Re: [Ejbca-develop] EJBCA OCSP Responder does not appear to

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

 Hi,
I built the new class and JAR and am testing.  This looks better.  It's not quite the rate that you are seeing but it's much better than what I was seeing before.
So now it looks like I am getting about 1073 per minute, which is about 17 per second.  I added some text to the class before I built it (not a lot, just some additional strings so I could verify I was using the modified class), so I know for sure that I am using the modified Java class.
So anyway, it looks like we are down to about 15 hours to import that one CRL now :) ...
Jim

    On Saturday, July 20, 2019, 9:51:43 PM UTC, ohaya--- via Ejbca-develop <ejb...@li...> wrote:  

  Hi,
I was doing a diff/fc file compare between the one you attached, and the last one I had that I used before, and it seems like there is a difference between those.  Is the code that you just attached different than the patch you gave me before?  Here's the file compare output (the "CAIMPORTCRLCOMMAND.JAVA" is the one you just attached):

Comparing files CaImportCRLCommand.java-C-WORKING-PATCH-B4-TOMAS-GAVE-NEW-ONE-ON-2019-07-20 and CAIMPORTCRLCOMMAND.JAVA
***** CaImportCRLCommand.java-C-WORKING-PATCH-B4-TOMAS-GAVE-NEW-ONE-ON-2019-07-20
                        final EndEntityInformation missingUserEndEntityInformation = EjbRemoteHelper.INSTANCE.getRemoteSession(

                                EndEntityAccessSessionRemote.class).findUser(getAuthenticationToken(), missing_user_name);
***** CAIMPORTCRLCOMMAND.JAVA
                        final EndEntityInformation missingUserEndEntityInformation = EjbRemoteHelper.INSTANCE.getRemoteSession(
                                EndEntityAccessSessionRemote.class).findUser(getAuthenticationToken(), missing_user_name);
*****

***** CaImportCRLCommand.java-C-WORKING-PATCH-B4-TOMAS-GAVE-NEW-ONE-ON-2019-07-20

    private KeyPair getStaticRSAKeyPair() {
        // A switch to use different keys depending on the sigAlg so we can sign using the CAs signature algorithm
        final StringReader reader = new StringReader(CaImportCRLCommand.PRESIGN_VALIDATION_KEY_RSA_PRIV);
        try (PEMParser pemParser = new PEMParser(reader)) {
            PEMKeyPair pemKeyPair = (PEMKeyPair) pemParser.readObject();
            JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
            return keyConverter.getKeyPair(pemKeyPair);
        } catch (IOException e) {
            throw new IllegalStateException("IOException parsing hard coded presign key. This should never happen: ", e);
        }
    }
***** CAIMPORTCRLCOMMAND.JAVA

    private static KeyPair staticKp = null;
    private KeyPair getStaticRSAKeyPair() {
        if (staticKp == null) {
            synchronized (this) {
                if (staticKp == null) {
                    // A switch to use different keys depending on the sigAlg so we can sign using the CAs signature algorithm
                    final StringReader reader = new StringReader(CaImportCRLCommand.PRESIGN_VALIDATION_KEY_RSA_PRIV);
                    try (PEMParser pemParser = new PEMParser(reader)) {
                        PEMKeyPair pemKeyPair = (PEMKeyPair) pemParser.readObject();
                        JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NA
ME);
                        staticKp = keyConverter.getKeyPair(pemKeyPair);
                    } catch (IOException e) {
                        throw new IllegalStateException("IOException parsing hard coded presign key. This should never happen:
", e);
                    }
                }
            }
        }
        return staticKp;
    }
*****

    On Saturday, July 20, 2019, 9:32:26 PM UTC, ohaya--- via Ejbca-develop <ejb...@li...> wrote:  

  AACK!  Yes, I forgot all about that and just used the vanilla software :(!  Now, if I can remember how to do that patch, I will try it :(...
Thanks,Jim

    On Saturday, July 20, 2019, 8:35:09 PM UTC, Tomas Gustavsson <to...@pr...> wrote:  

Did you forget to patch the java file? The top output suggest you did.
Attached the latest patched file that I used for the import.

Regards,
Tomas

On 2019-07-20 17:45, oh...@ya... wrote:
> Hi,
> 
> FYI, I got the EJBCA installed on a Redhat 7.4 instance on AWS, and I
> just started testing with that same CRL, and unfortunately, it is not
> doing very well... actually even slower than on my earlier dev machine
> under VBox :(!!
> 
> The AWS machine is a t2.medium instance with 70GB disk, 4GB RAM, and 2
> CPUs.  I converted the tables to InnoDB and also ran the create index
> SQL script.
> 
> It looks like the import is only processing about 5000 entries per hour.
  _______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop