Menu
▾
▴
Re: [Ejbca-develop] EJBCA OCSP Responder does not appear to
|
From: <oh...@ya...> - 2019-07-20 21:51:30
|
Hi,
I was doing a diff/fc file compare between the one you attached, and the last one I had that I used before, and it seems like there is a difference between those. Is the code that you just attached different than the patch you gave me before? Here's the file compare output (the "CAIMPORTCRLCOMMAND.JAVA" is the one you just attached):
Comparing files CaImportCRLCommand.java-C-WORKING-PATCH-B4-TOMAS-GAVE-NEW-ONE-ON-2019-07-20 and CAIMPORTCRLCOMMAND.JAVA
***** CaImportCRLCommand.java-C-WORKING-PATCH-B4-TOMAS-GAVE-NEW-ONE-ON-2019-07-20
final EndEntityInformation missingUserEndEntityInformation = EjbRemoteHelper.INSTANCE.getRemoteSession(
EndEntityAccessSessionRemote.class).findUser(getAuthenticationToken(), missing_user_name);
***** CAIMPORTCRLCOMMAND.JAVA
final EndEntityInformation missingUserEndEntityInformation = EjbRemoteHelper.INSTANCE.getRemoteSession(
EndEntityAccessSessionRemote.class).findUser(getAuthenticationToken(), missing_user_name);
*****
***** CaImportCRLCommand.java-C-WORKING-PATCH-B4-TOMAS-GAVE-NEW-ONE-ON-2019-07-20
private KeyPair getStaticRSAKeyPair() {
// A switch to use different keys depending on the sigAlg so we can sign using the CAs signature algorithm
final StringReader reader = new StringReader(CaImportCRLCommand.PRESIGN_VALIDATION_KEY_RSA_PRIV);
try (PEMParser pemParser = new PEMParser(reader)) {
PEMKeyPair pemKeyPair = (PEMKeyPair) pemParser.readObject();
JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
return keyConverter.getKeyPair(pemKeyPair);
} catch (IOException e) {
throw new IllegalStateException("IOException parsing hard coded presign key. This should never happen: ", e);
}
}
***** CAIMPORTCRLCOMMAND.JAVA
private static KeyPair staticKp = null;
private KeyPair getStaticRSAKeyPair() {
if (staticKp == null) {
synchronized (this) {
if (staticKp == null) {
// A switch to use different keys depending on the sigAlg so we can sign using the CAs signature algorithm
final StringReader reader = new StringReader(CaImportCRLCommand.PRESIGN_VALIDATION_KEY_RSA_PRIV);
try (PEMParser pemParser = new PEMParser(reader)) {
PEMKeyPair pemKeyPair = (PEMKeyPair) pemParser.readObject();
JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NA
ME);
staticKp = keyConverter.getKeyPair(pemKeyPair);
} catch (IOException e) {
throw new IllegalStateException("IOException parsing hard coded presign key. This should never happen:
", e);
}
}
}
}
return staticKp;
}
*****
On Saturday, July 20, 2019, 9:32:26 PM UTC, ohaya--- via Ejbca-develop <ejb...@li...> wrote:
AACK! Yes, I forgot all about that and just used the vanilla software :(! Now, if I can remember how to do that patch, I will try it :(...
Thanks,Jim
On Saturday, July 20, 2019, 8:35:09 PM UTC, Tomas Gustavsson <to...@pr...> wrote:
Did you forget to patch the java file? The top output suggest you did.
Attached the latest patched file that I used for the import.
Regards,
Tomas
On 2019-07-20 17:45, oh...@ya... wrote:
> Hi,
>
> FYI, I got the EJBCA installed on a Redhat 7.4 instance on AWS, and I
> just started testing with that same CRL, and unfortunately, it is not
> doing very well... actually even slower than on my earlier dev machine
> under VBox :(!!
>
> The AWS machine is a t2.medium instance with 70GB disk, 4GB RAM, and 2
> CPUs. I converted the tables to InnoDB and also ran the create index
> SQL script.
>
> It looks like the import is only processing about 5000 entries per hour.
|
