Here some data I sent some years ago when doing some
perfomce measuring for WSS4J with BC and a a first JuiCE
prototype.
Some WSS4J classes had some "timer" facilities to log
processing times during various steps of WSS4J processing
Here the "old" E-mail:
All,
using the same hardware as described below, using the same
test scenario I did some tests using a special BouncyCastle
library that uses the openSSL crypto library to do
encryption /decryption, hashing, and signature.
To enable special BC (JuiCE) provider no modifications in WSS4J
nor in XML-SEC were necessary (except setting the provider
id which is a standard method in both cases).
The new combination results in some very good performance
enhancements (values for BC parenthesis):
Request send (client side):
Total time from entering "WSDoAllSender" up to exit: typically about
16-18ms (34-37ms)
- time spend to sign: about 8-9ms (27-28)ms overall
xml-sec Signature processing took about
5-6ms (24-24ms)
- time spend to encrypt (symm/asymm): about 5-6ms (5-6ms)
no real improvement here because only a few bytes of
data to encrypt
Request receive (server side):
Total time from entering WSDoAllReceiver up to exit: typically
about 24-26ms (42-47ms)
- time spend to verify: about 2-4ms (5-6ms)
- time spend to decrypt: about 12-14ms (24-26ms)
(about 40% of time spent in
decrypting the symmetric key
using the private key (3-5ms),
rest in 3DES decryption of
content)
WSS4J processing is about twice as fast when using the openSSL
crypto lib compared to the SUN or BC provider. Caveat: this is
no "Java only" application anymore but needs the openSSL crypto
library - and this is a C implementation.
The most prominent enhancement was in the public key processing:
when doing encryption with the private key I got a 3-4 times
better performance, this also results in very good XML-SEC
processing times.
Because the WSS4J processing is only part of the overall
processing of a request/response pair (Axis internal, operating
system overhead, internal JVM processing, GC, etc need some CPU
cycles as well) the overall improvement is somewhere between 30%
and 40%, depending on the other processing.
Regards,
Werner
> -----Urspr?ngliche Nachricht-----
> Von: Werner Dittmann [mailto:[EMAIL PROTECTED]
> Gesendet: Dienstag, 13. September 2005 23:58
> An: [email protected]
> Betreff: Some infos about performance of WSS4J together with Axis
>
>
> All,
>
> because quite some mail was triggered because of ideas to use better
> parsers, faster memory algorithms, etc. I did some
> performance tests. To
> do this I used the "scenario3" of the interop tests. You may find the
> deployment files in the interop directory and subdirectories thereof.
>
> Test case: Scenario 3
> Request flow: Sign body, encrypt body after signing, add a timestap
> - Signature certificate in the request (DirectReference), Signature
> algorithm is RSA
>
> - Certificate used for encryption identified using SKI, symmetric
> encryption algorithm is tripple DES, encyrption key
> generated using a
> random generator and is encrypted using private key linked to the
> certificate, algorithm used here is RSA
>
> Response flow: same actions and attributes as for request
>
> System:
> Hardware: AMD Athlon64 3000, 1GB Main mem
> Software: Linux (SuSe 9.2), Java J2SE JDK 1.4.2_07
>
> Test setup:
> Standalone Axis client using WSDoAllSender / WSDoAllReceiver
> SimpleAxisServer as server using WSDoAllSender / WSDoAllReceiver
>
> During the test the system was not empty, but no heavy active task
> were running. However, some time-spikes arise from other system
> activities.
>
> Test run:
> One "Warmup run" request/response, then 20 timed
> request/response pairs,
> several test runs using this test setup.
>
> Several timeing points are used to get information about each step of
> the request and response processing.
>
> No real time clock available, thus using the standard system clock.
> This may result in time deviations.
<SNIP ---- SNAP>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
