HSM, 암호화 관련 테스트 수행 중 수정
This commit is contained in:
@@ -44,9 +44,25 @@ public class HsmCryptoService implements PropertyChangeListener {
|
||||
private static final String PROP_GROUP = "HSM";
|
||||
private static final String PROP_CACHE_RELOAD_YN = "CACHE_RELOAD_YN";
|
||||
|
||||
private static final long CACHE_TTL_MS = 10 * 60 * 1000; // 10분, 필요시 PropManager로 외부화
|
||||
|
||||
private static class CachedKey<T> {
|
||||
final T key;
|
||||
final long cachedAt;
|
||||
|
||||
CachedKey(T key) {
|
||||
this.key = key;
|
||||
this.cachedAt = System.currentTimeMillis();
|
||||
}
|
||||
|
||||
boolean isExpired() {
|
||||
return System.currentTimeMillis() - cachedAt > CACHE_TTL_MS;
|
||||
}
|
||||
}
|
||||
|
||||
// HSM 통신 최소화: 최초 1회 조회 후 JVM 메모리에 캐싱
|
||||
private final ConcurrentHashMap<String, SecretKey> secretKeyCache = new ConcurrentHashMap<String, SecretKey>();
|
||||
private final ConcurrentHashMap<String, PublicKey> publicKeyCache = new ConcurrentHashMap<String, PublicKey>();
|
||||
private final ConcurrentHashMap<String, CachedKey<SecretKey>> secretKeyCache = new ConcurrentHashMap<>();
|
||||
private final ConcurrentHashMap<String, CachedKey<PublicKey>> publicKeyCache = new ConcurrentHashMap<>();
|
||||
|
||||
@Autowired
|
||||
private PropManager propManager;
|
||||
@@ -81,9 +97,9 @@ public class HsmCryptoService implements PropertyChangeListener {
|
||||
*/
|
||||
public PublicKey getPublicKey(String keyAlias) throws HsmException {
|
||||
checkReady();
|
||||
PublicKey cached = publicKeyCache.get(keyAlias);
|
||||
if (cached != null) {
|
||||
return cached;
|
||||
CachedKey<PublicKey> cached = publicKeyCache.get(keyAlias);
|
||||
if (cached != null && !cached.isExpired()) {
|
||||
return cached.key;
|
||||
}
|
||||
try {
|
||||
Certificate cert = HsmManager.getInstance().getKeyStore().getCertificate(keyAlias);
|
||||
@@ -91,7 +107,7 @@ public class HsmCryptoService implements PropertyChangeListener {
|
||||
throw new HsmException("인증서를 찾을 수 없습니다. alias=" + keyAlias);
|
||||
}
|
||||
PublicKey key = cert.getPublicKey();
|
||||
publicKeyCache.put(keyAlias, key);
|
||||
publicKeyCache.put(keyAlias, new CachedKey<>(key));
|
||||
logger.warn("HsmCryptoService] 공개키 캐시 등록: alias=" + keyAlias);
|
||||
return key;
|
||||
} catch (HsmException e) {
|
||||
@@ -107,20 +123,21 @@ public class HsmCryptoService implements PropertyChangeListener {
|
||||
*/
|
||||
public SecretKey getSecretKey(String keyAlias) throws HsmException {
|
||||
checkReady();
|
||||
SecretKey cached = secretKeyCache.get(keyAlias);
|
||||
if (cached != null) {
|
||||
return cached;
|
||||
CachedKey<SecretKey> cached = secretKeyCache.get(keyAlias);
|
||||
if (cached != null && !cached.isExpired()) {
|
||||
return cached.key;
|
||||
}
|
||||
try {
|
||||
KeyStore keyStore = HsmManager.getInstance().getKeyStore();
|
||||
java.security.Key key = keyStore.getKey(keyAlias, null);
|
||||
if (!(key instanceof SecretKey)) {
|
||||
throw new HsmException("AES 키를 찾을 수 없습니다 (CKA_EXTRACTABLE=true 확인 필요). alias=" + keyAlias);
|
||||
if (key == null) {
|
||||
throw new HsmException("인증서를 찾을 수 없습니다. alias=" + keyAlias);
|
||||
}
|
||||
SecretKey secretKey = (SecretKey) key;
|
||||
secretKeyCache.put(keyAlias, secretKey);
|
||||
logger.warn("HsmCryptoService] 대칭키 캐시 등록: alias=" + keyAlias);
|
||||
secretKeyCache.put(keyAlias, new CachedKey<>(secretKey));
|
||||
logger.warn("HsmCryptoService] 대칭키 캐시 등록(갱신): alias=" + keyAlias);
|
||||
return secretKey;
|
||||
|
||||
} catch (HsmException e) {
|
||||
throw e;
|
||||
} catch (Exception e) {
|
||||
|
||||
Reference in New Issue
Block a user