[] certChain) throws Exception { - OCSPCache ocspCache = OCSPCache.getCache(); - ocspCache.init(5, 5); + OCSPCache ocspCache = OCSPCache.getCache(5, 5); RevocationVerifier verifier = new OCSPVerifier(ocspCache); CertificatePathValidator pathValidator = new CertificatePathValidator(certChain, verifier); pathValidator.validatePath(); diff --git a/modules/transports/core/vfs/repository/conf/vfs-move-failed-records.properties b/modules/transports/core/vfs/repository/conf/vfs-move-failed-records.properties new file mode 100644 index 0000000000..8f1ee4a76d --- /dev/null +++ b/modules/transports/core/vfs/repository/conf/vfs-move-failed-records.properties @@ -0,0 +1 @@ +t-0-1705986523002.txt 23/01/2024/ 10:38:43 \ No newline at end of file