Serious performance issue, bug was initially filed against Apache Santuario. From https://issues.apache.org/jira/browse/SANTUARIO-393 : After upgrading from xmlsec (java) 1.4 to 1.5 we saw a significant drop in signature generation performance especially when using a network based HSM. After some investigation it turns out that the problem is that the hashing is done with one byte at a time which with network latencies gives the bad performance. Looking in the code of DOMSignedInfo.java it looks like the code intends to use an UnsyncBufferedOutputStream however only its close method is actually called, which as far as I can see won't have any side affect at all when operated on a ByteArrayOutputStream. The attached patch resolves the performance issue by actually using the UnsyncBufferedOutputStream and that way perform the digests on a possibly full buffer instead of byte by byte. The patch has been tested on version 1.5.5 but also applies on 1.5.6.
|