diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS11KeyStoreImpl.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS11KeyStoreImpl.java index e50e4944d..111a8d249 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS11KeyStoreImpl.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS11KeyStoreImpl.java @@ -268,7 +268,9 @@ public List getAllAlias() { public Key getKey(String alias) { Key key = null; try { + long startTime = System.currentTimeMillis(); key = keyStore.getKey(alias, keystorePwdCharArr); + LOGGER.debug("sessionId", "KeyStoreImpl","getKey", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); } catch (UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException e) { throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e); @@ -296,15 +298,19 @@ public PrivateKeyEntry getAsymmetricKey(String alias) { Exception exp = null; do { try { - if (keyStore.entryInstanceOf(alias, PrivateKeyEntry.class)) { + long startTime = System.currentTimeMillis(); + boolean isPrivateKeyEntry = keyStore.entryInstanceOf(alias, PrivateKeyEntry.class); + if (isPrivateKeyEntry) { LOGGER.debug("sessionId", "KeyStoreImpl", "getAsymmetricKey", "alias is instanceof keystore"); ProtectionParameter password = getPasswordProtection(); privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry(alias, password); + LOGGER.debug("sessionId", "KeyStoreImpl","getAsymmetricKey", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); if (privateKeyEntry != null) { LOGGER.debug("sessionId", "KeyStoreImpl", "getAsymmetricKey", "privateKeyEntry is not null"); break; } } else { + LOGGER.debug("sessionId", "KeyStoreImpl","getAsymmetricKey", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); throw new NoSuchSecurityProviderException(KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorCode(), KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorMessage() + alias); } @@ -413,15 +419,19 @@ public SecretKey getSymmetricKey(String alias) { Exception exp = null; do { try { - if (keyStore.entryInstanceOf(alias, SecretKeyEntry.class)) { + long startTime = System.currentTimeMillis(); + boolean isSecretKeyEntry = keyStore.entryInstanceOf(alias, SecretKeyEntry.class); + if (isSecretKeyEntry) { ProtectionParameter password = getPasswordProtection(); SecretKeyEntry retrivedSecret = (SecretKeyEntry) keyStore.getEntry(alias, password); + LOGGER.debug("sessionId", "KeyStoreImpl","getSymmetricKey", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); secretKey = retrivedSecret.getSecretKey(); if (secretKey != null) { LOGGER.debug("sessionId", "KeyStoreImpl", "getSymmetricKey", "secretKey is not null"); break; } } else { + LOGGER.debug("sessionId", "KeyStoreImpl","getSymmetricKey", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); throw new NoSuchSecurityProviderException(KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorCode(), KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorMessage() + alias); } @@ -468,8 +478,10 @@ private void storeCertificate(String alias, Certificate[] chain, PrivateKey priv PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry(privateKey, chain); ProtectionParameter password = getPasswordProtection(); try { + long startTime = System.currentTimeMillis(); keyStore.setEntry(alias, privateKeyEntry, password); keyStore.store(null, keystorePwdCharArr); + LOGGER.debug("sessionId", "KeyStoreImpl","storeCertificate", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage()); @@ -530,8 +542,10 @@ public void generateAndStoreSymmetricKey(String alias) { SecretKeyEntry secret = new SecretKeyEntry(secretKey); ProtectionParameter password = getPasswordProtection(); try { + long startTime = System.currentTimeMillis(); keyStore.setEntry(alias, secret, password); keyStore.store(null, keystorePwdCharArr); + LOGGER.debug("sessionId", "KeyStoreImpl","generateAndStoreSymmetricKey", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e); @@ -542,7 +556,10 @@ private KeyPair generateRSAKeyPair() { try { KeyPairGenerator generator = KeyPairGenerator.getInstance(asymmetricKeyAlgorithm, provider); generator.initialize(asymmetricKeyLength, secureRandom); - return generator.generateKeyPair(); + long startTime = System.currentTimeMillis(); + KeyPair keyPair = generator.generateKeyPair(); + LOGGER.debug("sessionId", "KeyStoreImpl","generateRSAKeyPair", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); + return keyPair; } catch (java.security.NoSuchAlgorithmException e) { throw new io.mosip.kernel.core.exception.NoSuchAlgorithmException( KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorCode(), @@ -558,7 +575,10 @@ private KeyPair generateECKeyPair(String ecCurve) { } KeyPairGenerator generator = KeyPairGenerator.getInstance(asymmetricECKeyAlgorithm, provider); generator.initialize(new ECGenParameterSpec(ecCurve), secureRandom); - return generator.generateKeyPair(); + long startTime = System.currentTimeMillis(); + KeyPair keyPair = generator.generateKeyPair(); + LOGGER.debug("sessionId", "KeyStoreImpl","generateECKeyPair", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); + return keyPair; } catch (java.security.NoSuchAlgorithmException | InvalidAlgorithmParameterException e) { throw new io.mosip.kernel.core.exception.NoSuchAlgorithmException( KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorCode(), @@ -570,13 +590,16 @@ private SecretKey generateSymmetricKey() { try { KeyGenerator generator = KeyGenerator.getInstance(symmetricKeyAlgorithm, provider); generator.init(symmetricKeyLength, secureRandom); - return generator.generateKey(); + long startTime = System.currentTimeMillis(); + SecretKey secretKey = generator.generateKey(); + LOGGER.debug("sessionId", "KeyStoreImpl","generateSymmetricKey", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); + return secretKey; } catch (java.security.NoSuchAlgorithmException e) { throw new io.mosip.kernel.core.exception.NoSuchAlgorithmException( KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorCode(), KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorMessage(), e); } - + } @Override @@ -584,8 +607,10 @@ public void storeCertificate(String alias, PrivateKey privateKey, Certificate ce try { PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry(privateKey, new Certificate[] {certificate}); ProtectionParameter password = getPasswordProtection(); + long startTime = System.currentTimeMillis(); keyStore.setEntry(alias, privateKeyEntry, password); keyStore.store(null, keystorePwdCharArr); + LOGGER.debug("sessionId", "KeyStoreImpl","storeCertificate", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e); diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/util/CertificateUtility.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/util/CertificateUtility.java index 93c6ae937..82024c1d9 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/util/CertificateUtility.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanager/hsm/util/CertificateUtility.java @@ -14,9 +14,12 @@ import javax.security.auth.x500.X500Principal; +import io.mosip.kernel.core.logger.spi.Logger; +import io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl; import io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant; import io.mosip.kernel.keymanagerservice.dto.ExtendedCertificateParameters; import io.mosip.kernel.keymanagerservice.dto.SubjectAlternativeNamesDto; +import io.mosip.kernel.keymanagerservice.logger.KeymanagerLogger; import org.bouncycastle.asn1.*; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x500.X500NameBuilder; @@ -45,7 +48,8 @@ */ public class CertificateUtility { - + private static final Logger LOGGER = KeymanagerLogger.getLogger(CertificateUtility.class); + /** * Private constructor for CertificateUtility */ @@ -123,7 +127,9 @@ private static X509Certificate generateX509Certificate(PrivateKey signPrivateKey certBuilder.addExtension(Extension.basicConstraints, true, basicConstraints); certBuilder.addExtension(Extension.subjectKeyIdentifier, false, certExtUtils.createSubjectKeyIdentifier(publicKey)); certBuilder.addExtension(Extension.keyUsage, true, keyUsage); + long startTime = System.currentTimeMillis(); X509CertificateHolder certHolder = certBuilder.build(certContentSigner); + LOGGER.debug("sessionId", "CertificateUtility","generateX509Certificate", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); return new JcaX509CertificateConverter().getCertificate(certHolder); } catch (OperatorCreationException | NoSuchAlgorithmException | CertificateException | IOException e) { throw new KeystoreProcessingException(KeymanagerErrorCode.CERTIFICATE_PROCESSING_ERROR.getErrorCode(), @@ -147,7 +153,9 @@ private static X509Certificate generateX509Certificate(PrivateKey signPrivateKey if (altNames != null && altNames.length > 0) { certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(altNames)); } + long startTime = System.currentTimeMillis(); X509CertificateHolder certHolder = certBuilder.build(certContentSigner); + LOGGER.debug("sessionId", "CertificateUtility","generateX509Certificate", "HSM interaction time(ms): " + (System.currentTimeMillis() - startTime)); return new JcaX509CertificateConverter().getCertificate(certHolder); } catch (OperatorCreationException | NoSuchAlgorithmException | CertificateException | IOException e) { throw new KeystoreProcessingException(KeymanagerErrorCode.CERTIFICATE_PROCESSING_ERROR.getErrorCode(),