New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Also cache certificate and fingerprint in DtlsControlImpl #109

Merged
merged 1 commit into from Mar 21, 2016
Jump to file or symbol
Failed to load files and symbols.
+64 −39
Diff settings

Always

Just for now

@@ -117,15 +117,29 @@
= DtlsControlImpl.class.getName() + ".verifyAndValidateCertificate";
/**
* A private and public keys cached for 24 hours.
* {@link #keyPair} cache
*/
private static AsymmetricCipherKeyPair _keyPairCache;
private static AsymmetricCipherKeyPair cacheKeyPair;
/**
* {@link #_keyPairCache} generation timestamp (in milliseconds of system
* time).
* {@link #certificate} cache
*/
private static long _keyPairCacheTimestamp;
private static org.bouncycastle.crypto.tls.Certificate cacheCertificate;
/**
* {@link #localFingerprintHashFunction} cache
*/
private static String cacheLocalFingerprintHashFunction;
/**
* {@link #localFingerprint} cache
*/
private static String cacheLocalFingerprint;
/**
* cache generation timestamp (in milliseconds of system time).
*/
private static long cacheTimestamp;
static
{
@@ -384,28 +398,20 @@ private static X500Name generateCN()
}
/**
* Return a pair of RSA private and public keys. We cache it for 24 hours.
* Return a pair of RSA private and public keys.
*
* @return a pair of private and public keys
*/
private static synchronized AsymmetricCipherKeyPair generateKeyPair()
private static AsymmetricCipherKeyPair generateKeyPair()
{
if (_keyPairCache == null
|| _keyPairCacheTimestamp + ONE_DAY
< System.currentTimeMillis())
{
RSAKeyPairGenerator generator = new RSAKeyPairGenerator();
generator.init(
new RSAKeyGenerationParameters(
new BigInteger("10001", 16),
createSecureRandom(),
1024,
80));
_keyPairCache = generator.generateKeyPair();
_keyPairCacheTimestamp = System.currentTimeMillis();
}
return _keyPairCache;
RSAKeyPairGenerator generator = new RSAKeyPairGenerator();
generator.init(
new RSAKeyGenerationParameters(
new BigInteger("10001", 16),
createSecureRandom(),
1024,
80));
return generator.generateKeyPair();
}
/**
@@ -484,6 +490,31 @@ private static synchronized AsymmetricCipherKeyPair generateKeyPair()
}
}
/**
* generate a new KeyPair and Certificate
*/
private static void refreshKeyCertCache()
{
cacheKeyPair = generateKeyPair();
org.bouncycastle.asn1.x509.Certificate x509Certificate =
generateX509Certificate(generateCN(), cacheKeyPair);
cacheCertificate =
new org.bouncycastle.crypto.tls.Certificate(
new org.bouncycastle.asn1.x509.Certificate[]
{
x509Certificate
});
cacheLocalFingerprintHashFunction = findHashFunction(x509Certificate);
cacheLocalFingerprint =
computeFingerprint(
x509Certificate,
cacheLocalFingerprintHashFunction);
cacheTimestamp = System.currentTimeMillis();
}
/**
* Gets the <tt>String</tt> representation of a fingerprint specified in the
* form of an array of <tt>byte</tt>s in accord with RFC 4572.
@@ -600,22 +631,16 @@ public DtlsControlImpl(boolean disableSRTP)
this.disableSRTP = disableSRTP;
keyPair = generateKeyPair();
org.bouncycastle.asn1.x509.Certificate x509Certificate
= generateX509Certificate(generateCN(), keyPair);
certificate
= new org.bouncycastle.crypto.tls.Certificate(
new org.bouncycastle.asn1.x509.Certificate[]
{
x509Certificate
});
localFingerprintHashFunction = findHashFunction(x509Certificate);
localFingerprint
= computeFingerprint(
x509Certificate,
localFingerprintHashFunction);
synchronized (DtlsControlImpl.class)
{
if (cacheTimestamp + ONE_DAY < System.currentTimeMillis())
refreshKeyCertCache();
keyPair = cacheKeyPair;
certificate = cacheCertificate;
localFingerprintHashFunction = cacheLocalFingerprintHashFunction;
localFingerprint = cacheLocalFingerprint;
}
}
/**
ProTip! Use n and p to navigate between commits in a pull request.