Comments (3)
Your proposed approach sounds like a good idea. Just a little background on what we used so far (and why):
We started our development with an older version of the SECON library that didn't yet support retrieving public keys from LDAP. Also, inside our environment we had several LDAP directories for private keys, none of them being highly available. For that reason, we implemented our own LDAP client and decorated that with a cache for 2 reasons:
- To circumvent the fact that we have several non highly available LDAP servers our client queries all of the available servers, until the first non-error response is received
- To limit the number of LDAP calls and circumvent a situation where none of the servers might be available, we implemented a cache.
For caching, we decorated our LDAP client with a read-through implementation built upon caffeine. Here, we use a two-phase eviction strategy:
- Asynchronously refresh public keys that haven't been fetched for a while. If that fails, keep the last known entry
- Evict public keys after they haven't been fetched (i.e. used) for a while
This code snippet might make it more clear how the cache is configured (pretty standard, nothing exotic here):
Caffeine.newBuilder()
.ticker(ticker) // optional time source
.refreshAfterWrite(ldapCacheConfiguration.getRefreshAfter()) // triggers asynchronous refresh of stale entries
.expireAfterWrite(ldapCacheConfiguration.getExpireAfter()) // evicts expired entries
.build(ldapClient::findCertificates); // the decorated ldap call
Since this is something that we used outside of SECON, this would need to be adjusted to match the call structure of the SECON library. So far though, our experience with caffeine was quite good.
Sorry for the wall of text, I just wanted to make our intent clear. I hope this is helpful! In case you'd like to further discuss possible implementation approaches, please let me know.
Thanks, and a happy new year to you!
from secon-tool.
In case caching is something that would be considered a helpful feature we'd be happy to provide the functionality for this (e.g., create a pull request).
from secon-tool.
We have discussed this topic. Our thinking is that this should be implemented as a LRU heap cache (maybe using LinkedHashMap
) using the decorator pattern for the Directory
interface. The facade class SECON
should then provide another method to decorate a given Directory
object. So then, a user could simply mix a cache into the configuration of the subscriber by calling this method.
If you have such an implementation, your merge request would be very welcome. Otherwise, let's discuss your design.
from secon-tool.
Related Issues (19)
- Clarify license situation HOT 2
- RSASSA-PSS 4096 doesn't work HOT 4
- Please consider renaming this repository HOT 2
- Please create a first release HOT 5
- Improve documentation over the command line tool params HOT 6
- Add fun-io-bios library to JAR HOT 10
- (Non-)usage of parameter "employerNumber" in "sign" and "decrypt" HOT 3
- No need to declare a transitive dependency HOT 1
- use RSAES-OAEP algorithm for 4096 bit keys HOT 1
- Broken link to SECON spec HOT 1
- Use embedded certificates HOT 7
- CertificateNotFoundException HOT 1
- Verification of valid/strong encryption algorithm HOT 1
- bouncycastle 1.6.4 has CVE-2020-15522 HOT 4
- SECON uses BouncyCastleProvider with old version 1.68 HOT 2
- Ist es ein Fehler wegen Signatur oder was fΓΌr ein Problem haben wir? HOT 1
- Doesn't compile on Java 8 HOT 4
- fat-jar misses generators for apsec private key HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secon-tool.