[
https://issues.apache.org/jira/browse/ARTEMIS-5902?focusedWorklogId=1007553&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1007553
]
ASF GitHub Bot logged work on ARTEMIS-5902:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 02/Mar/26 21:25
Start Date: 02/Mar/26 21:25
Worklog Time Spent: 10m
Work Description: tabish121 commented on code in PR #6258:
URL: https://github.com/apache/artemis/pull/6258#discussion_r2874738244
##########
artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java:
##########
@@ -569,9 +582,26 @@ private boolean checkAuthorizationCache(final SimpleString
dest, final String us
}
private String createAuthenticationCacheKey(String username, String
password, RemotingConnection connection) {
+ MessageDigest md = getDigest();
+ if (username != null) {
+ md.update(username.getBytes(StandardCharsets.UTF_8));
+ }
+ md.update(CACHE_KEY_SEPARATOR);
+ if (password != null) {
+ md.update(password.getBytes(StandardCharsets.UTF_8));
+ }
+ md.update(CACHE_KEY_SEPARATOR);
+ String certSubjectDN = CertificateUtil.getCertSubjectDN(connection);
+ if (!CERT_SUBJECT_DN_UNAVAILABLE.equals(certSubjectDN)) {
+ md.update(certSubjectDN.getBytes(StandardCharsets.UTF_8));
+ }
+ return ByteUtil.bytesToHex(md.digest());
+ }
+
+ private static MessageDigest getDigest() {
try {
- return
ByteUtil.bytesToHex(MessageDigest.getInstance("SHA-256").digest((username +
password +
CertificateUtil.getCertSubjectDN(connection)).getBytes(StandardCharsets.UTF_8)));
- } catch (NoSuchAlgorithmException e) {
+ return (MessageDigest) SHA256.clone();
+ } catch (CloneNotSupportedException e) {
Review Comment:
Logging is a good addition. Given users want it to work and it can
regardless of the clone support falling back and maybe losing some performance
is acceptable vs not working at all.
Issue Time Tracking
-------------------
Worklog Id: (was: 1007553)
Time Spent: 0.5h (was: 20m)
> Optimize authentication cache key creation
> ------------------------------------------
>
> Key: ARTEMIS-5902
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5902
> Project: Artemis
> Issue Type: Improvement
> Reporter: Justin Bertram
> Assignee: Justin Bertram
> Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Currently the process to create an authentication cache key involves _always_
> invoking {{java.security.MessageDigest#getInstance(java.lang.String)}}. This
> isn't strictly necessary. We can use a pattern similar to
> {{org.apache.activemq.artemis.protocol.amqp.sasl.scram.ScramServerFunctionalityImpl}}
> which uses {{clone()}} on the {{MessageDigest}} to avoid invoking
> {{getInstance}} every time.
> Also, we can hash fewer bytes and avoid unnecessary String concatenations by
> inspecting each part of the input and only adding bytes that actually make a
> difference to the final hash.
> These are relatively minor improvements, but are simple and still worth doing.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
